Disable System Restore in Windows Home.

2.6 Given a scenario, implement procedures for basic small office/home office (SOHO) malware removal.

📘CompTIA A+ Core 2 (220-1202)

---

What is System Restore?

• System Restore is a Windows feature that periodically saves snapshots of system files, program files, registry settings, and some configuration files. These snapshots are called restore points.
• Restore points allow the computer to “go back in time” to a previous, working state if something goes wrong.
• Important for IT: While it’s helpful for fixing system problems, restore points can also store malware. So if you remove malware but a restore point contains it, the malware can come back.

---

Why Disable System Restore During Malware Removal?

1. Prevent reinfection: Some malware hides in restore points. If System Restore is on, restoring the system later could bring the malware back.
2. Ensure a clean removal: By disabling System Restore, you remove all existing restore points, including any that might be infected.
3. Step in the exam scenario: Many CompTIA exam questions expect you to know this step as part of a standard malware removal procedure.

---

Steps to Disable System Restore in Windows Home Editions

Windows Home editions do not have advanced features like Group Policy Editor. You need to use the Control Panel or Settings.

Step 1: Open System Properties

1. Press Windows Key + R to open the Run dialog.
2. Type sysdm.cpl and press Enter.
3. The System Properties window will appear.

Step 2: Navigate to System Protection

1. Click the System Protection tab.
2. Here, you’ll see a list of drives and their Protection status (On/Off).

Step 3: Disable System Restore

1. Select the drive where Windows is installed (usually C:).
2. Click Configure.
3. In the new window, select Turn off system protection.
4. Click Apply, then OK.
5. You may get a warning that all restore points will be deleted—this is expected. Confirm the deletion.

Step 4: Proceed with Malware Removal

• Once System Restore is off, you can run your malware removal tools safely (like antivirus scans, anti-malware software, or manual removal steps) without worrying about reinfection from restore points.

---

Important Notes for the Exam

1. You do not permanently leave System Restore off.
   • After the malware is removed and the system is verified to be clean, you should re-enable System Restore to protect against future issues.
2. Remember the difference between Home and Pro editions:
   • In Windows Pro, advanced tools like Group Policy Editor can also control System Restore settings.
   • In Home, you must use System Properties as shown above.
3. Sequence matters in malware removal:
   1. Identify malware symptoms.
   2. Disconnect from the network if needed.
   3. Disable System Restore (so malware doesn’t hide).
   4. Run antivirus or antimalware scans.
   5. Delete temporary files.
   6. Reboot into safe mode if necessary.
   7. Re-enable System Restore after confirming the system is clean.

---

Exam Tip: What You Might Be Asked

• Scenario question example: “You are tasked with removing malware from a Windows Home system. What should you do to prevent malware reinfection through restore points?”
• Correct answer:
  • Disable System Restore, delete restore points, then proceed with malware removal.
• Keyword hints for CompTIA:
  • System Restore, restore points, disable protection, malware reinfection.

---

✅ Key Takeaways:

• System Restore can store malware; disable it before cleaning.
• Use System Properties → System Protection → Configure → Turn off system protection.
• After cleaning, re-enable System Restore to keep the system protected.
• Always follow the sequence: Identify → Quarantine/Disable → Scan → Clean → Re-enable.