A customer plans to test the malware prevention capabilities of Traps. It has defined this policy.
– Local analysis is enabled
– Quarantining of malicious files is enabled
– Files are to be uploaded to WildFire
No executables have been whitelisted or blacklisted in the ESM Console Hash Control screen.
Malware sample A has a verdict of Malicious in the WildFire service. Malware sample B is unknown to WildFire.
Which behavior will result?
A . WildFire will block sample A as known malware; sample B will be blocked as an unknown binary while the file is analyzed by WildFire for a final verdict.
B . Hash Control already knows sample A locally in the endpoint cache and will block it. Sample B will not be blocked by WildFire, but will be blocked by the local analysis engine.
C . WildFire will block sample A as known malware, and sample B will compromise the endpoint because it is new and ESM Server has not obtained the required signatures.
D . WildFire will block sample A as known malware; sample B will not be blocked by WildFire, but will be evaluated by the local analysis engine and will or will not be blocked, based on its verdict, until WildFire analysis determines the final verdict.
Answer: D
Leave a Reply