A user reports that a Windows 10 PC displays a warning message. The warning message indicates that the PC is infected by malware. A technician comes to the office and makes sure that the PC is disconnected from all wired and wireless networks. What should the technician do next to further investigate the incident?
- Disconnect the hard drive.
- Boot the PC in Safe Mode.
- Save log files to removable media.
- Move the malware to the Quarantined Items folder.
Explanation & Hint:
When a malware protection program detects that a computer is infected, it removes or quarantines the threat. However, the computer is most likely still at risk. The first step to remediating an infected computer is to remove the computer from the network to prevent other computers from becoming infected. The next step is to follow any incident response policies that are in place. The log files should be saved to a removable media for further analysis. Restarting an infected PC may destroy the evidence of infection. |