What is a step that should not be taken by an incident handler during a malware containment effort?

In a malware containment effort, it is crucial to maintain as much control over the infected environment as possible. Unblocking all host and firewall ports would allow potentially malicious traffic to flow freely, which could exacerbate the situation by enabling the malware to communicate with external command-and-control servers or propagate to other systems on the network. Keeping ports blocked is a fundamental practice to reduce the spread of the threat and limit the incident's impact.

In contrast, analyzing logs for suspicious activity, employing containment tools, and isolating affected systems are all critical steps in effectively managing a malware incident. Analyzing logs helps identify the entry point and scope of the infection, containment tools aid in managing and mitigating the threat, and isolating affected systems prevents the malware from spreading further within the network.