Posted by: Pdfprep
Post Date: November 29, 2020
You analyze your Threat Prevention events in SmartEvent and there is one specific event with a PDF-document you suspect being malicious.
What is a typical behavior Threat Emulation would detect as malicious?
When the PDF is opened in VM:
A . it tries to open in Acrobat Reader.
B . there are no changes to the registry.
C . it opens with Administrator privileges.
D . there is an outgoing network connection.
Answer: D