in this video we'll be looking at the applied lab to troubleshoot security issues scenario number two now this particular activity is in line with compa A+ cor2 objectives of 2.3 given a scenario detect remove and prevent malware using the appropriate tools and methods it is also in line with 3.2 given a scenario troubleshoot common personal computer security issues let's start let us then read the scenario it says the success you have had in resolving issues in the engineering classroom has made you the go-to person for that area okay you have just been assigned a ticket regarding an engineering classroom uh engineering classroom computer rather that has had the antivirus disabled ah okay the instructor who noticed the problem States that he cannot turn it back on again company policy clearly states that antivirus must be enabled on all company computers and regularly tested to ensure it functions properly you must quickly resolve this issue before the class is starts again tomorrow okay let's continue right so first task is for us to test the antimalware it should be easy all right so it says on the Windows workstation I've already logged in at the login screen for the username Morgan type password which I already did uh we'll enter Windows Defender settings at the search bar this one will basically help search for Windows Defender nonetheless you can likewise go to settings update and security and then go for Windows security cool let's continue all right so it says uh we'll be selecting virus and threat protection and that is this one um and then in the virus and threat protection window we'll click the blue manage settings all right so that's and under this one so virus and threat protection settings manage settings okay um what do we need to do it says click the real time protection toggle button to enable realtime protection okay so we'll enable that and you will notice that oh it doesn't allow us to turn on RTP so usually H this one will typically happen if there is a malicious software with the computer so let us see what we'll have to do right so number six says notice that it will not allow you to change the setting all okay cool number seven enter the local Group Policy right so there are security settings which you can actually edit using the local policy as well as that for the group policy so for this particular end we are looking at the local Group Policy editor right so let me then just maximize the window come on come on on number eight it says navigate to computer configuration administrative templates Windows components then Windows Defender antivirus Okay cool so Windows Defender antivirus and that's it all right um number nine look loc at and change the required policy setting to reenable Windows Defender antivirus it's actually inside Windows Defender antivirus and then coming from this particular page you can see here turn off Windows Defender antivirus it is basically just double clicking on that policy um and then we say disable jel why do we need to disable it well because the title says turn off you don't want to turn it off so you dis abled that ah right so apply then click on okay awesome uh let us now check number 10 what is the command to force a refresh of group policies this is one of those that is in the exam oh did I say that out loud so remember the command of GP update so GP referring to group policy update update now whenever you are learning any commands on a Windows machine I always recommend for you to practice with a command command space slash question mark particularly if it is a Windows command so let me show you what I mean say GP update right so if you do GP update space SL question mark you will know and hopefully this one shows up come on there uh nor you will now see that there is an option for Force which reapplies all policy settings and that's actually the answer for this one it's GP update space slforce uh let us click on score T right um number 11 it says open a command promp which we did and then update the group policy so basically we'll need to run GP update and GP update space SL Force now uh while this one is updating Please be aware of the other options as well like say for example wait with the time log off to forcefully log off your computer after the application of the policy there's boot so that it will cause a restart of the computer and then there's also the snc awesome uh well we've run GP update space slforce that's done uh let us now locate and start Windows Defender anti virus settings once again so what I'll do is I'll close the CMD I'll close the policy uh it's that right locate and stock oh this the service in itself right so let us go first services that MC uh there and we will now be locating the Windows Defender antivirus service so it is the service that we wanted to start so that is why we're going for the services.msc we'll look for the Windows Defender antivirus service to start it right click click on start as simple as that and you will know that it is running cuz it says on the column for status running Tada all right number 13 select the score button to validate the task let's click some score wait for it for a bit of a while and that's it taada number 14 we'll now use the virus and threat protection settings where we're in already to verify and enable RTP so enable that there Tada so um just click it a bit of a number of times a few number of times that is um until such time that yeah it will now allow you to enable it so number 14 done number 15 select the score to validate the task hopefully that's all and well let us wait for this one and that's it awesome awesome next test the antivirus Okay cool so now that the issue preventing the antivirus from running has been resolved it is essential to validate that it operates properly yes that is true so K remember your troubleshooting process so after