The table below shows the designated list of "Match using" methods in the Add or Edit Rule screen.
| Match using | Description | |
|---|---|---|
SHA-1 Hash based | Known applications dynamic search | Match is based on Certified Safe Software List (CSSL) pattern and Endpoint Inventories. |
| Certified Safe Software List | Match is based on CSSL pattern only. | |
| SHA-1 hash values | Match is based on file’s SHA-1 Hash value. | |
Non SHA-1 Hash based | File paths | Match is based on File and Folder paths. |
| Certificates | Match is based on File’s Digital Certificate. |
The methods under “SHA-1 Hash based”, match the file’s SHA-1 hash values. If the rule matches application(s) with several files, it may have an impact to network usage during data transfer. On the other hand, a rule that uses “Non SHA-1 Hash” method is much lighter because there is no need for the agents to download SHA-1 Hash values when applying the rule.
For rules that use SHA-1 Hash value "Match using" method, you can lessen the impact to network usage by setting the Hash Value Deployment to Partial.
Click image to enlarge.
The difference between Partial and Full is briefly explained below:
- Partial - Only hash values that match installed applications on target endpoint. In the table below, only msinfo32.exe and 7z.exe file hashes in the Rule Match will be deployed to the agent when applying the rule.
Rule Match
Filename (SHA-1 Hash Value)Agent Inventory and Installed Application
Filename (SHA-1 Hash Value)SHA-1 Hash Value
Match Result“Partial” Hash Deployment
(Downloaded SHA-1 Hash Values)msinfo32.exe (8376ADAE56D7110BB033
3EA8278486B735A0E33D)msinfo32.exe (8376ADAE56D7110BB033
3EA8278486B735A0E33D)Matched (8376ADAE56D7110BB033
3EA8278486B735A0E33D)7z.exe (4F0F25640E5376AA7FC3
D0DF4C39082AE4D8A643)Renamed_7z.exe (4F0F25640E5376AA7FC3
D0DF4C39082AE4D8A643)Matched (4F0F25640E5376AA7FC3
D0DF4C39082AE4D8A643)iexplorer.exe (2AA859F008FAFBAEFB57
8019ED0D65CD0933981C)iexplorer.exe (8C11BDF0FF609FD44C9A
1533CDCCCC263B2BACE)DO NOT Match - Installer.exe (F5D1C8F23E9838181091
9DD63CF32D385F9500B5)- NO Match - In both Allow and Block rule, the agent can only take action to matched files. This means that the Allow or Block rule is carried out on msinfo32.exe and 7z.exe when executed, but not on iexplorer.exe and Installer.exe. - Full - All hash values are deployed to the agent. In the table below, the “SHA-1 Hash Value Match Result” is ignored. Therefore, all file SHA-1 Hash values in the “Rule Match” will be deployed to the agent when applying the rule.
Rule Match
Filename (SHA-1 Hash Value)Agent Inventory and Installed Application
Filename (SHA-1 Hash Value)SHA-1 Hash Value
Match Result“Full” Hash Deployment
(Downloaded SHA-1 Hash Values)msinfo32.exe (8376ADAE56D7110BB033
3EA8278486B735A0E33D)msinfo32.exe (8376ADAE56D7110BB033
3EA8278486B735A0E33D)Ignore (8376ADAE56D7110BB033
3EA8278486B735A0E33D)7z.exe (4F0F25640E5376AA7FC3
D0DF4C39082AE4D8A643)Renamed_7z.exe (4F0F25640E5376AA7FC3
D0DF4C39082AE4D8A643)Ignore (4F0F25640E5376AA7FC3
D0DF4C39082AE4D8A643)iexplorer.exe (2AA859F008FAFBAEFB57
8019ED0D65CD0933981C)iexplorer.exe (8C11BDF0FF609FD44C9A
1533CDCCCC263B2BACE)Ignore (2AA859F008FAFBAEFB57
8019ED0D65CD0933981C)Installer.exe (F5D1C8F23E9838181091
9DD63CF32D385F9500B5)- Ignore (F5D1C8F23E9838181091
9DD63CF32D385F9500B5)
Setting the rule to full hash value deployment requires careful planning as it may impact the network during policy deployment.
For further information, refer to the KB article on the Average bandwidth consumption of AC Agents when connecting to the server.