What is not a good practice when containing a malware incident?

Connecting devices to the infected network to download updates is not a good practice when containing a malware incident. This approach poses a significant risk, as it can lead to further propagation of the malware. If infected systems are connected back to the same network, there is a chance that they could communicate with other devices, allowing the malware to spread and compromise additional systems.

Isolating infected systems from the network and analyzing affected devices are critical steps in containing the malware and preventing further damage. Using segregation for testing environments also helps ensure that any potential threats are contained and do not affect operational systems. Thus, maintaining a secure and controlled approach when dealing with malware incidents is essential for effective incident response.