Checking the scan action and rescanning the identified computers
|Article:HOWTO80991|||||Created: 2012-10-24|||||Updated: 2014-09-21|||||Article URL http://www.symantec.com/docs/HOWTO80991|
If you have infected and at-risk computers, you should identify why the computers are still infected or at risk. Check the action that was taken for each risk on the infected and at risk computers. It may be that the action that was configured and taken was Left Alone. If the action was Left Alone, you should either clean the risk from the computer, remove the computer from the network, or accept the risk. For Windows clients, you might want to edit the Virus and Spyware Protection policy and change the scan action.
To identify the actions that need to be changed and rescan the identified computers
In the console, click Monitors.
On the Logs tab, select the Risk log, and then click View Log.
From the Risk log event column, you can see what happened and the action that was taken. From the Risk Name column, you can see the names of the risks that are still active. From the Domain Group User column you can see which group the computer is a member of.
If a client is at risk because a scan took the action Left Alone, you may need to change the Virus and Spyware Protection policy for the group. In the Computer column, you can see the names of the computers that still have active risks on them.
If your policy is configured to use Push mode, it is pushed out to the clients in the group at the next heartbeat.
On the Logs tab, select the Computer Status log, and then click View Log.
If you changed an action and pushed out a new policy, select the computers that need to be rescanned with the new settings.
In the Command list box, select Scan, and then click Start to rescan the computers.
You can monitor the status of the Scan command from the Command Status tab.
Article URL http://www.symantec.com/docs/HOWTO80991