At work, if we have any devices that we *think* are compromised, we immediately unplug it from the network and we just reinstall the OS as we have images ready to deploy. This process sometimes takes a while. I feel like our process could be improved as I think there could be other things we could check first before reinstalling the OS.
What’s your “go-to” process to verify a computer is “clean”? Is an AV-scan, followed by a Malwarebytes scan still viable? (What AV is reliable? Are AVs even any good?). Do you manually check files and processes for any abnormalities? What do even look for? Thank you!