Article Number: 000126118
Not Applicable
By default, Advanced Threat Prevention (ATP) is suggested to run in a learning mode initially. All threat information is collected to give administrators the flexibility to manage threats and Potentially Unwanted Programs (PUPs) within their environment and to allowlist mission-critical apps.
For more information about modifying policies in the Dell Endpoint Security Suite Enterprise, reference How To Modify Policies on the Dell Data Protection Server.
For more information and rules on creating Exclusions within Dell Endpoint Security Suite Enterprise, reference How to Add Exclusions in Dell Endpoint Security Suite Enterprise.
| Policy Value | Suggested Value | Policy Description |
|---|---|---|
| Advanced Threat Prevention (Primary Switch) |
On |
This policy value determines whether the clients can consume policies for Advanced Threat Prevention. This also enables file actions and execution control, which cannot be disabled. Execution control encompasses background Threat Detection and File Watcher. This module within ATP analyzes and abstracts the intentions of a Portable Executable (PE) based on its intended actions and behavior. All files detected by Execution Control, and along with BTD and File Watcher, are processed based on the policies that correlate to Auto-Quarantine. These actions are performed based on the absolute path location of the Portable Executable. |
| File Actions: |
|
|
| Unsafe Executable Auto Quarantine With Executable Control Enabled |
Disabled | This determines whether files that are considered a severe threat are automatically quarantined. |
| Unsafe Executable Auto Upload Enabled |
Enabled |
Sets whether severe threats are uploaded to the cloud to perform a second-opinion check on these threats. |
| Abnormal Executable Auto Quarantine With Executable Control Enabled |
Disabled |
This determines whether files that are considered a potential threat are automatically quarantined. |
| Abnormal Executable Auto Upload Enabled |
Enabled |
Sets whether potential threats are uploaded to the cloud to perform a second-opinion check on these threats. |
| Allow Execution of Files in Exclude Folders |
Enabled |
This applies to the Policy Exclude Specific Folders within the Protection Settings policy group. This allows executables within the Excluded folders to run even if they are automatically quarantined. |
| Auto Delete |
Disabled |
This enables the timer on the Days until Deleted policy. This applies to quarantined items, once the Days until Deleted elapses, any threats within a quarantine folder are automatically removed if this policy is enabled. |
| Days until Deleted |
14 |
This determines the number of days, per threat, that an item remains in the local quarantine folder. |
| Memory Actions |
||
| Memory Protection Enabled |
Enabled |
This enables the Memory Protection functionality Memory protection’s module analyzes and interprets the intentions of running applications by monitoring the interactions between applications and the operating system in memory. |
| Enable Exclude executable files |
Enabled |
This allows for specific executables to be excluded from Memory Protection. |
| Exclude executable files |
Blank |
All exclusions added must be specified using the relative path of that executable file (exclude the drive letter from the path). Correct (OS X): /Users/application.app/executable Correct (Windows): \Application\SubFolder\application.exe Incorrect: C:\Application\SubFolder\application.exe Incorrect: \Application\SubFolder\ |
| Exploitation: Stack Pivot |
Alert |
The stack for a thread has been replaced with a different stack. Generally, the computer allocates a single stack for a thread. An attacker would use a different stack to control execution in a way that Data Execution Prevention (DEP) cannot block. Applies to: Windows, Mac |
| Exploitation: Stack Protect |
Alert |
The memory protection of a thread's stack has been modified to enable execution permission. Stack memory should not be executable, so usually this means that an attacker is preparing to run malicious code that is stored in stack memory as part of an exploit, an attempt which Data Execution Prevention (DEP) would otherwise block. Applies to: Windows, Mac |
| Exploitation: Overwrite Code |
Alert |
Code residing in a process's memory has been modified using a technique that may indicate an attempt to bypass Data Execution Prevention (DEP). Applies to: Windows |
| Exploitation: Scanner Memory Search |
Alert |
A process is trying to read valid magnetic stripe track data from another process. Typically related to point-of-sale computers (POS) Applies to: Windows |
| Exploitation: Malicious Payload |
Alert |
