Action to Still Infected & Suspicious
Created: 24 Jan 2013 | Updated: 05 Feb 2013 | 5 comments
This issue has been solved. See solution.
Hi All
Good Day...
We having SEP 12.1 RU1 MP 1 on our domain and SEPM Daily status report we are getting some of the incidents are still action required (Still Infected & Suspicious & Quarantined ) what action that we have to take on these incidents and why SEP is not able to take an appropriate action on the same ?
Which port SEPM uses to initiate a restart / run full scan?
Regards
Ajin
Discussion Filed Under:
Comments 5 Comments • Jump to latest comment
Did you confirm the client is clean? The SEPM should automatically remove it from the list once it determines it is clean. Client and server talk over 8014
SEP Knowledge Base
Endpoint SWAT
Hi Brian,
Thanks for your Response.
Hello,
We having SEP 12.1 RU1 MP 1 on our domain and SEPM Daily status report we are getting some of the incidents are still action required (Still Infected & Suspicious & Quarantined ) what action that we have to take on these incidents and why SEP is not able to take an appropriate action on the same ?
Still Infected -
The "Still Infected" number will go down automatically as the threat is completely removed from the network.
This is a part of the enhanced management console. The management server resets the Still Infected Status for a client computer once the computer is no longer infected. It gives a more accurate status for how many client computers really are infected.
Check this article
http://www.symantec.com/business/support/index?page=content&id=TECH165846
Suspicious - For such files, we recommend you to submit the Suspicious files to the Symantec Security Response Team to check if the susupicious files are Threats or Good files.
Quarantined - Symantec Endpoint Protection quarantined a file.
Quarantine is a special storage area that holds objects potentially infected with viruses. Potentially infected objects are objects that are suspected of being infected by viruses or modifications of them. Objects stored in Quarantine do not represent a threat to your computer.
Check this Article:
Explanation of Action field values in Symantec Endpoint Protection 12.1 and 11, and Symantec AntiVirus 10.1
http://www.symantec.com/docs/TECH102052
Which port SEPM uses to initiate a restart / run full scan?
Port 8014 is used to send out commands. Check this Article:
http://www.symantec.com/docs/TECH160281
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
HI Mithun Sanghavi,
Thumbs up for your answer.
Regards
Ajin
client communicates to SEPM on the port that is open (default 8014).
check if action are actually cleaned after the scan. Try to scan in safe mode.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Would you like to reply?
Login or Register to post your comment.