| Malware Identification Decision Tree |
| 4. Suspect Virus |
 | 4.1. Manual Analysis and Remediation Steps |
| 4.2. Wipe/Restore Machine? |
| 4.3. Widespread? |
| 4.4. Post-op Prevent Recurrence Policy |
| 1. Suspect Worm |
| 2. Suspect Advanced Persistent Threat |
| 3. Incident Response Phases |
| 5. Suspect Trojan |
| 6. Symantec Specific Analysis Steps |
| 7. Information References |