Hashes for command line tools

Devin_Mahoney · June 24, 2019, 2:24pm

My firewall put out a security alert today. Can anyone confirm the following SHA-256 hashes of the online backup command line tools? They aren’t signed, so it’s hard to tell if they are originals.

28ad826fa4360c8e4e6bc6daf46db8c016bade3e8a066c573cb3e206590bea9f  cbbCommandLine
3c8d7d2f10709839b44a61880c8b375b7229c0efab7deb8a3417b99134a85ed7  cbbLocalManagement
ea8545163add8b00210706c28001bef70bef5677178a1aa853562f9195cd590f  cbbRemoteManagement
6ee84016242730bd5ef3f76ee8edaf72e4d6005d060aa87952b46fb8235a7251  cbbSessionAccess
17ef74f5c4a1c43dbf3cbcaee098013675ac9e6690d8fbf9b9f096dba8d41fa9  cbbUpdater
f4473fa35320d7a19df73073fe841f0ab19d022ffd24917f178b4eca9e5aab1c  cbbWebAccess
5e4c17e777d99d83352e9ab3bbf2e4640b3d1a7dc45ee4833a90a7f29646a7e5  cbbWorker

Anton_Zorin · June 24, 2019, 4:16pm

[reply=“Devin Mahoney;d971”], what firewall are you using?
What is the version of the agent?

Devin_Mahoney · June 24, 2019, 4:25pm

[reply=“Anton Zorin;3451”] Anton, I’m using Online Backup version 2.9.0.112. My firewall is Little Snitch version 4.3.2. The specific alert was that the hash of cbbWorker had changed and it was attempting to make a connection.

Anton_Zorin · July 1, 2019, 8:48am

[reply=“Devin Mahoney;3452”], let’s cross the alert with your logs from the agent. My guess is that your agent’s gotten updated and this is why the hash is different now.
Do you have the exact time when the alert triggered? If you do, then please send logs to our support with the link to this thread in the big field.
Thanks