How to submit hashes to see if Endpoint Protection (SEP) covers the threat

book

Article ID: 192971

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Threat Alerts often contain hashes to distinguish the source of the threat. The Virus Total website provides data on what threats are covered by most threat protection vendors, including Symantec Endpoint Protection (SEP).

Resolution

To see if SEP covers a specific hash (threat), follow these steps:

  1. Go to Virus Total's Website.
  2. Paste in the provided hash in the search field and press Enter or click the magnifying glass icon.
  3. Search in the results for Symantec to see if it is covered. The name that we detect it as, such as Trojan.horse, indicates we cover the threat.
  4. If no results are found, typically the hash is not public or is a sha1 hash and detection data is not public.