What control type would removing malicious software from a server after a breach be classified as?

Removing malicious software is an example of a corrective control, which seeks to remediate security issues that have already occurred. Preventive controls are intended to stop security issues from occurring. Compensating controls are designed to mitigate risks associated with exemptions to the security policy, like moving systems to a secure network segment because they cannot be patched. Deterrent controls attempt to prevent a malicious actor from violating security policies.