Upgrade to remove ads
Terms in this set (46)
1. Identify malware symptoms
2. Quarantine infected systems
3. Disable system restore
4. Remediate infected systems
a) Update antimalware software
b) Use scan and removal techniques
5. Schedule scans and run updates
6. Enable system restore and create restore point
7. Educate end users
Malware Removal Procedure
1. Identify the problem
2. Establish a theory of probable cause
3. Test the theory to determine cause
4. Establish a plan of action to resolve the problem and implement the solution
5. Verify full system functionality and implement preventative measures
6. Document findings, actions, and outcomes
Read-Only, Hidden, Compression, and Encryption
The four different attributes that can be assigned to files are:
Restores the computer's system files to an earlier point in time; presents a way to undo system changes to your computer with affecting your personal files
System Image Recovery
These programs are used to restore a hard drive from a backup in select editions of Windows.
When clicked, this automatically fixes certain problems, such as missing or damaged system files that might prevent Windows from starting correctly; this scans your computer for the problem and then tries to fix it so your computer can start correctly.
Can be used to perform recovery-related operations and also run other command-line tools for diagnosing and troubleshooting problems. This option puts the user into a directory called X:\Sources
UEFI Firmware Settings
Allows a user to access the UEFI from the OS to make changes.
Windows Memory Diagnostic
Scans the computer's memory for errors.
Starts system with a minimal set of drivers, used in case one of the drivers fails; good option when attempting to use System Restore and when scanning systems for viruses, and if you encounter a BSOD, and you need to roll back a driver.
Safe Mode with Networking
Starts system with a minimal set of drivers and enables network support.
Safe Mode with Command Prompt
Starts system with a minimal set of drivers but loads Command Prompt instead of the Windows GUI
Enable Boot Logging
Creates a ntbtlog.txt file.
Enable low-resolution video (640x480)
Uses a standard VGA driver in place of a GPU-specific display driver but uses all other drivers as normal.
Last Known Good Configuration
Starts the system with the last configuration known to work; useful for solving problems caused by newly installed hardware or software
Directory Services Restore Mode
This is used to restore a domain controller's Active Directory; NOT USED IN WINDOWS 7/VISTA
Enables the use of a debug program to examine hte system kernel for troubleshooting
Disable Automatic Restart on System Failure
Prevents Windows from automatically restarting, if an error causes Windows to fail. choose this option only if Windows is stuck in a loop in which Windows fails, attempts to restart, and fails again repeatedly
Disable driver signature enforcement
enables drivers containing improper signatures to be installed.
Start Windows Normally (Windows 7/Vista)
this can be used to boot to regular Windows. This option is listed in case a person inadvertently pressed F8 but did not want to use any of the Advanced Boot Options.
Disable early launch antimalware protection.
Windows 8 only: Rootkits can infect a system early on as it boots and some antimalware programs are designed to check for these early on in the boot process. Sometimes you have to disable antimalware programs to diagnose and fix the system.
"BOOTMGR is missing"
this message displays if the Windows Boot manager file (bootmgr) is missing or corrupt.
1. Boot to the Windows RE, select startup repair option
2. Boot to the Windows RE, select Command Prompt option, type the command bootrec /rebuildbcd
Ways to repair "BOOTMGR is missing" error:
master boot record, a boot sector, Boot Configuration Data store
"bootrec" can repair:
"The Windows Boot Configuration Data file is missing required information"
this message means that either the Windows Boot Manager entry is not present in the BCD store or the Boot\BCD file on the active partition is damaged or missing.
1. Boot to the System Recovery Options, select the Startup Repair option
2. Boot to the system Recovery Options, select Command Prompt option, type bootrec /rebuildbcd
Ways to repair "The Windows Boot Configuration Data file is missing required information":
A down arrow on a device in Device Manager indicates that the device is:
An exclamation mark within a yellow triangle on a device in Device manager means that the device is:
System, Application, Security
Three main log files located inside the Event viewer are:
A log file in Event Viewer that contains information, warnings, and errors about hardware, device drivers, system files, and so on; this log deals primarily with the operating system.
A log file in Event Viewer contains events about programs that are built into Windows, such as the Command Prompt or File/Windows Explorer, and might contain information about applications that have been loaded after the operating system was installed.
This log file in Event Viewer holds information that was gathered for auditing and security purposes; for example, it might log who logged on to the computer or who tried to gain access to a particular file.
Indicated by an "i" in a circle in Event Viewer; tells you basic information about a service starting or an application that ran successfully.
Indicated by an "!" in a yellow triangle in Event Viewer; tells you an installation did not complete or a service timed out.
Indicated by an "!" in a red circle in Event Viewer; tells you something failed or has been corrupted, a service failed to start, and so on.
Indicated by gold colored key in Event Viewer; these entries are located in the security log file.
A System Configuration tool that can help troubleshoot various things, from operating system startup issues to application and service problems.
Tab in Msconfig that allows you to configure the system for diagnostic or selective start-up. This helps to troubleshoot devices or services that are failing.
Tab in Msconfig that allows you to modify OS bootup settings, such as using safe boot, logging the boot process, and booting without video. If you have multiple OS's, you can change the order and choose which to st as default.
Tab in Msconfig that lists the services and their current status; you can enable or disable them from here, but you can't start or stop them. This tab enables/disables things VERY quickly
Tab in Msconfig that lists the various applications that start when the computer boots up; you can disable and enable these here to aid you in troubleshooting slow applications, failures and lock-ups.
Tab in Msconfig that lists a lot of the common utilities you might use in Windows and allows you to launch them from there.
1. An event will usually be written to the system log within Event Viewer
2. Windows will write debugging information to the hard drive for later analysis with memory dump debugging programs
3. The computer automatically restarts.
Three things that happen when a Stop error occurs:
1. Check Event Viewer
2. Boot into Safe Mode
3. Run a Virus Scan
4. Check Power
5. Use Windows RE
Methods used to troubleshoot Improper and Spontaneous Shutdowns:
reinstall or restore Windows
A complete system failure cannot be repaired; your only options are to:
"Missing Operating System"
Error message that usually means that either the drive has a few small errors or the master boot record has been damaged.
YOU MIGHT ALSO LIKE...
ITE 6.0 Chapter 6
9.1.10 Practice Questions Windows System Tools
Compare and contrast various features and requirem…
ITE: Chapter 5.4
OTHER SETS BY THIS CREATOR
Powers of 2
Loan Signing Definitions
NCSF - Nutrition
NCSF - Pre-Exercise Screening/Assessment of Physic…
OTHER QUIZLET SETS
Bill of rights other questions
economics ch 3+4
Sixth Exam Study Guide
The Scarlet Letter