Block Tailspin_scanner.exe
Question
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant and 500 computers that run Windows 10
The computers are onboarded to the Microsoft 365 compliance center.
You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers.
Tailspin_scanner.exe is installed locally on the computers.
You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.
Solution: From the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings, you add the application to the unallowed apps list.
Does this meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.A.
Unallowed apps is a list of applications that you create which will not be allowed to access a DLP protected file.
https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwideThe proposed solution of adding Tailspin_scanner.exe to the unallowed apps list in the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings could potentially meet the stated goal of blocking the application from accessing sensitive documents without preventing it from accessing other documents.
Endpoint DLP is a feature in Microsoft 365 that helps prevent data loss across endpoints such as Windows 10 devices by allowing administrators to set policies to protect sensitive data. It includes the ability to block access to specific applications based on their file path or digital signature.
By adding Tailspin_scanner.exe to the unallowed apps list, the administrator can prevent the application from accessing any documents that are identified as sensitive by the DLP policies. However, it is important to note that this approach will only work if the sensitive documents have already been classified by the DLP policies.
If Tailspin_scanner.exe is installed in multiple locations on the affected computers, the administrator would need to ensure that all instances of the application are blocked by adding all relevant file paths or digital signatures to the unallowed apps list.
It is worth noting that there may be other methods of preventing Tailspin_scanner.exe from accessing sensitive documents, such as using Windows AppLocker to block the application from running entirely or removing the application from the affected computers altogether. However, these solutions may also have unintended consequences and may not be feasible depending on the specific circumstances of the scenario.
In conclusion, while the proposed solution of adding Tailspin_scanner.exe to the unallowed apps list in Endpoint DLP settings could potentially meet the stated goal of blocking the application from accessing sensitive documents without preventing it from accessing other documents, it is important to consider all available options and potential consequences before implementing any solution.