A process is trying to read valid magnetic stripe track data from another process. Typically related to point-of-sale computers (POS) Applies to: Windows |
| Exploitation: Malicious Payload |
Alert |
A generic shellcode and payload detection that is associated with exploitation has been detected. Applies to: Windows |
| Process Injection: Remote Allocation of Memory |
Alert |
A process has allocated memory in another process. Most allocations only occur within the same process. This generally indicates an attempt to inject code or data into another process, which may be a first step in reinforcing a malicious presence on a computer. Applies to: Windows, Mac |
| Process Injection: Remote Mapping of Memory |
Alert |
A process has introduced code or data into another process. This may indicate an attempt to begin running code in another process and reinforce a malicious presence. Applies to: Windows, Mac |
| Process Injection: Remote Write to Memory |
Alert |
A process has modified memory in another process. This is usually an attempt to store code or data in previously allocated memory (see OutofProcessAllocation), but it is possible that an attacker is trying to overwrite existing memory in order to divert execution for a malicious purpose. Applies to: Windows, Mac |
| Process Injection: Remote Write PE to Memory |
Alert |
A process has modified memory in another process to contain an executable image. Generally, this indicates that an attacker is attempting to run code without first writing that code to disk. Applies to: Windows, Mac |
| Process Injection: Remote Overwrite Code |
Alert |
A process has modified executable memory in another process. Under normal conditions executable memory is not modified, especially by another process. This usually indicates an attempt to divert execution in another process. Applies to: Windows, Mac |
| Process Injection: Remote Unmap of Memory |
Alert |
A process has removed a Windows executable from the memory of another process. This may indicate an intent to replace the executable image with a modified copy for diverting execution. Applies to: Windows, Mac |
| Process Injection: Remote Thread Creation |
Alert |
A process has created a thread in another process. An attacker uses this to activate a malicious presence that has been injected into another process. Applies to: Windows, Mac |
| Process Injection: Remote APC Scheduled |
Alert |
A process has diverted the execution of another process's thread. An attacker uses this to activate a malicious presence that has been injected into another process. Applies to: Windows |
| Process Injection: DYLD Injection (Mac OS X only) |
Alert |
An environment variable has been set that causes a shared library to be injected into a launched process. Attacks can modify the plist of applications like Safari or replace applications with bash scripts that cause their modules to be loaded automatically when an application starts. Applies to: Mac |
| Escalation: LSASS Read |
Alert |
Memory belonging to the Windows Local Security Authority process has been accessed in a manner that indicates an attempt to obtain users' passwords. Applies to: Windows |
| Escalation: Zero Allocate |
Alert |
A null page has been allocated. The memory region is typically reserved, but in certain circumstances it can be allocated. Attacks can use this to setup privilege escalation by taking advantage of some known null de-reference exploits, typically in the kernel. Applies to: Windows, Mac |
| Execution Control |
||
| Prevent Service Shutdown from Device |
Disabled |
When Enabled prevents the ability to stop the ATP service. This also prevents the application from being uninstalled. |
| Kill Unsafe Running Process and Sub-Processes |
Disabled |
Enabling this feature allows for the detection and termination of any memory-based threat that spawns sub-processes. |
| Background Threat Detection |
Run Once |
This determines if a scan of existing files is run on the device. This can be set to Disabled, Run Once, or Run Recurring. If Watch For New Files is enabled, it is recommended to configure Background Threat Detection to Run Once. You must check existing files one time only if you are also watching for new and updated files. |
| Watch For New Files |
Enabled |
Setting this to Enabled allows the detection and analysis of any files that are newly written to the device or that are changed.
Note: It is suggested to have Watch for New Files disabled on high-traffic devices (such as files or application servers), as this could cause unexpected increases in disk latency as each file would have to be analyzed as it is written to disk. This is mitigated by default as any Portable Executables that attempt to run are analyzed as they attempt to run. This can be further mitigated by enabling and setting Background Threat Detection to Run Recurring.
