350-701 · Question #303
A company discovered an attack propagating through their network via a file. A custom file policy was created in order to track this in the future and ensure no other endpoints execute the infected fi
The correct answer is C. Upload the hash for the file into the policy. Override File Disposition Using Custom Lists If a file has a disposition in the AMP cloud that you know to be incorrect, you can add the file’s SHA-256 value to a file list that overrides the disposition from the cloud: To treat a file as if the AMP cloud assigned a clean disposi
Question
A company discovered an attack propagating through their network via a file. A custom file policy was created in order to track this in the future and ensure no other endpoints execute the infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise. What must be done in order to ensure that the created is functioning as it should?
Options
- ACreate an IP block list for the website from which the file was downloaded
- BBlock the application that the file was using to open
- CUpload the hash for the file into the policy
- DSend the file to Cisco Threat Grid for dynamic analysis
How the community answered
(16 responses)- A13% (2)
- B6% (1)
- C81% (13)
Explanation
Override File Disposition Using Custom Lists If a file has a disposition in the AMP cloud that you know to be incorrect, you can add the file’s SHA-256 value to a file list that overrides the disposition from the cloud: To treat a file as if the AMP cloud assigned a clean disposition, add the file to the clean list. To treat a file as if the AMP cloud assigned a malware disposition, add the file to the custom On subsequent detection, the device either allows or blocks the file without reevaluating the file's disposition. You can use the clean list or custom detection list per file policy. guide-v623/file_policies_and_advanced_malware_protection.html
Topics
Community Discussion
No community discussion yet for this question.