Free Preparation Discussions
MENU
CrowdStrike Exam CCFA-200 Topic 9 Question 34 Discussion
Topic #: 9
You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. What is the best way to prevent these in the future?
Turn on the Script-Based Execution Monitoring prevention policy setting to enable the 'Falcon sensor to monitor the contents of scripts and shells that are popular mechanisms for executing malicious code on hosts. This setting does not kill or block scripts.'
Scripting languages:
Excel 4.0 macros
JScript
VBA Macros
VBScript
The Sensor Visibility setting that should be turned on within the Prevention policy settings to monitor suspicious VBA macros is Script-based Execution Monitoring. Script-based Execution Monitoring is a feature that enables the Falcon sensor to monitor and prevent malicious script execution on Windows systems. The feature uses machine learning and behavioral analysis to detect suspicious scripts or commands executed by various script interpreters, such as PowerShell, WScript, CScript, or Bash. VBA (Visual Basic for Applications) is a scripting language that can be embedded in Microsoft Office documents, such as Word or Excel. VBA macros can be used to automate tasks or perform actions within the documents, but they can also be abused by attackers to deliver malware or execute malicious code. Script-based Execution Monitoring can help detect and prevent such attacks by monitoring the contents of VBA macros for execution of malicious content.
Stevie
23 days agoJacquline
24 days agoTyra
1 months agoLeonard
9 days agoJeanice
1 months agoLettie
18 days agoRebecka
2 months agoDenna
22 days agoAlease
24 days agoBenedict
1 months agoRonna
1 months agoAnjelica
2 months agoNichelle
2 months agoLeota
2 months ago