Your threat hunt identifies that an attacker used a previously unknown malware variant to move laterally. Which Microsoft Defender XDR feature would you use to automatically block the file based on behavioral detection?
ASR rules can block behaviors like 'Block executable files from running unless they meet a prevalence, age, or trusted list criterion'.
Why this answer
Option D is correct because Attack Surface Reduction (ASR) rules can block suspicious behavior. Option A (Custom file indicators) blocks based on known IOCs. Option B (Network Protection) blocks network connections.
Option C (Web Protection) blocks web traffic.