An Administrator has identified an EPM-triggered false positive and has used the Create Rule button from within the relevant entry in the Security Events > Preventions > Exploits tab. What is the result of the created rule?
Haha, yeah D does sound a bit too perfect. Knowing these exams, they probably want us to find the most specific and targeted solution. I'm leaning towards option B as the best answer.
Hmm, I could see it being option B or C. Stopping all EPM injection on that machine seems plausible, or excluding the endpoint from Traps protection. Although D does sound comprehensive, almost too good to be true.
That's a good point. Maybe the rule is meant to prevent that specific EPM injection from triggering a prevention in the future? Or to exclude that process from Traps altogether?
upvoted 0 times
...
Log in to Pass4Success
Sign in:
Report Comment
Is the comment made by USERNAME spam or abusive?
Commenting
In order to participate in the comments you need to be logged-in.
You can sign-up or
login
Chandra
8 months agoAdelle
7 months agoAudry
7 months agoRory
8 months agoLatonia
8 months agoThersa
8 months agoHoward
8 months agoHoney
8 months agoPercy
8 months agoTegan
8 months ago