1. Symantec/
  2. Security Response/
  3. Infected Systems

I have infected systems - now what?

These are the five fundamental steps for treating an infected system.
For full details on how to perform these steps on the page, please visit this page:
Best practices for troubleshooting viruses on a network

Step 1. Identify the Threat and Attack Vectors
In order for a threat to be contained and eliminated, you must first know what the threat is and what it is designed to do.

Step 2. Identify the Infected Computers
Once the threat(s) have been identified, it is important to understand which computers are infected, and how many uninfected computers could be affected.

Step 3. Quarantine the Infected Computers
To prevent the threat from spreading, compromised computers should be removed from the network while being remediated.

Step 4. Clean the Infected Computers
Once isolated, the threat can be removed and the side effects it caused can be reversed.

Your Security Team should consider the following factors:
Step 5. Post-op: Prevent Recurrence
Once the outbreak is resolved, it is time to review the incident and make necessary changes in internal processes and procedures to avoid this type of attack in the future.

Want more?
Read the full details on how to perform these five fundamental steps
Read the Symantec Security Best Practices
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube