An organization created a custom application that is being flagged by Cisco Secure Endpoint. The application must be exempt from being flagged. What is the process to meet the requirement?
A.
Configure the custom application to use the information-store paths.
B.
Add the custom application to the DFC list and update the policy.
C.
Precalculate the hash value of the custom application and add it to the allowed applications.
D.
Modify the custom detection list to exclude the custom application.
Correct Answer: C
You can provide an absolute path and/or a SHA-256 of the process executable when creating a Process exclusion. If you specify both a path and SHA-256 then both conditions must be met for the process to be excluded.
https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/213681-best-practices-for-amp-for-endpoint-excl.html
A. "Configure the custom application to use the information-store paths." < Not absolute path
yeah. my choice is also "C"
FYI
Custom Detection List:(File not network traffic)
To treat a file as if the AMP cloud assigned a malware disposition, you can add the file to the custom detection list. Once added, subsequent detections of the file result in the device either allowing or blocking the file without reevaluating its disposition.
You can use the clean list or custom detection list per file policy2.
C seems to be the closest match, but not sure
https://video.cisco.com/detail/video/6038252112001
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
artilling
5 days, 20 hours agogwb
3 months, 3 weeks agoBubu3k
6 months ago