CB Defense: Upload Reputations Function Fails For Non-SHA256 Hashes
search cancel

CB Defense: Upload Reputations Function Fails For Non-SHA256 Hashes


Article ID: 286325


Updated On:


Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)


When using the bulk Upload Reputations function:
1. The reputations from the uploaded CSV do not appear on the reputation page
2. When viewing the Uploaded History you receive an Error message under the Status column


  • PSC Console: All Supported Versions


The Upload Reputations function requires SHA256 hashes


  • Verify the csv is properly formatted with no column headings in this format: [WHITE_LIST, BLACK_LIST],SHA256,HASH,Description, Name
  • Use only SHA256 hashes

Additional Information

The exact error message can be seen by using developer tools and capturing a HAR file as described here:

When using the developer tools:
1. On the Enforce => Reputation => Upload => Upload History page
2. Open the developer tools 
3. Reload the page
4. Select the Network tab
5. Select Preview
7. Select one of the Numbered lists that match the Uploaded History list
8. Look for an errorMessage equal to either:
errorMessage: "Indicator Type SHA1 is invalid at line: [%]"
errorMessage: "Sha256Hash %a_hash_value% should be of length: 64 at line: [%]"

Here is a screenshot of what this will look like using Chrome developer tools:
Developer console SHA256 errors

Verify your hash lengths. For example here are the hashes for a version of Powershell.exe:
MD5 [32 char]: 852d67a27e454bd389fa7f02a8cbe23f
SHA1 [40 char]: 5330fedad485e0e4c23b2abe1075a1f984fde9fc
SHA256 [64 char]: a8fdba9df15e41b6f5c69c79f66a26a9d48e174f9e7018a371600b866867dab8