Siumot 0 Posted February 28 Posted February 28 What could be the reason that some detections do not have SHA-1 calculated? Also in these cases the Signature type and Signer Name are Unknow - the print screen below is for "powershell.exe", which triggers the rule [E0309]. For some events of this type, the SHA-1 calculation is correct, but for some it is empty and I cannot find the reason. I thought we had a compromised version of powershell.exe, but when manually verifying the file from computers, it's ok. Any ideas?
Administrators Marcos 5,468 Posted February 28 Administrators Posted February 28 If the problem occurs with the latest version 2.0.3549, please raise a support ticket for further investigation.
Siumot 0 Posted February 29 Author Posted February 29 Yes, this is exactly this version. Ok, I'll report it to support. Thanks.
Recommended Posts