Exam 220-1002 topic 1 question 131 discussion

Technically you should disable system restore, but since the question specifies that the computer can't enter into standard desktop, it is probably best to go with safe mode.

It should be D only.

Come on, you should know this by now! "The 1002 exam outlines the following multistep process as the best practice procedures for malware removal: 1. Identify and research malware symptoms. 2. Quarantine the infected systems. 3. Disable System Restore (in Windows). 4. Remediate the infected systems. A. Update the anti-malware software. B. Scan and use removal techniques (Safe Mode, Preinstallation Environment). 5. Schedule scans and run updates. 6. Enable System Restore and create a restore point (in Windows). 7. Educate the end user." Taken from Mike Meyers' book

A. Disable system restore. You can disable system restore without the standard desktop. In Mike Meyers video, he goes into the Windows Recovery Environment > Troubleshoot > then there is an option for command prompt. You can disable System Restore from the command prompt by disabling its registry key

Is it possible to disable system restore in Safe mode?

If windows safe mode not booting too, best bet is a windows PE bootup disk.

D is absolutely correct answer. Boot into safe mode if you cannot boot in standard mode. Try to scan for malware using malwarebytes - You cannot disable system restore without being able to boot it up so why would you choose A?

I guess, to do a system restore, you need to access your desktop and if that is not possible next best option would be to boot into safe mode and disable system restore.

so you have to be able to turn it on in order to disable system restore

The machine is quarantined but still can't boot into a Standard Destop

Surely disable system restore is the next step after quarantine????