yes, but sha256 will be your 2nd choice of option to enable however if you are sure there are many fixlet/task which dont have sha256 will be surely impacted hence just go with enhanced security but dont enable sha256 option till the time you are not done with such type of fixlet/tasks.
Point to remember if anyone have created any fixlet/task with the help of software distribution wizard & not manual uploaded files then those are secure ones because whenever you use SD wizard it will always going to create both values.
You can use custom filter look into fixlet/task which dont contain sha256 & that should be main focus point to resolve.
The prefetch pulls the file and validates the sha256 and then names the file to 80fb54a6645727d3d26c7913113df57688f9f955 .
The extract is just extracting the file with the name 80fb54a6645727d3d26c7913113df57688f9f955.
We are not doing any calculations or validations with that file name, which happens to be the sha1 of the file as well. if you changed that name to something else, like bob, the action script would still work the same.
prefetch bob sha1:80fb54a6645727d3d26c7913113df57688f9f955 size:5057 http://site:52311/Uploads/80fb54a6645727d3d26c7913113df57688f9f955/testing.txt.tmp sha256:bccbc9d3ec7ddb5393109a5a6a055b3b49ba54cd175f14731938b8cc9f671fd3
extract bob
wait __Download\testing.txt
Use of sha1 in the file name is cosmetic in that part of the action script.
Does the \Program Files (x86)\BigFix Enterprise\BES Server\UploadManagerData\BufferDir\sha1 folder name change to \Program Files (x86)\BigFix Enterprise\BES Server\UploadManagerData\BufferDir\sha256 after you turn on enhanced security?