Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Endpoint Standard Sensor: All Supported Versions
- Carbon Black Cloud Enterprise EDR Sensor: All Supported Versions
Question
Why are MD5 hash values included in Event and Alert data in the Console when the policy option "Hash MD5" is unchecked?
Answer
- Customers with Enterprise EDR will always hash MD5.
- Customers with Endpoint Standard + Enterprise EDR will see that MD5s are hashed even with the policy setting unchecked.
- Customers with Endpoint Standard only should not see MD5 hashes when this option is unselected if seen please reach out.
Additional Notes
- The Hash MD5 option will prevent the Sensor from calculating MD5 hashes when the calculation will affect a process at startup; otherwise, MD5 hashes will still be calculated.
- The Hash MD5 option will not affect hash calculations that occur after a process has started and the Sensor has performed initial reputation look ups
- For environments with Endpoint Standard and Enterprise EDR, Enterprise EDR data will always generate the MD5 hash regardless of the policy settings