Troubleshooting should include the following symptoms and tools:
- Common symptoms
- Pop-ups
- Browser redirection
- Security alerts
- Slow performance
- Internet connectivity issues
- PC/OS lock-up
- Application crash
- OS updates failures
- Rogue antivirus
- Spam
- Renamed system files
- Files disappearing
- File permission changes
- Hijacked email
- Responses from users regarding email
- Automated replies from unknown sent email
- Access denied
- Invalid certificate (trusted root CA)
- Tools
- Antivirus software
- Anti-malware software
- Recovery console
- Terminal
- System restore/Snapshot
- Pre-installation environments
- Event viewer
- Refresh/restore
- MSCONFIG/Safe boot
Troubleshooting should also follow best practice procedures for malware removal:
- Identify malware symptoms.
- Quarantine infected system.
- Disable system restore (in Windows).
- Remediate infected systems.
a. Update anti-malware software.
b. Scan and removal techniques (safe mode, pre-installation environment)
- Schedule scans and run updates.
- Enable system restore and create restore point (in Windows).
- Educate end user.
Process/Skill Questions:
- What are the best practice procedures for malware removal?
- What is the difference between antivirus software and anti-malware software?
- Why is it important to keep a PC secure?
- What are the best practices for OS updates in a LAN?
- How frequently should an enterprise workstation be scanned for viruses?
- What is the security risk of altering the boot sequence to look at USB ports or CD/DVD drives before the system drive?