Which is TRUE regarding a file released from quarantine?
Which is TRUE regarding a file released from quarantine?
When a file is released from quarantine, it will not generate future machine learning detections on the associated host. This means the system will no longer flag it as a potential threat on the same host where it was initially quarantined. This allows the file to operate normally on the associated host without the interference of repeated detection.
Not allowed to execute on all hosts, see Crowdstrike documentation
I agree with D
agree with answer D
So far I've only seen all quarantined files are matched by ML PUP detection. None coming from IoA detection.
D is correct for the Single host. Need to add to global policy for "all hosts"
When you release a file from quarantine, it's allowed to execute on that host. Releasing a file does not affect other hosts.