kenpat/comptia-a-plus-core2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
comptia-a-plus-core2/labs/SEC-6-malware-removal-tabletop-lab.md

1.4 KiB
Raw Permalink Blame History

Lab SEC-6: Malware Removal Process Tabletop

Domain:

  • 2.0 Security

Works on:

  • Windows
  • Tabletop/scenario practice

Goal

Practice the malware removal order without working on live malware.

Safe Windows Inspection

Run or open:

windowsdefender:
taskmgr
resmon
SystemPropertiesProtection

Optional reboot command to know, but do not run unless you are ready to restart:

shutdown /r /o /t 0

Record:

  • Defender status:
  • Highest CPU process:
  • System Protection enabled:
  • Where you would find Advanced Startup:

Process Drill

Write the 10 steps from memory:

Next-Step Scenarios

Identify the next correct step.

  1. User reports browser redirects and fake security alerts.
  2. You verify symptoms and identify likely malware.
  3. The infected system is still on the network.
  4. The system is quarantined.
  5. System Restore is disabled.
  6. Remediation is complete.
  7. Anti-malware is updated.
  8. Scan/removal fails and system trust is low.
  9. Known-good image is restored.
  10. Scheduled scans and updates are enabled.
  11. System Protection is re-enabled.

What You Should Learn

  • Quarantine comes early.
  • Disable System Restore before remediation.
  • Update anti-malware before scanning/removal.
  • Reimage/reinstall when cleanup cannot be trusted.
  • Re-enable System Protection only after cleanup.
  • User education is part of the process.