An Administrator has identified an EPM-triggered false positive and has used the Create Rule button from within the relevant entry in the Security Events > Preventions > Exploits tab. What is the result of the created rule?
Haha, yeah D does sound a bit too perfect. Knowing these exams, they probably want us to find the most specific and targeted solution. I'm leaning towards option B as the best answer.
Hmm, I could see it being option B or C. Stopping all EPM injection on that machine seems plausible, or excluding the endpoint from Traps protection. Although D does sound comprehensive, almost too good to be true.
That's a good point. Maybe the rule is meant to prevent that specific EPM injection from triggering a prevention in the future? Or to exclude that process from Traps altogether?
upvoted 0 times
...
Log in to Pass4Success
Sign in:
Report Comment
Is the comment made by USERNAME spam or abusive?
Commenting
In order to participate in the comments you need to be logged-in.
You can sign-up or
login
Chandra
10 months agoAdelle
10 months agoAudry
10 months agoRory
10 months agoLatonia
10 months agoThersa
10 months agoHoward
10 months agoHoney
10 months agoPercy
10 months agoTegan
10 months ago