What does ThreatLocker use to profile drivers?

ThreatLocker uses the hash of the file to profile drivers because file hashing is a reliable method of ensuring file integrity and authenticity. A hash function generates a unique string of characters (the hash) based on the contents of the file. This means even a slight change in the file will result in a completely different hash value. By using hashes, ThreatLocker can accurately identify and manage drivers, distinguishing between safe and potentially harmful software. This approach provides a strong defense against malicious modifications or tampering, as it is based on an unalterable representation of the file's data.

In comparison, factors such as the name or version number of the driver may not be unique or could be easily spoofed, while the size of the driver file does not sufficiently account for the content's integrity. Thus, relying on the hash of the file ensures a more robust and secure method for profiling drivers.