|
| Set Maximum Archive File Size to Scan |
150 |
Configures the maximum decompressed archive size that can be analyzed Size is in megabytes. |
| Protection Settings | ||
| Enable Exclude Specific Folders (includes subfolders) | Enabled | This enables the ability to define folders in File Watcher and Execution Control based on the policy and Allow Execution of Files in Exclude Folders that are not monitored. |
| Exclude Specific Folders (includes subfolders) | -Blank- | Defines a list of folders in File Watcher that are not being monitored, the policy of Allow Execution of Files in Exclude Folders prevents the quarantine of any files run from these directories. This policy prevents the scanning of these directories by Watch for New Files or Background Threat Detection. All exclusions added must be specified using the absolute path of that executable file (include the drive letter from the path). Correct (OS X): /Mac\ HD/Users/Application\ Support/Dell Correct (Windows): C:\Program Files\Dell\ Incorrect: \Program Files\Dell\ Incorrect: C:\Program Files\Dell\Executable.exe |
| Application Control | ||
| Application Control | Disabled | This enables the ability to restrict application-based changes on the device, no new applications can be added, no applications can be removed, and no applications can be modified or updated. |
| Application Control Allowed Folders | -Blank- | This defines a list of folders in application control that are not monitored. All exclusions added must be specified using the absolute path of that executable file (include the drive letter from the path). Correct (OS X): /Mac\ HD/Users/Application\ Support/Dell Correct (Windows): C:\Program Files\Dell\ Incorrect: \Program Files\Dell\ Incorrect: C:\Program Files\Dell\Executable.exe |
| Enable Change Window | Disabled | When enabled, this temporarily disables Application Control, allowing for modifications to happen in the environment. |
| Script Control | ||
| Script Control | Enabled | Enables the use of Script Control Script Control monitors applications and services that can run actions within the operating system. These applications are commonly called interpreters. ATP monitors these applications and services for any scripts that attempt to run and, based on policies, either notifies of their action having been taken or blocks the actions from occurring. These decisions are made based on the script name and the relative path where the script was run. |
| Script Control Mode | Alert | When set to Block, no script-based items run. This includes any active script, macro-based script, or PowerShell-based script. In later versions, these are separated into their own policies. Applies to: 1.2.1371 and earlier builds of ESSE |
| Active Script | Alert | When set to Block, this disables the ability to run JavaScript, VBscript, batch, Python, Perl, PHP, Ruby, and many other scripts. Applies to: 1.2.1391 and later builds of ESSE. |
| Macros | Alert | Setting this to Alert enables the analysis of Macros within documents to determine if they are running potentially malicious commands. If a threat is perceived, the Block setting prevents the macro from running. Macros that run on launch may prevent the application from loading. Applies to: 1.2.1391 and later builds of ESSE. |
| Powershell | Alert | When set to Block, this prevents any PowerShell-based scripts from running in the environment. Applies to: 1.2.1391 and later builds of ESSE. |
| Powershell Console | Allow | When set to Block, this prevents the PowerShell V3 console and ISE from launching. Applies to: 1.2.1391 and later builds of ESSE. |
| Enable Approve Scripts in Folders (and Subfolders) | Enabled | This enables the ability to exclude locations in Script Control from being analyzed. |
| Approve Scripts in Folders (and Subfolders) | -Blank- | This section details the folders in Script Control that are not monitored.
Correct (Mac): /Mac\ HD/Users/Cases/ScriptsAllowed Correct (Windows): \Cases\ScriptsAllowed. Incorrect: C:\Application\SubFolder\application.vbs Incorrect: \Program Files\Dell\application.vbs |
| Global Allow | -Blank- | This policy leverages by disconnected mode for ESSE. This allows customers to have an environment entirely separated from the internet. This policy determines specific threat paths and certificates that should be allowed within the environment. |
| Quarantine List | -Blank- | This policy leverages by disconnected mode for ESSE. This allows customers to have an environment entirely separated from the internet. This is a defined list of known bad hashes that is automatically quarantined when encountered by the agent. |
| Safe List | -Blank- | This policy leverages by disconnected mode for ESSE. This allows customers to have an environment entirely separated from the internet. This policy determines specific threat hashes that should be allowed within the environment. |
