Some files include date, location, or other context-specific information not relevant for tracking purposes. For file types known to do this (such as MSI files) App Control will use a unique Fuzzy Hashing Algorithm that eliminates this variation. When this algorithm has been used, the SHA-256 hash is identified in the Console as "SHA-256 (Normalized)". This algorithm will affect Global and Local Approvals of a SHA-256 Normalized file in two ways:
- Importing SHA-256 hashes that contain MSI files from another source may result in the associated File Rule becoming ineffective in App Control.
- The Agent hashes the whole file for MD5 and SHA-1 values, which could contain the context-specific information. The resulting MD5 or SHA-1 hash may be unique for each machine it is created on, and a File Rule that relies on this value may become ineffective in App Control.
Due to these issues; the best practice for Approving or Banning the hash of an MSI file is to use the SHA-256 (Normalized) hash created by App Control. Other hash types, and hashes imported from elsewhere, should be avoided.