You are wondering, if DCS can display file hash values in IPS events: when a file is blocked, display the hash value of the file being blocked or, display the hash value of the acting process.
The Intrusion Detection system (IDS) of DCS is capable of reporting on MD5 and SHA256 values so can IPS do it as well?
DCS Agent installed on a Windows operating system with Intrusion Prevention System (IPS) enabled.
DCS only collects hashes for IDS FileWatch events to say if a file has changed.
In IPS, we can use the hash value to specify if a process is allowed to run but these values are supplied by the customer.
Additionally, running a hash check against all files monitored by IPS policy would be a very resource-intensive task. It would excessively impact the system and not allow DCS to run leanly.