| Agent Settings | ||
| Suppress Popup Notifications | Enabled | This enables or disables the ability for ESSE to display a toaster dialog. |
| Minimum Popup Notification Level | High | This Defines what is notified to the end user if the policy Suppress Popup Notifications is disabled. High
Medium
Low
|
| Enable BIOS Assurance | Enabled | Performs BIOS integrity checks on supported Dell computers (2016 and later enterprise class computers) |
| Enable Auto-upload of Log Files | Enabled | This enables the ability for agents to auto-upload their log files for the ATP plug-in to the cloud every day at midnight, or at 100 MB, whichever occurs first. |
| Policy Value | Suggested Value | Policy Description |
|---|---|---|
| Advanced Threat Prevention (Primary Switch) |
On |
This policy value determines whether the clients can consume policies for Advanced Threat Prevention. This also enables File Actions and Execution Control, which cannot be disabled. Execution control encompasses Background Threat Detection and File Watcher. This module within ATP analyzes and abstracts the intentions of a Portable Executable (PE) based on its intended actions and behavior. All files detected by Execution Control, and BTD and File Watcher, are processed based on the policies that correlate to Auto-Quarantine. These actions are performed based on the absolute path location of the Portable Executable. |
| File Actions: |
|
|
| Unsafe Executable Auto Quarantine With Executable Control Enabled |
Enabled | This determines whether files that are considered a severe threat are automatically quarantined. |
| Unsafe Executable Auto Upload Enabled |
Enabled |
Sets whether severe threats are uploaded to the cloud to perform a second-opinion check on these threats. |
| Abnormal Executable Auto Quarantine With Executable Control Enabled |
Enabled |
This determines whether files that are considered a potential threat are automatically quarantined. |
| Abnormal Executable Auto Upload Enabled |
Enabled |
Sets whether potential threats are uploaded to the cloud to perform a second-opinion check on these threats. |
| Allow Execution of Files in Exclude Folders |
Enabled |
This applies to the policy Exclude Specific Folders within the Protection Settings policy group. This allows executables within the Excluded folders to run even if they are automatically quarantined. |
| Auto Delete |
Enabled |
This enables the timer on the days until deleted policy, this applies to quarantined items, as well. Once the days until deleted elapses, any threats within a quarantine folder are automatically removed if this policy is enabled. |
| Days until Deleted |
14 |
Determines the number of days, per threat, that an item remains in the local quarantine folder. |
| Memory Actions |
||
| Memory Protection Enabled |
Enabled |
This enables the Memory Protection functionality, memory protection’s module analyzes, and interprets the intentions of running applications by monitoring the interactions between applications and the operating system in memory. |
| Enable Exclude executable files |
Enabled |
This allows for specific executables to be excluded from Memory Protection. |
| Exclude executable files |
Varies based on the environment |
All exclusions added must be specified using the relative path of that executable file (exclude the drive letter from the path). Correct (OS X): /Users/application.app/executable Correct (Windows): \Application\SubFolder\application.exe Incorrect: C:\Application\SubFolder\application.exe Incorrect: \Application\SubFolder\ |
| Exploitation: Stack Pivot |
Terminate |
The stack for a thread has been replaced with a different stack. Generally, the computer only allocates a single stack for a thread. An attacker would use a different stack to control execution in a way that Data Execution Prevention (DEP) does not block. Applies to: Windows, Mac |
| Exploitation: Stack Protect |
Terminate |
The memory protection of a thread's stack has been modified to enable execution permission. Stack memory should not be executable, so usually this means that an attacker is preparing to run malicious code that is stored in stack memory as part of an exploit, an attempt which Data Execution Prevention (DEP) would otherwise not block. Applies to: Windows, Mac |
| Exploitation: Overwrite Code |
Terminate |
Code residing in a process's memory has been modified using a technique that may indicate an attempt to bypass Data Execution Prevention (DEP). Applies to: Windows |
| Exploitation: Scanner Memory Search |
Terminate |
A process is trying to read valid magnetic stripe track data from another process, typically related to point-of-sale computers (POS). Applies to: Windows |
