Tag: Error detection and correction
block any files by hash
About SEP 14.2 RU1 MP1, could be possible to block any file, using the file’s hash?
In fact. I need, to be able to block files by hash regardless of the file type.
Related:
Failed to download package: Bad Hash (0x80090002)
I created an MSI and added it to a new software release. I distributed it to all the site servers and deployed it to 3 computers along with my test computer. I had to change the MSI later on, so I had to rebuild it. I deleted the msi from the Software Library via the GUI and added my modified version. I re-distributed the package again. I normally run a SQL query to see if the package is ready:
SELECT rrsp.Name,sps.Status,vc.Name FROM RM_ResourceSoftware_Package rrsp
JOIN SWDPackageServer sps ON sps.PackageId = rrsp.Guid
JOIN vComputer vc ON vc.Guid = sps.PkgSvrId
WHERE rrsp.Name like '<%Package name%>'
order by rrsp.Name
When I deployed it to my test machine again I got the message in the logs:
PackageDownload AeXPackageDelivery.dll AeXNSAgent.exe Failed to download package ‘{55555-3333-6666-7777-abcdefabcdef}’ from: \<SoftwareLibraryShare>55555-3333-6666-7777-abcdefabcdef, local blocks: 0/1, error: Bad Hash (0x80090002)
PackageDownload AeXPackageDelivery.dll AeXNSAgent.exe Failed to download package ‘{55555-3333-6666-7777-abcdefabcdef}’ from: https://ns.domainname.com/Altiris/PackageShare/pkg…, local blocks: 0/1, error: Bad Hash (0x80090002)
I checked the sig and snapshot for that package on the NS and matched it with the same package on the package server. They both matched, but when I checked the same data on the endpoint via C:Program FilesAltirisAltiris AgentAgentsSoftwareManagementSoftware Delivery{55555-3333-6666-7777-abcdefabcdef}, everything is from the first time I deployed the MSI. Also, when the file gets downloaded, the MSI has 0 bytes and the task fails because it took longer than expected. I deployed it throughout the day and still the same issue. If I deploy it to a computer that never had the software, it deploys just. Any insight as to why this is happening and how to resolve it?
I have tried to delete the folder struction where the MSI is downloaded to and also deleted the whole folder C:Program FilesAltirisAltiris AgentAgentsSoftwareManagementSoftware Delivery{55555-3333-6666-7777-abcdefabcdef}. I noticed when I did that the folder {55555-3333-6666-7777-abcdefabcdef} never regenerates in C:Program FilesAltirisAltiris AgentAgentsSoftwareManagementSoftware Delivery.
Related:
Unable to add SHA256 hash values in application & device policy
Hi
We are unable to add SHA256 hash values in application & device policy.
Please provide solution for the same.
Related:
Virus And Risk Detection ,C:WindowsCSCv2.0.6namespace
Virus And Risk Detection everday for few of my client and later it is pointing to my shared drive.
Any solution?
Filename: C:WindowsCSCv2.0.6namespaceserver01Shareddrive01 | ||
Hash Type / File Hash: SHA-256 881C47FA638E064319BF2B2BC56663CE3D40B4416C7DDE8B1B19204EFB81ABCD |
Related:
I need a solution where i can block bulk of HASH files using xls or notepad.
Hello Everyone,
Is there anyway to block list of HASH files in ADC policy using txt file. Its difficult to manually block one by one so please let me know if we can export the file to block all the hashes.
Related:
sql injection vulnerable code even we are sanitizing the input mysql_real_escape_string – Stack …
Related:
SEP 15 – file hash calculated incorrectly
Just started to test SEP 15, and installed it on my test machine using the default policy.
It identified a file, NTOSKRNL.EXE, with the following filehash:
5379732000000000000000000000000000000000000000000000000000000000
This hash is not correct, as using the powershell get-filehash command provides this instead:
C732B1DD3480285B6666641BC417A0C897884331229F47B055B79A9E42DF4282
Which is a known file on VT. Any idea why Symantec’s hash calculation would be incorrect? Or what I should do next?