search cancel

Add custom suspicious hashes to Data Center Security (DCS) policies as an Indicator of Compromise (IOC)

book

Article ID: 175979

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

You wish to prevent access to files with particular custom has values through DCS prevention policies

Resolution

To add custom suspicious hashes to DCS policies which would assist in indicating compromise may be achieved through the prevention policy options -> Global policy options -> (Process Access Control -> No access Process Access control) OR ( File Rules -> No access Resource list).

Edit the above to add & enter the File Hash values. Enter * for program path & apply the prevention policy as desired.