SRP - Block hash without providing the file

Question

Hi,

I want to create some rules on the Software Restriction Policies of my domain.

But when I choose to create a new rule based on Hash, it still asks me to provide a file. I have the hashes of the malicious file that I want to deny, but for obvious reasons don't have the file itself.

Is there any way to create a has rule without providing the file itself? It used to work on previous versions of Windows Server, now I'm on 2019 and it doesn't show anymore.

Answer 1

Hi,

As you mentioned above, it is required to provide a file if you use the Hash Rule on the Software Restriction Policies .
Here is a test in my environment:
I new a path role on the n the Software Restriction Policies and put the name only into the path as following:

After i updated the policy with command :gpupdate /force , it worked.

If you know the name and the file type of the malicious file, it may worth a try.
Best Regards,

Answer 2

Hi,

So if I want to block a malware, I need to download the malware (which is kinda risky) so Windows can generate the hash by itself, even when I have the hash provided by other users?

Until 2008 I could manually insert the hash. So is definitely not other way to do it?

Thanks for your help.