An employee in your organization has reported that their computer is behaving oddly, such as unexpected windows popping up, and they suspect it might be infected with malicious software. Given the symptoms and the critical nature of data handled by the employee, which of the following actions should be taken FIRST to best address the potential presence of a keylogger?
Check the browser extensions and remove any that were not installed by the company's IT department.
Update the antivirus software definitions and perform a full system scan.
Run the antivirus program to scan and remove any potential threats immediately.
Disconnect the computer from the network and then proceed with further malware removal steps.
When a keylogger is suspected, it is crucial to first disconnect the computer from the network to prevent the potential exfiltration of sensitive data through the network. By isolating the computer, you stop the keylogger from possibly sending data to a malicious actor. Running an antivirus program is also important, but it should be done after isolating the computer to prevent further data leaks. Updating the antivirus definitions is a part of running the antivirus scan but it is not the first action to take if the computer is currently compromised. Checking the browser extensions could help if the keylogger was a malicious extension, but this is less likely the first step compared to disconnecting from the network due to the immediacy of data breach risks posed by keyloggers.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a keylogger and how does it work?
Open an interactive chat with Bash
Why is it important to disconnect the computer from the network?
Open an interactive chat with Bash
What further steps should be taken after disconnecting the infected computer?