App Control: Why Doesn't This SHA256 Hash Match the Hash in the Console?
App Control: All Supported Versions
Why does this SHA256 hash not match the data in the Console?
Some files change their hash every time they are installed because they include date, location, or other context-specific information not relevant for tracking purposes. For files known to do this, App Control uses a special fuzzy hashing algorithm that eliminates this extraneous variation, and so shows every instance of such files on computers running App Control Agents to be identical. When this algorithm has been used, the hash is identified as "SHA-256 (Normalized)".
If the notifier message does not contain an MD5 we use the SHA instead, this can sometimes lead to a discrepancy between whats seen in external events and the notifier.
In the case of external events we use MD5 by default. If an MD5 is not included we fall back on the SHA256 hash.