SSM....checksums don't match

Greetings...........SSM is informing me that checksums don't match...i understand an update to a program would do this...what i don't understand is what i am supposed to do about the warning....i realize i can have SSM recalculate the hash, but what, if any, security does that provide.....and does the checksum monitor automatically serve to inoculate these files against virus infection; that is, without my doing anything....

 

Hi Rainwalker,

This would indicate you have allowed an update, or possibly run another security program that may change the state of the program concerned, or allowed a program to run that has made this change. If you have not/knowingly made any changes/update, this could show signs of a problem.
You would need to review what you have recently allowed to run/install/update that may cause this change.

Which program is SSM alerting to the change?

 

Yes Stem, i understand that.............for which event do i allow logging for or do you know a better way to determine where this md5 mismatch is..

 

There is no logging for checksums.
A checksum is created the first time an application/file is added to the rules. This is basically an integrity check to ensure that the next time the application is run, that it is in fact the same application. When an application is run again, a checksum is created and checked against the stored checksum for that application, if they do not match, then there as been a change in that application, and SSM is informing you of this.
(If there is a MD5 mismatch for an application/file, then the application/file as been changed or replaced)