| Exploitation: Malicious Payload |
Terminate |
A generic shellcode and payload detection that is associated with exploitation has been detected. Applies to: Windows |
| Process Injection: Remote Allocation of Memory |
Terminate |
A process has allocated memory in another process. Most allocations only occur within the same process. This generally indicates an attempt to inject code or data into another process, which may be a first step in reinforcing a malicious presence on a computer. Applies to: Windows, Mac |
| Process Injection: Remote Mapping of Memory |
Terminate |
A process has introduced code or data into another process. This may indicate an attempt to begin running code in another process and reinforce a malicious presence. Applies to: Windows, Mac |
| Process Injection: Remote Write to Memory |
Terminate |
A process has modified memory in another process. This is usually an attempt to store code or data in previously allocated memory (see OutOfProcessAllocation), but it is possible that an attacker is trying to overwrite existing memory in order to divert execution for a malicious purpose. Applies to: Windows, Mac |
| Process Injection: Remote Write PE to Memory |
Terminate |
A process has modified memory in another process to contain an executable image. Generally this indicates that an attacker is attempting to run code without first writing that code to disk. Applies to: Windows, Mac |
| Process Injection: Remote Overwrite Code |
Terminate |
A process has modified executable memory in another process. Under normal conditions executable memory is not modified, especially by another process. This usually indicates an attempt to divert execution in another process. Applies to: Windows, Mac |
| Process Injection: Remote Unmap of Memory |
Terminate |
A process has removed a Windows executable from the memory of another process. This may indicate an intent to replace the executable image with a modified copy for diverting execution. Applies to: Windows, Mac |
| Process Injection: Remote Thread Creation |
Terminate |
A process has created a thread in another process. An attacker uses this to activate a malicious presence that has been injected into another process. Applies to: Windows, Mac |
| Process Injection: Remote APC Scheduled |
Terminate |
A process has diverted the execution of another process's thread. An attacker uses this to activate a malicious presence that has been injected into another process. Applies to: Windows |
| Process Injection: DYLD Injection (Mac OS X only) |
Terminate |
An environment variable has been set that causes a shared library to be injected into a launched process. Attacks can modify the plist of applications like Safari or replace applications with bash scripts that cause their modules to be loaded automatically when an application starts. Applies to: Mac |
| Escalation: LSASS Read |
Terminate |
Memory belonging to the Windows Local Security Authority process has been accessed in a manner that indicates an attempt to obtain users' passwords. Applies to: Windows |
| Escalation: Zero Allocate |
Terminate |
A null page has been allocated. The memory region is typically reserved, but in certain circumstances it can be allocated. Attacks can use this to set up privilege escalation by taking advantage of some known null de-reference exploits, typically in the kernel. Applies to: Windows, Mac |
| Execution Control |
||
| Prevent Service Shutdown from Device |
Enabled |
When Enabled prevents the ability to stop the ATP service, even as computer. This also prevents the application from being uninstalled. |
| Kill Unsafe Running Process and Sub-Processes |
Enabled |
Enabling this feature allows for the detection and termination of any memory-based threat that spawns sub-processes. |
| Background Threat Detection |
Run Once |
This determines if a scan of existing files is run on the device. This can be set to Disabled, Run Once, or Run Recurring. If Watch For New Files is enabled, it is recommended to configure Background Threat Detection to Run Once. You must check existing files one time only if you are also watching for new and updated files. |
| Watch For New Files |
Enabled |
Setting this to Enabled allows the detection and analysis of any files that are newly written to the device or that are changed.
Note: It is suggested to have Watch for New Files disabled on high-traffic devices (such as files or application servers), as this could cause unexpected increases in disk latency as each file would have to be analyzed as it is written to disk. This is mitigated by default as any Portable Executables that attempt to run is analyzed as they attempt to run. This can be further mitigated by enabling and setting Background Threat Detection to Run Recurring.
