Applied Lab to Troubleshoot Security Issues: Scenario 2

Jul 1, 2024

Applied Lab to Troubleshoot Security Issues: Scenario 2

CompTIA A+ Core 2 Objectives

  • 2.3: Detect, remove, and prevent malware using appropriate tools and methods.
  • 3.2: Troubleshoot common personal computer security issues.

Scenario Overview

  • Assigned to an engineering classroom computer with antivirus disabled.
  • Policy: Antivirus must be enabled and tested regularly on all company computers.
  • Objective: Resolve the issue before the next class.

Tasks

  1. Test Anti-Malware: Windows Defender Settings

    • Login: Use username "Morgan" and password.
    • Access Windows Defender: Via search bar or Settings > Update and Security > Windows Security.
    • Enable Real-Time Protection (RTP): Navigate to Virus and Threat Protection, click Manage Settings, and try to enable RTP.
    • Issue Identified: Real-time protection toggle cannot be turned on, likely due to malicious software.

  2. Local Group Policy Editor

    • Navigate: Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus.
    • Policy Change: Find "Turn off Windows Defender Antivirus", and set it to Disabled.
    • Apply Changes: Click Apply and OK.

  3. Force Group Policy Update

    • Command: Open Command Prompt, run gpupdate /force.
    • Other Options:
      • /logoff: Forces logoff after policy application.
      • /boot: Causes a restart.

  4. Start Windows Defender Antivirus Service

    • Services.msc: Locate Windows Defender Antivirus service, right-click, and select Start.
    • Status: Ensure the service status shows "Running".
    • Validate: Click the score button to confirm the task completion.

  5. Enable Real-Time Protection Again

    • Settings: Go back to Virus and Threat Protection settings and enable RTP.
    • Validate: Click score to confirm the task completion.

  6. Test Antivirus Operation

    • ACAR Test File: Open text file on desktop, delete five hash characters, and save.
    • Identify Misconfiguration: Locate and remove the path exclusion in Windows Defender.
    • Remove Exclusion:
      • Settings > Virus and Threat Protection > Manage Settings > Exclusions.
      • Remove the exclusion to scan all files.
    • File Identification: Windows Defender should flag ACAR file as malicious.
    • Check Threat History: Confirm the ACAR file is listed under quarantined threats.

Comprehensive Questions

  1. What is an ACAR file?
    • Answer: An antivirus testing tool.
  2. What is a Path Exclusion?
    • Answer: Defines a folder location to never scan.
  3. What is Group Policy?
    • Answer: An administrative tool for enforcing settings.

Additional Tips

  • Local Security Policy: Familiarize with policies such as password and account lockout policies.
  • Policy Explanations: Use the "Explain" tab in policy settings to understand effects of enabling, disabling, or leaving a policy unchanged.

Closing

  • Video ends the lab on troubleshooting security issues scenario number two.
  • Encourages questions and feedback.
  • Promotes engagement with likes, shares, and subscriptions.