After restoring the file, hash value get change
search cancel

After restoring the file, hash value get change

book

Article ID: 409038

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security

Issue/Introduction

After successfully restoring the quarantine file using ./sav quarantine -r <ID>, we discover the SHA-256 was changed from its original hash before quarantine.

Environment

RHEL version 8.10

SEP: 14.3 RU9

Cause

It appears there is a flaw in the quarantine and restore functionality that is causing file corruption. The primary issue was that the function was unreliable and could silently corrupt files. This was caused by a combination of a flawed encryption algorithm, fragile logic for handling the encryption key, and insufficient error checking for file operations.

Resolution

Issue fixed in sdcss-6.10.0-9670

Powered by Wolken Software