Searches for one hash value in ATP Manager resulted in the listing of many different files.

book

Article ID: 169639

calendar_today

Updated On:

Products

Advanced Threat Protection Platform

Issue/Introduction

When users search for a specific hash value (MD5 value bd2103035a8xxx2390a78a431ba0c4 OR SHA256  value ceec12762e66397b56dad64fd270xxxb9cd665354383c0626dbab01), ATP returned many different files that were not associated with that hash.

Cause

For a very specific type of BASH events, ATP incorrectly mapped the above dummy hash to the file associated with the event.  This resulted in search results  against that hash to include inaccurate, unrelated files.

Resolution

This issue is resolved in ATP 3.0.  However, this issue will continue to occur on ATP databases prior to 3.0.