Policy -- What Happens When A Computer is Compromised?
If a computer is suspected of being compromised/infected the first step in correcting this is to prevent network access to the compromised system. When there is a suspected compromise or security issue on a computer which could be severe enough to affect other systems on the network, the computer is blocked from the network and the system sponsors are notified that network access has been restricted.
DECS will assist or will complete a system cleaning, repair, or re-install (possibly) based on the severity of the compromise. Any non-system data will be backed up and restored to the system after it is repaired. Once the computer is no longer a threat to other systems on the network, its access will be restored. Blocking a compromised system from the network is to protect that system from further damage and to protect other systems on the network.