Refer to the exhibit. An engineer notices that a malicious file disguised as 'app.exe' in the FinanceApp folder (SHA-256 unknown to AMP) was blocked. However, another unknown executable in the same folder was also blocked, causing a false positive. What should the engineer change in the policy to allow only the legitimate 'app.exe' while still blocking unknown executables?
A specific path exclusion for app.exe will allow it while still blocking other unknown executables in the folder.
Why this answer
Option B is correct because a file exclusion by path prevents scanning of all files in that path, including the specific app.exe, but would also allow other files there. Option A is wrong because it removes the process exclusion, which may be needed for legitimate app. Option C is wrong because changing action to 'detect' would allow all unknowns.
Option D is wrong because removing the file exclusion completely would block app.exe too.