@chinekc, if you look at fixlet named “MS21-JAN: Cumulative Update for Windows 10 Version 20H2 - Windows 10 Version 20H2 - KB4598242 (x64)” in the “Patches for Windows” external site, you will see the following command:
prefetch windows10.0-kb4598242-x64_725aeed030bc68b2d07096503bd26918ac1fe488.msu sha1:725aeed030bc68b2d07096503bd26918ac1fe488 size:420792295 http://download.windowsupdate.com/c/msdownload/update/software/secu/2021/01/windows10.0-kb4598242-x64_725aeed030bc68b2d07096503bd26918ac1fe488.msu sha256:9fa6ddaee62d991ea13640e5c9f3fa3e953a708f83ff99e182a9e2a8438008b4
The prefetch command in the Action Script language automatically enforces the hash check at each landing point (i.e. on BESRelays and BESClients). If you were to create a custom copy of a MS OS update fixlet and manipulate the SHA1/SHA256 and/or SIZE values of the prefetch statement, the fixlet WILL FAIL as part of the validation process that’s intrinsic to the BigFix product.