A security analyst observes the following events in the logs of an employee workstation:
Given the information provided, which of the following MOST likely occurred on the workstation?
A. Application whitelisting controls blocked an exploit payload from executing.
B. Antivirus software found and quarantined three malware files.
C. Automatic updates were initiated but failed because they had not been approved.
D. The SIEM log agent was not turned properly and reported a false positive.