|
| Set Maximum Archive File Size to Scan |
150 |
Configures the maximum decompressed archive size that can be analyzed Size is in megabytes. |
| Protection Settings | ||
| Enable Exclude Specific Folders (includes subfolders) | Enabled | This enables the ability to define folders in File Watcher and Execution Control based on the policy Allow Execution of Files in Exclude Folders that are not monitored. |
| Exclude Specific Folders (includes subfolders) | Varies based on the environment | This defines a list of folders in File Watcher that are not monitored. This policy of Allow Execution of Files in Exclude Folders prevents the quarantine of any files that are run from these directories. This policy prevents the scanning of these directories by Watch for New Files or Background Threat Detection. All exclusions added must be specified using the Absolute path of that executable file (include the drive letter from the path). Correct (OS X): /Mac\ HD/Users/Application\ Support/Dell Correct (Windows): C:\Program Files\Dell\ Incorrect: \Program Files\Dell\ Incorrect: C:\Program Files\Dell\Executable.exe |
| Application Control | ||
| Application Control | Disabled | This enables the ability to restrict application-based changes on the device. No new applications can be added, no applications can be removed, and no applications can be modified or updated. |
| Application Control Allowed Folders | -Blank- | This defines a list of folders in application control that are not monitored. All exclusions added must be specified using the Absolute path of that executable file (include the drive letter from the path). Correct (OS X): /Mac\ HD/Users/Application\ Support/Dell Correct (Windows): C:\Program Files\Dell\ Incorrect: \Program Files\Dell\ Incorrect: C:\Program Files\Dell\Executable.exe |
| Enable Change Window | Disabled | When enabled, this temporarily disables Application Control, allowing for modifications to happen in the environment. |
| Script Control | ||
| Script Control | Enabled | Enables the usage of Script Control Script Control monitors applications and services that can run actions within the operating system. These applications are commonly called interpreters. ATP monitors these applications and services for any scripts that attempt to run and based on policies, either notifies of their action having been taken, or blocks the actions from occurring. These decisions are made based on the script name and the relative path where the script was run from. |
| Script Control Mode | Block | When set to Block no script-based items run. This includes any active script, macro based script, or PowerShell based script. In later versions, these are separated into their own policies. Applies to: 1.2.1371 and earlier builds of ESSE |
| Active Script | Block | When set to Block this disables the ability to run JavaScript, VBscript, batch, Python, Perl, PHP, Ruby, and many other scripts. Applies to: 1.2.1391 and later builds of ESSE. |
| Macros | Block | Setting this to Alert enables the analysis of Macros within documents to determine if they are running potentially malicious commands. If a threat is perceived, the "Block" setting prevents the macro from running. Macros that run on launch may prevent the application from loading. Applies to: 1.2.1391 and later builds of ESSE. |
| Powershell | Block | When set to Block this prevents any PowerShell-based scripts from running in the environment. Applies to: 1.2.1391 and later builds of ESSE. |
| Powershell Console | Allow | When set to Block prevents the PowerShell V3 console and ISE from launching. Applies to: 1.2.1391 and later builds of ESSE. |
| Enable Approve Scripts in Folders (and Subfolders) | Enabled | This enables the ability to exclude locations from Script Control from being analyzed. |
| Approve Scripts in Folders (and Subfolders) | Varies based on the environment | This section details the folders in Script Control that are not monitored.
Correct (Mac): /Mac\ HD/Users/Cases/ScriptsAllowed Correct (Windows): \Cases\ScriptsAllowed. Incorrect: C:\Application\SubFolder\application.vbs Incorrect: \Program Files\Dell\application.vbs |
| Global Allow | Varies based on the environment | This policy leverages by Disconnected mode for ESSE. This allows for customers to have an environment entirely separated from the internet. This policy determines specific threat paths and certificates that should be allowed within the environment. |
| Quarantine List | Varies based on the environment | This policy leverages by Disconnected mode for ESSE. This allows for customers to have an environment entirely separated from the internet. This is a defined list of known-bad hashes that are automatically quarantined when encountered by the agent. |
| Safe List | Varies based on the environment | This policy leverages by Disconnected mode for ESSE. This allows for customers to have an environment entirely separated from the internet. This policy determines specific threat hashes that should be allowed within the environment. |
| Agent Settings | ||
| Suppress Popup Notifications | Disabled | This enables or disables the ability for ESSE to display a toaster dialog. |
| Minimum Popup Notification Level | High | This defines what is notified to the end user if the policy Suppress Popup Notifications is disabled. High
Medium
Low
|
| Enable BIOS Assurance | Enabled | Performs BIOS integrity checks on supported Dell computers (2016 and later enterprise class computers) |
| Enable Auto-upload of Log Files | Enabled | This enables the ability for agents to auto-upload their log files for the ATP plug-in to the cloud every day at midnight, or at 100 MB, whichever occurs first. |
| Enable Standard UI | Enabled | This enables an additional option using the Dell Data Security Console on an endpoint. This allows for local users to see what threats, memory events, or scripts that have been detected on the local endpoint. This option is present using the right-click menu on the endpoint or using the settings cog within the Dell Data Security Console in an option titled Advanced Threat Prevention. Once this option is selected, additional toggles are available that show or hide the threats, memory events, or scripts that have been discovered on that computer. This policy requires the Dell Encryption Management Agent to be version 8.18.0 or later. |
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.
Dell Endpoint Security Suite Enterprise
04 Mar 2024
10
Solution