When SEP (Symantec Endpoint Protection) detects a risk, a hash value is usually (but not always) generated and provided in the detection event details.
Missing hash value in SEP risk detection event details.
Files where the path which is unavailable for some reason (file locked or in use), or that are Linux files as indicated by the forward slash (/) in the file path, or files stored in archival format (e.g. a compressed file), do not generate hash values in risk detections.
SEP is functioning as designed. The absence of hash generation in SEP Mac and Linux detections should be addressed in a future version of SEP 14.
ID: 3971806, 3976187, 3976189
Mac and Linux file security events are dropped by ATP given they are missing SHA2 hashes. Etrack hierarchy 3971806, 3976187, 3976189
Subscribing will provide email updates when this Article is updated. Login is required.