ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Searches for one hash value in ATP Manager resulted in the listing of many different files.


Article ID: 169639


Updated On:


Advanced Threat Protection Platform


When users search for a specific hash value (MD5 value bd2103035a8xxx2390a78a431ba0c4 OR SHA256  value ceec12762e66397b56dad64fd270xxxb9cd665354383c0626dbab01), ATP returned many different files that were not associated with that hash.


For a very specific type of BASH events, ATP incorrectly mapped the above dummy hash to the file associated with the event.  This resulted in search results  against that hash to include inaccurate, unrelated files.


This issue is resolved in ATP 3.0.  However, this issue will continue to occur on ATP databases prior to 3.0.