Blocked Hashes
Blocked hashes contain a list of executables/hashes blocked by all security products connected to ESET Inspect On-Prem. You can add blocked hashes from executables and executables details, or manually type them.
Hashes only support SHA-1, enabling companies to remediate any malicious code (preventing its execution ex-post or proactively, getting the hashes in an IoC feed).
When an attempt to execute a blocked executable occurs, it is reported as a security incident to ESET PROTECT On-Prem and listed under a specific threats category—blocked files.
The Blocked hashes allow you to interact with the hashes list. It allows blocking hashes from external tools as well.
Click an executable to take further action:
Details |
Go to the Executable details tab. |
---|---|
Statistics |
Go to the Statistics tab. |
Detections |
Go to the Detections tab. |
Seen On |
Go to the Seen On tab. |
Sources |
Go to the Executable sources tab. |
Unblock |
Unblocks the hash and allows it to work with the executable. Available only if blocked hashes are selected. You can select all blocked hashes by selecting the check box on the left side of the Name column header, or you can select individual blocked hashes by selecting the corresponding check box. |
Clean & Quarantine |
Deletes the file and quarantines it in the Endpoint. Available only if a blocked hash is selected. You can select all blocked hashes by selecting the check box on the left side of the Name column header, or you can select individual blocked hashes by selecting the corresponding check box. |
Tags |
Assigns tags to existing blocked hashes, or creates new custom tags. |
Filter |
Show quick filters on the column where you activated the context menu (Show only this, Hide this). |
Add hashes |
Redirects you to the Block Hashes window. |
Do not Block or Kill any Windows system processes or executables, such as svchost.exe. This may cause an operating system crash. |