Collecting file checksums

Available from 9.2.3. Checksums are long strings that describe the content of files and act as their fingerprints. You can enable the calculation of checksums for files on your computers to check their integrity and to ensure that they were not altered or tampered with.

In general, checksums are used to ensure safe transmission of files between devices, or across the Internet. In the latter case, after downloading a file, you can calculate its checksum and then compare it to the original checksum that was published together with the download. If both checksums match, you know that your download is exactly the same as the published source file, and that it is secure. Otherwise, there was some data loss or alteration, which means that the file was corrupted, either by accident or intentionally.

In BigFix Inventory, checksums are calculated during the file system scan and are created for each file that is discovered by the scan. In other words, apart from collecting usual information about files, such as their version or size, the scanner also collects information about their checksums. The checksums can then be viewed in the user interface or retrieved by using REST API, and compared to the checksums of known virus signatures or malware to ensure that none of such files is present in your environment. If any of the collected checksums finds a match in the database of corrupted checksums, there is a high probability that the file associated with this checksum is not secure, and presents a potential security breach.

Checksums in BigFix Inventory can be calculated by using two hash functions, MD5 and SHA-256. The choice of either of these should depend on the database of corrupted checksums that you own, and that you can compare with checksums collected by the scan.