Technorati
Digg
Delicious
Reddit
StumbleUpon
Furl
Yahoo
Twitter
Facebook
Newsvine
These are the five fundamental steps for treating an infected system.
For full details on how to perform these steps on the page, please visit this page:
Best practices for troubleshooting viruses on a network
Step 1. Identify the Threat and Attack Vectors
In order for a threat to be contained and eliminated, you must first know what the threat is and what it is designed to do.
Step 2. Identify the Infected Computers
Once the threat(s) have been identified, it is important to understand which computers are infected, and how many uninfected computers could be affected.
Step 3. Quarantine the Infected Computers
To prevent the threat from spreading, compromised computers should be removed from the network while being remediated.
Step 4. Clean the Infected Computers
Once isolated, the threat can be removed and the side effects it caused can be reversed.
Your Security Team should consider the following factors:
Step 5. Post-op: Prevent RecurrenceFor full details on how to perform these steps on the page, please visit this page:
Best practices for troubleshooting viruses on a network
Step 1. Identify the Threat and Attack Vectors
In order for a threat to be contained and eliminated, you must first know what the threat is and what it is designed to do.
Step 2. Identify the Infected Computers
Once the threat(s) have been identified, it is important to understand which computers are infected, and how many uninfected computers could be affected.
Step 3. Quarantine the Infected Computers
To prevent the threat from spreading, compromised computers should be removed from the network while being remediated.
Step 4. Clean the Infected Computers
Once isolated, the threat can be removed and the side effects it caused can be reversed.
Your Security Team should consider the following factors:
- Is it more cost-effective to rebuild/reinstall the compromised computer?
- Can the threats be easily removed by scanning all files with Symantec Endpoint Protection or with Symantec malware removal tools?
How to verify that Symantec Endpoint Protection is set to scan all files
Symantec Malware Removal Tools - Were there any system changes made?
- Assess when it is safe to add the computers back to the network. If you suspect that the infected systems have network aware threats, you should capture a sample and submit it to Symantec so that you can be supplied with an AV definition to protect the rest of your network from the threat.
Capturing a sample: How to use the Load Point Analysis within the Symantec Support Tool to help locate suspicious files
Submit the sample to Symantec: How to Use the Web Submission Process
Once the outbreak is resolved, it is time to review the incident and make necessary changes in internal processes and procedures to avoid this type of attack in the future.
Want more?
Read the full details on how to perform these five fundamental steps
Read the Symantec Security Best Practices
