You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices.
As part of an incident investigation, you identify the following suspected malware files:
• sys
• docx
• xlsx
You need to create indicator hashes to block users from downloading the files to the devices.
Which files can you block by using the indicator hashes?
You can create indicator hashes to block executable files with extensions like .sys as well as Office files such as .docx and .xlsx. However, PDF files cannot be blocked using indicator hashes in Microsoft Defender for Endpoint. Therefore, the correct files that can be blocked by using the indicator hashes are File1.sys, File3.docx, and File4.xlsx.
Based on File hashes, you should be able to block each and every file with this hash, regardless the name of the file.
This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including .exe and .dll files. Ref: https://learn.microsoft.com/en-us/defender-endpoint/indicator-file
Answer - C (.sys , .docx, .xlsx as per this explanation by Copilot - You can create indicator hashes to block executable files with the following extensions: .exe, .dll, and .sys. Additionally, Office files like .docx and .xlsx can also be blocked using indicator hashes. However, PDF files cannot be blocked using indicator hashes in Microsoft Defender for Endpoint1.
I took the hash from (.pdf, sys, doc,) and each file and was able to upload successfully. Therefore, the answer is E.
Surely you can block all of them