Houston Security User Group

 View Only

  • 1.  Using the VIE Tool in conjunction with Insight Cache Server

    Posted Feb 12, 2013 05:21 PM

    A question from our Security Enginneer dealing with the VIE & INSIGHT CACHE Server:

    When the VIE vietool. C: --generate --hash it sets a file attribute and sends hash values to the SIC.

    Why would you want to use --hash to send to the SIC when the attribute should stop it from being further analyzed.

    His concern is wasting cache space and redundant file exceptiosn and how to best utlize the space in the cache.

     

    Is this a valid question?

     

     

     

     

     

     

     
     
     
     
     
     


  • 2.  RE: Using the VIE Tool in conjunction with Insight Cache Server

    Posted Feb 12, 2013 05:25 PM

    If the hash changes, it means the file has been modified in some way (possibly compromised or tampered with by malware).



  • 3.  RE: Using the VIE Tool in conjunction with Insight Cache Server

    Posted Feb 12, 2013 06:28 PM

    As per http://www.symantec.com/docs/TECH172218  - the hash is being send to SIC only when the -hash attribute is being used. By default for the files marked as clean the hash is not being forwarded to SIC. As mentioned by Brian this informaiton may be useful if the hash changes.