logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Carbon Black Cloud: Why are MD5 Hash Values Included in Some Event Data?

Carbon Black Cloud: Why are MD5 Hash Values Included in Some Event Data?

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Endpoint Standard Sensor: All Supported Versions
  • Carbon Black Cloud Enterprise EDR Sensor: All Supported Versions

Question

Why are MD5 hash values included in Event and Alert data in the Console when the policy option "Hash MD5" is unchecked?


Answer

  • Customers with Enterprise EDR will always hash MD5. 
  • Customers with Endpoint Standard + Enterprise EDR will see that MD5s are hashed even with the policy setting unchecked.
  • Customers with Endpoint Standard only should not see MD5 hashes when this option is unselected if seen please reach out.

Additional Notes

  • The Hash MD5 option will prevent the Sensor from calculating MD5 hashes when the calculation will affect a process at startup; otherwise, MD5 hashes will still be calculated.
  • The Hash MD5 option will not affect hash calculations that occur after a process has started and the Sensor has performed initial reputation look ups 
  • For environments with Endpoint Standard and Enterprise EDR, Enterprise EDR data will always generate the MD5 hash regardless of the policy settings

Was this article helpful? Yes No
50% helpful (1/2)
Article Information
Author:
CB_Support
Creation Date:
‎04-09-2019
Views:
1179
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.