Which example could be added to the query to provide the desired results?

An administrator needs to query all endpoints in the HR group for instances of an obfuscated copy of cmd.exe.

Given this Enterprise EDR query:

process_name:cmd.exe AND device_group:HR AND NOT enriched:true

Which example could be added to the query to provide the desired results?
A . NOT process_name:cmd.exe
B . NOT process_original_filename:cmd.exe
C . NOT process_company_name:cmd.exe
D . NOT process_internal_name:cmd.exe

View Answer

Answer: A