Perform the following procedure to ban an MD5 hash.

Procedure

  1. On the navigation bar, click Process Search and search for the process.
    See Process Search and Analysis for instructions on searching.
  2. Click the name of the process to ban.
  3. On the Process Analysis page, click Ban this hash.
    Note: This button only appears if the binary is an EXE. DLLs cannot be banned.
  4. The Confirm Banned Hashes page appears and lists this hash, indicates whether it is known, and the number of endpoints at this site on which the hash for this process has been seen.
    The confirm banned hashes page
  5. Add information in the Notes textbox to explain why you banned the hash. This can include a file name, threat report identification, or anything else that is helpful to examine the ban.
  6. Click Ban to ban the hash. The ban is added to the list on the Manage Banned Hashes page, and is enabled. By default, the list is arranged in alphanumeric order by MD5 hash. See Manage Banned Hashes.
    Note: To terminate a hash ban action, click the Trashcan icon to delete the hash from the list. For single-hash-ban operations, click Cancel at the bottom of the page.