Which action is provided by Symantec EDR for the rapid remediation of impacted endpoints?

Symantec Endpoint Detection and Response (EDR) providesBlock Listing or Allow Listingof specific files as a rapid remediation action. This feature enables administrators to quickly contain or permit files across endpoints based on identified threat intelligence, thereby reducing the risk of further spread or false positives.

Use of Block Listing and Allow Listing:

Block Listing ensures that identified malicious files are immediately prevented from executing on other endpoints, providing containment for known threats.

Allow Listing, conversely, can be used for trusted files to prevent unnecessary interruptions if false positives occur.

Why Other Options Are Less Relevant:

Filtering for specific attributes(Option A) aids in identifying threats but is not a remediation action.

Detonating Memory Exploits(Option B) is a separate analysis action, not direct remediation.

Automatically stopping behaviors(Option C) pertains to behavior analysis rather than the specific action of listing files for rapid response.

References: The Block List and Allow List capabilities in Symantec EDR are key for efficient endpoint remediation and control over detected files​.