SSM....checksums don't match

Discussion in 'other security issues & news' started by Rainwalker, Jul 1, 2006.

Thread Status:
Not open for further replies.
  1. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Greetings...........SSM is informing me that checksums don't match...i understand an update to a program would do this...what i don't understand is what i am supposed to do about the warning....i realize i can have SSM recalculate the hash, but what, if any, security does that provide.....and does the checksum monitor automatically serve to inoculate these files against virus infection; that is, without my doing anything....
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Rainwalker,
    This would indicate you have allowed an update, or possibly run another security program that may change the state of the program concerned, or allowed a program to run that has made this change. If you have not/knowingly made any changes/update, this could show signs of a problem.
    You would need to review what you have recently allowed to run/install/update that may cause this change.

    Which program is SSM alerting to the change?
     
  3. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Yes Stem, i understand that.............for which event do i allow logging for or do you know a better way to determine where this md5 mismatch is..
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    There is no logging for checksums.
    A checksum is created the first time an application/file is added to the rules. This is basically an integrity check to ensure that the next time the application is run, that it is in fact the same application. When an application is run again, a checksum is created and checked against the stored checksum for that application, if they do not match, then there as been a change in that application, and SSM is informing you of this.
    (If there is a MD5 mismatch for an application/file, then the application/file as been changed or replaced)
     
Loading...
Thread Status:
Not open for further replies.