implementation you test uh that everything is working well so you validate so what we'll do is we'll open the text file located on the desktop named a car so usually this file is used for us to test the antivirus all right so what will do and it says delete the five hashes characters so that's that ah okay so those hashes makes it um what do I call that like comment so when we remove them then the sort of virus will now run right so when we delete it we'll click on save so file save there it go or contrl S command s if it would be on Mac um OS and that's it right so the AAR file will not be flagged as malicious the antibi is still misconfigured okay so we'll now need to locate and remove the path exclusion configured in Windows Defender right so what we'll now need to do is to look for Windows Defender settings all right so that's it and we will now be removing the exclusion so let us see where it is so that is under virus and threat protection all right uh let us now look at manage settings uh let us browse down and you will see there exclusion so once again that is under uh Windows security virus and threat protection you go to the settings browse down and you should see the section for exclusion so we'll click on add or remove exclusion and we'll basically have to remove that exclusion means that whenever Windows antivirus runs it it won't be scanning that particular folder so remove it so that it will now scan everything great so it says number four after removing the exclusion it is likely that Windows Defender will immediately identify the AC file as malicious if not try to open the acar file located on the desktop right so what we'll do let us refresh that cuz nothing is happening on my end oh okay it's blank at the moment it says not responding um try to open the ACR file in a desktop and error should appear indicating that the operation did not complete successfully oh there you go so it says operation did not complete successfully because the file contains a virus and hopefully you've likewise seen the error message coming from Windows Defender cool uh number five it says return to the virus and threat protection right so what I'll do is I'll go to settings once again cuz I've just closed my window I'll now head for update and security window security uh virus and threat protection and then we will now be clicking on the Blue Threat history link H threat history link oh there there you go so from above under current threats threat history so click on that H we should now see Tada under quarantine threats H we now have the acar test file uh we'll now click on number seven to select the score to uh validate the task there you go so waiting waiting waiting hey well we're waiting oh there going done with all um if there would be questions along the way then feel free to put them into the chat otherwise I'll continue talking so let us then proceed with the next one o there you go so complete comprehensive questions in this lab we explored how to properly configure and test the windows and Defender antivirus fine right so number one what is an acar file is it a a microvirus b an antivirus testing tool C A Scanner exclusion or the a malicious virus well for our end it was a testing tool awesome cool number two what is a path exclusion exclusion means to exclude meaning you are not including it so is it a defines a file to always scan no defines a file to never scan no defines a folder location to never scan that's that because it's a path that we are excluding it's an entire folder thing yes number three which of the following best describes Group Policy is it a an administrative tool for enforcing settings yes B is it a special type of antivirus no an administrative tool for updating antivirus no letter d fall in folder permissions so your group policy actually does quite a number of things and one of which would then be for uh security settings but once again I highly recommend in case you haven't seen your local security policy yet in the laboratory the one that it was showing was with the group policy so that is why it wasn't showing what I wanted to show to you uh but for A+ exams particularly for A2 please familiarize yourself on what do we mean with each password policy each password policy what do we mean with minimum maximum maximum length minimum age Etc um the account lock out policies hint hint on this one um as well as the local policy you don't need to memorize them no um as long as you get to understand what each policy is intended for what will happen when you enable it what happens when you disable it what happens when you do nothing so that is the thing that I would like you to practice on now in Laboratories in your computers and whatnot say for example you double click on a particular policy you will see that there is is a column or a tab for explain this is not present on the exam obviously right um but what I mean is that while you are studying I highly recommend please read the explain now it is great if English is your first language that means you can comprehend well however if you're like me where in English is a secondary language then I highly recommend please practice comprehending or understand understanding what will happen when you enable disable or if you just leave a particular policy cool uh let us click on score and that's it and with that that ends this particular video on our laboratory to troubleshoot security issues scenario number two and once again if there would be questions along the way then feel free to put them into the chat otherwise see you in the next video bye for now and that's it well I hope you learned something and if you have any other topics in mind that you would like me to cover please leave them in the comment section down below and once again please don't forget to click the like share and subscribe see you in the next video