An administrator needs to query all endpoints in the HR group for instances of an obfuscated copy of cmd.exe.
Given this Enterprise EDR query: process_name:cmd.exe AND device_group:HR AND NOT enriched:true Which example could be added to the query to provide the desired results?
A. NOT process_name:cmd.exe
B. NOT process_original_filename:cmd.exe
C. NOT process_company_name:cmd.exe
D. NOT process_internal_name:cmd.exe
