Turn on threat file hash logging

This policy setting allows you to configure whether or not the the file hash (SHA1) of any detected threat files is recorded in the event log for additional research and correlation with other threat streams.

When a threat file is detected and hash logging is enabled, EventID 1120 is recorded in the System log.

If you enable this setting, the threat file hash logging is enabled and events will be recorded.

If you disable or do not configure this setting, threat file hashes will not be recorded to the event log.

Supported on: At least Windows Vista

Registry PathSoftware\Policies\Microsoft\Microsoft Antimalware
Value NameThreatFileHashLogging
Enabled Value1
Disabled Value0


Administrative Templates (Computers)