SRP - Block hash without providing the file

Ruber Linden 61 Reputation points
2020-11-09T18:09:15.983+00:00

Hi,

I want to create some rules on the Software Restriction Policies of my domain.

But when I choose to create a new rule based on Hash, it still asks me to provide a file. I have the hashes of the malicious file that I want to deny, but for obvious reasons don't have the file itself.

Is there any way to create a has rule without providing the file itself? It used to work on previous versions of Windows Server, now I'm on 2019 and it doesn't show anymore.

Windows for business Windows Client for IT Pros Directory services Active Directory
Windows for business Windows Server User experience Other
Windows for business Windows Client for IT Pros User experience Other
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Anonymous
    2020-11-10T07:53:40.033+00:00

    Hi,

    As you mentioned above, it is required to provide a file if you use the Hash Rule on the Software Restriction Policies .
    Here is a test in my environment:
    I new a path role on the n the Software Restriction Policies and put the name only into the path as following:
    38667-11102.jpg
    After i updated the policy with command :gpupdate /force , it worked.
    38668-11103.jpg

    If you know the name and the file type of the malicious file, it may worth a try.
    Best Regards,

    0 comments No comments

  2. Ruber Linden 61 Reputation points
    2020-11-10T14:31:46.68+00:00

    Hi,

    So if I want to block a malware, I need to download the malware (which is kinda risky) so Windows can generate the hash by itself, even when I have the hash provided by other users?

    Until 2008 I could manually insert the hash. So is definitely not other way to do it?

    Thanks for your help.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.