Comodo Help
Find the desired product help
Xcitium EDR

Xcitium EDR

Comodo EDR Quick Start Guide

English

Print Help Download Help
Comodo EDR - Quick Start > Step 8 - Analyze Files By Their Hash Values
  • Comodo EDR - Quick Start
    • Step 1 - Login To EDR
    • Step 2 - Add Endpoints To EDR
    • Step 3 - Manage EDR Policies
    • Step 4 - View Events Details On Endpoints
    • Step 5 - View Alerts
    • Step 6 - Analyze Events
    • Step 7 - Investigate Events On Computers
    • Step 8 - Analyze Files By Their Hash Values
    • Step 9 - View Process Timeline Of Events

Step 8 - Analyze Files by their Hash Values

 

  • A hash search lets you locate files by their MD5 or SHA-1 hash value. Visibility, execution trend, file history and execution summary are listed for each file.
  • Unlike the 'Event' and 'Computer' interfaces, you cannot simply search for a hash. You must either
  • (i) Copy and paste a hash value from the dashboard, detection or event search interfaces, or
  • (ii) Click a hash-value link in the dashboard or 'Computer Search' screens. This will auto-populate the search interface.
  • Click 'Investigation' on the left then 'Hash Search' to open the interface

 




  • By default, the screen will be blank
  • Enter the hash value of the file you wish to analyze. Hash values of malware and safe files can be copied from various interfaces such as:
  • 'Dashboard' > 'Malware & Suspicious Activity' tile > under 'Most Found Malware' and 'Last Found Malware'
  • 'Detection' > in the 'Sha1' column
  • 'Investigation' > 'Event Search' > in the 'Process Hash' column
  • Click a hash value on any of the screens above to automatically populate the search box here.
  • Use the time-range drop-down to show event information for a specific date range (applies to 'Execution Summary', 'Download Summary', 'Creation Summary' and 'Execution Trend' tiles)

Results are shown below the search box:




The results screen shows the following details about the file:

  • File Trajectory - The movement of the file - where it was downloaded from, where it was copied to, and so on.
  • Execution Summary - Devices on which the file was executed. Details include the file path and the number of times it was executed.
  • Download Summary - Which endpoints the file was downloaded to ('Entry Point'), the URL it was downloaded from, and the number of times it was downloaded.
  • Creation Summary - Endpoints on which the file created processes, and the file location.
  • Execution Trend – The number of times the file was executed during the selected period. Zoom into specific hours by dragging any point on the graph.

See 'Hash Search' if you need more help with this.

Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Ransomware Prevention
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2024. All rights reserved.