An administrator needs to find all events on the Investigate page where the process is svchost.exe, and the path is not the standard path of C:\Windows\System32.
Which advanced search will yield these results?
An administrator wants to prevent ransomware that has not been seen before, without blocking other processes.
Which rule should be used?
Which permission level is required when a user wants to install a sensor on a Windows endpoint?
An administrator is reviewing how event data is categorized and identified in VMware Carbon Black Cloud.
Which method is used?
Where can a user identify whether a sensor's signature pack is out-of-date in VMware Carbon Black Cloud?
An administrator needs to fully analyze the relevant information of an event stored in the VMware Carbon Black Cloud.
On which page can this information be found?
An administrator has determined that the following rule was the cause for an unexpected block:
[Suspected malware] [Invokes a command interpreter] [Terminate process]
All reputations for the process which was blocked show SUSPECT_MALWARE.
Which reputation was used by the sensor for the decision to terminate the process?