Obstruct Files with Advanced Features

Correct Answer: A.

Option A is correct.

EDR with block mode can be used with third party AV.

Option B is incorrect.

“Allow or block file” feature requires Defender AV.

Option C is incorrect.

Automated investigations do not block files.

Reference:

The correct answer is A. Turn on EDR with block mode.

EDR (Endpoint Detection and Response) is an advanced security feature that allows organizations to detect and respond to security incidents on their endpoints. EDR solutions use various techniques to detect and analyze security threats, including behavioral analysis, machine learning, and threat intelligence.

In addition to detection and response capabilities, some EDR solutions also provide advanced protection features such as file blocking. This feature allows organizations to prevent the execution of specific files that are deemed to be malicious or suspicious.

However, it is important to note that file blocking features in EDR solutions may not work if a third-party antivirus (AV) solution is also installed on the endpoint. This is because the third-party AV solution may override the EDR file blocking rules.

To address this limitation, the EDR solution must be configured to use block mode. In this mode, the EDR solution will block files regardless of whether a third-party AV solution is installed on the endpoint. This ensures that the organization's security policies are enforced consistently across all endpoints, regardless of the AV solution being used.

Automated investigation and Allow or Block file are also advanced security features, but they are not directly related to file blocking in EDR solutions. Automated investigation refers to the use of automation to investigate security incidents, while Allow or Block file allows organizations to define policies for file access control.

Therefore, the correct answer is A. Turn on EDR with block mode.