After a file disposition changes from unknown to malicious, what is the next step that should be taken?
A. Run the file in a sandbox to verify if it is malicious and to determine the file behaviors.
B. Create a new IPS signature to detect the malicious file.
C. Go back to the system where the file was previously seen and quarantine the malicious file.
D. Run a file retrospective analysis in the cloud using machine learning to determine the file SHA.
