Error "Unsupported expression" is returned for Endpoint searches for MD5 hashes
search cancel

Error "Unsupported expression" is returned for Endpoint searches for MD5 hashes

book

Article ID: 219207

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

You got an error message "Unsupported_Expression" in Endpoint Activity Recorder by performing and Endpoint search with below query

- file.md5:<md5_hash>

Cause

Symantec EDR supports searches for PE and non-PE files. For Endpoint Activity Recorder searches, Symantec EDR only supports searches that are for SHA2.

Resolution

EDR is working by design.

Powered by Wolken Software