How should the SEP Administrator block the threat using Application and Device Control?

An organization identifies a threat in its environment and needs to limit the spread of the threat.

How should the SEP Administrator block the threat using Application and Device Control?
A . Gather the MD5 hash of the file and create an Application Content Rule that blocks the file based on the file fingerprint.
B . Gather the process name of the file and create an Application Content Rule that blocks the file based on the device ID type.
C . Gather the MD5 hash of the file and create an Application Content Rule that uses regular expression matching.
D . Gather the MD5 hash of the file and create an Application Content Rule that blocks the file based on specific arguments.

View Answer

Answer: A

Explanation:

When a threat is detected within an organization’s environment, preventing its spread becomes crucial. Symantec Endpoint Protection (SEP) allows administrators to create Application and Device Control policies that target specific threat files to block them across the network. To block a known malicious file, the administrator should:

Identify the File MD5 Hash: The MD5 hash serves as a unique "fingerprint" for the malicious file, ensuring that the specific file version can be accurately identified across systems.

Create an Application Content Rule: Using the Application and Device Control feature, the administrator can create a content rule that targets the identified file by its MD5 hash, effectively blocking it based on its fingerprint.

Apply the Rule Across Endpoints: Once created, this rule is applied to endpoints, preventing the file from executing or spreading.

This method ensures precise blocking of the threat without impacting other files or processes.