2.6 Given a scenario, implement procedures for basic small office/home office (SOHO) malware removal.
📘CompTIA A+ Core 2 (220-1202)
1. What Is System Restore?
System Restore is a built-in Windows feature that helps undo system changes without deleting personal files.
It allows Windows to:
- Save the current system state
- Go back to a previous working condition if something goes wrong
A saved system state is called a restore point.
2. Why System Restore Is Important in Malware Removal (Exam Focus)
During malware removal, system files, registry settings, or drivers may change.
After malware is removed and the system is stable:
- System Restore must be enabled
- A new clean restore point must be created
This ensures:
- The user can safely roll back the system if future problems occur
- The system does not return to an infected state
⚠️ Exam Tip:
Before malware removal, System Restore is often disabled.
After cleanup, it must be re-enabled and a new restore point created.
3. What Does a Restore Point Contain?
A restore point includes:
- Windows system files
- Installed programs
- Windows Registry
- System settings and drivers
A restore point does NOT include:
- Personal files (documents, pictures, videos)
- Emails or browser data
📌 This makes System Restore safe to use during troubleshooting.
4. When Should System Restore Be Enabled?
System Restore should be enabled:
- After malware removal
- After system cleanup
- Before installing updates or new software
- When returning a system to a user
For the exam, remember:
Enable System Restore after malware is removed to protect the clean system state.
5. Enabling System Restore in Windows Home
Step-by-Step Process
- Click Start
- Type Create a restore point
- Press Enter
- The System Properties window opens
- Select the System Protection tab
- Under Protection Settings, select the system drive (usually C:)
- Click Configure
- Choose Turn on system protection
- Set Disk Space Usage (recommended: 5–10%)
- Click Apply
- Click OK
✅ System Restore is now enabled.
6. Creating a Restore Point in Windows Home
Once System Restore is enabled, a restore point must be created manually.
Step-by-Step Process
- Open Create a restore point
- Go to the System Protection tab
- Click Create
- Enter a description
(Example: Clean system after malware removal) - Click Create
- Wait for the confirmation message
- Click Close
✅ A clean restore point is now saved.
7. Why Creating a Restore Point After Malware Removal Is Critical
If malware existed before cleanup:
- Old restore points may contain infected system files
- Restoring from them could re-infect the system
Creating a new restore point ensures:
- Only clean system states are saved
- The system can safely roll back if needed
⚠️ CompTIA Exam Warning:
Never rely on old restore points after malware removal.
8. Common Exam Scenarios You Should Recognize
You may see exam questions like:
- “What should you do after malware removal?”
- “How do you protect a clean Windows system?”
- “Which feature allows you to roll back system changes safely?”
Correct answer often includes:
✔ Enable System Restore
✔ Create a new restore point
9. Limitations of System Restore (Exam Important)
System Restore:
- ❌ Does NOT remove malware by itself
- ❌ Does NOT back up personal files
- ❌ Is NOT a full system backup
It is used as:
✔ A recovery tool
✔ A safety rollback option
10. Best Practices for the Exam
Remember these key points:
- Disable System Restore before malware removal (to prevent reinfection)
- Enable System Restore after malware removal
- Always create a new restore point
- Restore points protect system settings, not user files
- System Restore is available in Windows Home
11. Key Terms to Memorize (Exam Ready)
| Term | Meaning |
|---|---|
| System Restore | Windows recovery feature |
| Restore Point | Saved system state |
| System Protection | Controls restore settings |
| Rollback | Return to previous system state |
| Registry | Windows configuration database |
12. Summary (Quick Revision)
- System Restore helps recover from system problems
- It must be enabled after malware cleanup
- A new restore point must be created
- Old restore points may contain malware
- This step is essential in SOHO malware removal procedures
