CrowdStrike Certified Falcon Administrator (CCFA) — Question 6

One of your development teams is working on code for a new enterprise application but Falcon continually flags the execution as a detection during testing. All development work is required to be stored on a file share in a folder called "devcode." What setting can you use to reduce false positives on this file path?

Answer options

• A. USB Device Policy
• B. Firewall Rule Group
• C. Containment Policy
• D. Machine Learning Exclusions

Correct answer: D

Explanation

The correct answer is D, as Machine Learning Exclusions allow you to specify certain paths that should not trigger detections, thus reducing false positives. The other options do not directly address the issue of false detections related to specific file paths in development environments.