Forum Discussion

Jonatan Kragh Hovgaard's avatar
Jonatan Kragh Hovgaard
Copper Contributor
Jun 22, 2023

EnableFileHashComputation

I am confused by the "EnableFileHashComputation" setting. Should it be on or off? I found an article at Tenable.com, where they suggest/recommends this feature to be turned on. If so, why is it not turned on by default. I understand that enabling the feature can be resource intensive. I was actually troubleshooting a performance issue with a customer, where I noticed that turning this on would actually improve performance when working with the same files multiple times from the same client.

 

Are you using this feature?

 

18.9.45.5.1 Ensure 'Enable file hash computation feature' is s... | Tenable®

Security baseline (DRAFT): Windows 10 and Windows Server, version 2004 - Microsoft Community Hub

 

  • jbmartin6's avatar
    jbmartin6
    Iron Contributor
    It is confusing, this forum is for MS Defender for Endpoint, which is not the same as Microsoft Defender Antivirus. That said, MDE logs file hashes for process created events through some other mechanism (we are using MDE but do not have this MDAV setting turned on.) and we have not seen any ill effects. Other host level AV type tools or EDRs like Microsoft's own Sysmon also do hash calculation. So hard to see how turning this on in MDAV could be any different. If you have intensive software development work, it is probably already given an MDAV exclusion anyway, so in practice that particular risk is mostly moot.

Resources