comptia-a-plus-core2/notes/TRB-4-pc-security-symptoms.md

# TRB-4: PC Security Symptoms

Status: not started

Domain:
- 3.0 Software Troubleshooting

Objective alignment:
- 3.4 Troubleshoot common PC security issues

## What You Need To Know

Security troubleshooting questions often describe symptoms instead of naming malware.

PC symptoms:
- Cannot access the network
- Desktop alerts
- Fake antivirus warnings
- Files are altered, missing, renamed, or inaccessible
- Unwanted OS notifications
- OS update failures

Browser symptoms:
- Frequent pop-ups
- Certificate warnings
- Redirection
- Degraded browser performance

## Memory Trick

Use **FAN-B**:

- **F**iles changed
- **A**lerts are fake
- **N**etwork blocked
- **B**rowser redirects

Shortcut:
- **Fake alerts plus changed files or redirects means assume compromise until verified.**

## Common Causes

Malware:
- Fake antivirus
- Ransomware
- Spyware
- Adware
- Browser hijackers

Misconfiguration:
- Bad proxy setting
- Wrong DNS setting
- Expired certificate or wrong system time
- Firewall or security tool blocking traffic

Compromised account:
- Unexpected sync changes
- Unauthorized browser extensions
- New login alerts

## Response Flow

1. Identify symptoms.
2. Disconnect from the network if active compromise is suspected.
3. Preserve evidence when policy requires it.
4. Run trusted security tools.
5. Remove or quarantine threats.
6. Update OS, browser, and security software.
7. Change passwords from a known-clean device if credentials may be compromised.
8. Document findings and actions.

## Exam Clues

- Pop-ups and redirects point to adware or browser hijacking.
- Inaccessible renamed files point to ransomware.
- Certificate warnings can be malicious, misconfigured, or caused by wrong system time.
- OS update failure may be caused by malware, corruption, or network problems.