Control: ism-0917; Revision: 7; Updated: Oct-19; Applicability: ALL; Essential Eight: N/A
When malicious code is detected, the following steps are taken to handle the infection:
- the infected systems are isolated
- all previously connected media used in the period leading up to the infection are scanned for signs of infection and isolated if necessary
- antivirus software is used to remove the infection from infected systems and media
- if the infection cannot be reliably removed, systems are restored from a known good backup or rebuilt.