Endpoint Protection

Hello

I have been asekd in interview many times if any virus breakout and corrupt all the SEP cleint's machine and SEPM. What would be the next step. 

Example: there are 10,000 SEP clients and one SEPM. Suddently virus breakout and corrupt the network setup. Virus could be in D: drive  like D:\abcd.exe

I never seen such kind of breakout in my seven years on work experience so didn't know waht to reply. 

As per my understanding we can restort the SEPM and shoot the commant the scan the entire network. but he they thsi is nt correct answer.. 

Can you guys suggest me?? 

This seems a highly unlikely scenario to me but nonetheless is always possible.

If the SEPM is corrupted, then backup will be your go to. If all SEP clients become corrupted. If the clients are corrupted this becomes much more tedious. Restore from backup is possible if you backup clients. Aside from that it would come down to attempting a repair of the client or just re-imaging the machines.

If he is very specific about d:\abcd.exe, I don't really think he cares about SEP per se, but want to know how you would act without antivirus.

Typical example here would be to block d:\abcd.exe using applocker through GPO or use scripts or other tools such as SCCM to delete the virus.

Still. Recovery of SEPM environment should be done simultationsly.

If the network is down as well.. Well.. You're screwed :P