Cannot Delete the "Still Infected" Value From the Symantec Endpoint Protection Manager 12.1 Console

Article:TECH165846  |  Created: 2011-07-28  |  Updated: 2011-09-14  |  Article URL http://www.symantec.com/docs/TECH165846
Article Type
Technical Solution


Issue



We cannot delete the "Still Infected" value from the Symantec Endpoint Protection Manager (SEPM) 12.1 console as we were able to do in Symantec Endpoint Protection (SEP) 11 manager console under Monitor > Logs > Advanced Settings > Compliance Settings > Infected Only.   The "Clear Infected Status" button no longer exists in 12.1.


Cause



In SEP 12.1, the "Still Infected" value goes down only when the threat is removed from the network, and is no longer manually reset.

From the Implementation Guide (Chapter 14, page 265):

If you are a system administrator, you see counts of the number of Newly Infected and Still infected computers in your site. If you are a domain administrator, you see counts of the number of Newly Infected and Still infected computers in your domain. Still Infected is a subset of Newly Infected, and the Still Infected count goes down as you eliminate the risks from your network. Computers are still infected if a subsequent scan would report them as infected.  For example, Symantec Endpoint Protection might have been able to clean a risk only partially from a computer, so Auto-Protect still detects the risk.

The management server resets the Still Infected Status for a client computer once the computer is no longer infected. This should produce a more accurate status for how many client computers really are infected, rather than requiring user interaction to define a computer as clean.


 


Solution



The "Still Infected" number will go down automatically as the threat is completely removed from the network.

This is a part of the enhanced management console.  The management server resets the Still Infected Status for a client computer once the computer is no longer infected. It gives a more accurate status for how many client computers really are infected.




Article URL http://www.symantec.com/docs/TECH165846


Terms of use for this information are found in Legal Notices