This policy setting allows you to configure whether or not the the file hash (SHA1) of any detected threat files is recorded in the event log for additional research and correlation with other threat streams.
When a threat file is detected and hash logging is enabled, EventID 1120 is recorded in the System log.
If you enable this setting, the threat file hash logging is enabled and events will be recorded.
If you disable or do not configure this setting, threat file hashes will not be recorded to the event log.
| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | Software\Policies\Microsoft\Microsoft Antimalware |
| Value Name | ThreatFileHashLogging |
| Value Type | REG_DWORD |
| Enabled Value | 1 |
| Disabled Value | 0 |