An Administrator has identified an EPM-triggered false positive and has used the Create Rule button from within the relevant entry in the Security Events > Preventions > Exploits tab. What is the result of the created rule?
D) The new rule will include the EPM that raised the prevention, the process that triggered the prevention, the machine on which the prevention was triggered, and a descriptive name for the rule.
Okay, I'm leaning towards A. If the admin is trying to address a false positive, they probably want to stop all EPM injection into the faulted process, right?
I'm going with D. The rule should include all the relevant details like the EPM, process, machine, and a descriptive name. Seems like the most comprehensive option.
Hmm, I think the answer is B. The new rule should stop all EPM injection into processes on the machine where the prevention was triggered, not just the faulted process.
Marisha
4 months agoViki
3 months agoArt
4 months agoKayleigh
4 months agoTarra
5 months agoKenneth
5 months agoBeatriz
4 months agoBarbra
4 months agoSalley
4 months agoHyman
5 months agoDalene
5 months agoCarmen
5 months agoTran
4 months agoMel
4 months agoCassandra
5 months agoHyman
5 months ago