What step in the best practice procedures for malware removal should be done to prevent malware from reinfecting a device?
Investigate and verify malware symptoms
Disable system restore in Windows
Quarantine infected systems
Remediate infected systems
Correct Incorrect Unanswered
Answer Description
System restore should be disabled in Windows during the malware removal process to mitigate the chance that the malware infects the system's restore points and the system is reinfected when a store point is used.
The CompTIA Malware Removal Steps are:
- Investigate and verify malware symptoms
- Quarantine infected systems
- Disable System Restore in Windows
- Remediate infected systems
- Schedule scans and run updates
- Enable System Restore and create a restore point in Windows
- Educate the end user
Wikipedia
System Restore is a feature in Microsoft Windows that allows the user to revert their computer's state (including system files, installed applications, Windows Registry, and system settings) to that of a previous point in time, which can be used to recover from system malfunctions or other problems. First included in Windows Me, it has been included in all following desktop versions of Windows released since, excluding Windows Server. In Windows 10, System Restore is turned off by default and must be enabled by users in order to function. This does not affect personal files such as documents, music, pictures, and videos.
In prior Windows versions it was based on a file filter that watched changes for a certain set of file extensions, and then copied files before they were overwritten. An updated version of System Restore introduced by Windows Vista uses the Shadow Copy service as a backend (allowing block-level changes in files located in any directory on the volume to be monitored and backed up regardless of their location) and allows System Restore to be used from the Windows Recovery Environment in case the Windows installation no longer boots at all.
System_Restore - Wikipedia, the free encyclopedia