These are the five fundamental steps for treating an infected system.
For full details on how to perform these steps on the page, please visit this page:
Best practices for troubleshooting viruses on a network
Step 1. Identify the Threat and Attack Vectors
In order for a threat to be contained and eliminated, you must first know what the threat is and what it is designed to do.
Step 2. Identify the Infected Computers
Once the threat(s) have been identified, it is important to understand which computers are infected, and how many uninfected computers could be affected.
Step 3. Quarantine the Infected Computers
To prevent the threat from spreading, compromised computers should be removed from the network while being remediated.
Step 4. Clean the Infected Computers
Once isolated, the threat can be removed and the side effects it caused can be reversed.
Your Security Team should consider the following factors:
Once the outbreak is resolved, it is time to review the incident and make necessary changes in internal processes and procedures to avoid this type of attack in the future.
