Your organization uses Microsoft Defender XDR. You receive an alert about a potentially unwanted application (PUA) being installed on a device. The PUA is not blocked by your current policy. You need to prevent future installations of this PUA without affecting other software. What should you do?
Custom indicators allow precise blocking based on file hash.
Why this answer
Adding the file's SHA-256 hash to the custom indicator allows Defender to block it specifically. Option A is incorrect because blocking all PUAs is too broad. Option C is incorrect because a full scan does not prevent future installations.
Option D is incorrect because resetting the device is excessive.