Is there a way to block a file by hash without actually having the file? This was trivial in server 2003 software restriction policies. I could paste a hash into a rule, and it did it's job. Now it appears that I need to have the file
to calculate the hash. This won't work in my scenario, as I am trying to block a particular piece of malware who's hash is known, but I don't actually have an instance of the file itself. I can't seem to do this with software restriction policies
or applocker.
↧