Preventing Malware-Like Auditing Package Triggers | Microsoft Security Operations Analyst Exam

Preventing Malware-Like Auditing Package Triggers

Question

Your company uses an auditing package that, due to the way it accesses files, mimics a malware threat.

The package is always installed into a single directory on each PC.

You would like prevent this package from triggering investigations.

How can you accomplish this with the least administrative effort?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Correct Answer: C Option C is correct.

Adding a folder/directory to folder exclusions makes sure that alert doesn't get triggered in future.

Option A is incorrect.

Vendor is not responsible for an organization's product capabilities.

Option E is incorrect.

It is not recommended to disable automated investigation capabilities.

Option D is incorrect.

It is not recommended to change your solution.

Option B is incorrect.

The requirement is to exclude the directory which is least administrative effort.

Reference:

In order to prevent the auditing package from triggering investigations, you should choose option C - Add the folder the package is installed in to the folder exclusions.

Folder exclusions are a security feature that allows security software to ignore specific directories and files when performing security scans. By adding the directory where the auditing package is installed to the folder exclusions, you can prevent security software from detecting it as a threat and triggering an investigation.

This approach is the most efficient option as it requires the least amount of administrative effort. It does not require contacting Microsoft or adding the package to a list of allowed software in Security Center. Instead, it simply involves adding a single directory to the folder exclusions, which can be done quickly and easily through the security software's configuration settings.

Option D - replacing the software with another product - may not be feasible or practical, especially if the auditing package is necessary for the company's operations. Option E - disabling automated investigations - is also not recommended as it could leave the company vulnerable to real malware threats.

Therefore, option C is the best solution to prevent the auditing package from triggering investigations with the least amount of administrative effort.