The ePO administrators have already tuned and configured dynamic application containment rules within the policy. In which of the following ways will dynamic application containment protect against malware once enforcement is enabled?
A.
The scan engine will learn the behavior of the application and send up to GT1 for analysis, and then receive an action to block all actions from the application's process.
B.
If an application's reputation is below the threshold while triggering a block rule and is not an excluded application, malicious behavior of the application will be contained.
C.
The ENS client will receive the reputation as "highly suspicious" from either the McAfee GTI or TIE server, and then immediately uninstall the application on the system.
D.
The adaptive threat protection scanner will send the file automatically to a preconfigured "Sandbox" folder and analyze the application for malicious features before use.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit