View Hash Details About a File Using Cytool
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
View Hash Details About a File Using Cytool
Using Cytool, you can identify hash information
about files inside of DLLs, drivers, and other portable executable
(PE) files. For each file, Cytool displays the path, file size in
bytes, and file hash using SHA256 encoding. If the file is a PE,
Cytool also displays information about the target PE inside the
file including file size, architecture type (i386 or x64), platform
(for example, Win32 GUI, Win32 Console, or NT native), and hash
value. After you identify the hash associated with the target file,
you can manage Hash Control from the ESM
Console or you can add the hash to an SFX whitelist in the database.
Use
the cytool image “<filepath>\<filename>” to
identify hash information about a file.
- Open a command prompt as an administrator and navigate to the Traps folder (see Access Cytool).
- To view hash details about a file, use the cytool
image “<filepath>\<filename>” command. For example,
the following output displays information about iexplorer.exe.
C:\Program Files\Palo Alto Networks\Traps> cytool image “C:\Program Files\Internet Explorer\iexplore.exe” Image Information Location: C:\Program Files\Internet Explorer\iexplore.exe Size: 795.20 KB (814280 bytes) File SHA256: 1130c581e0e88111ec02d09ab4fc1f6d532f762c9339c7d54abaf8f43c796fe5 Architecture: x86-64 Subsystem: Windows GUI PE Size: 780.00 KB (798720 bytes) PE SHA256: 79dc738ce785befcc315d004e15f2748ffd967eede830c4f9f0a59a5f6902203