Endpoint Protection

I am still getting F/P even though my SEPM and client definitions are beyond 5/7.  

SEPM 12.1.671.4971 Definitions are at 05/09/2012 r32

Client(s) are at the same level.

Did I need to install the Rapid Release Definitions?

I thought the definition updates suppossedly took care of this issue.

Thanks.

Hello,

Could you let us know if this issue is occurying on all machines or limited to some machines?

Are all the client machines updated with the Latest AV/AS definitions?

It's happening on at least two machines.  I've checked the client's virus definitions and they have been updated.  I've had the users reboot the machine and I've stopped and started the Symantec service.

This is definitely not urgent, just curious as to why this is still occurring.

These two machines are also on the same OU.  

They do share Antivirus policies with other OU's so it's not the policy.

I could probably withdraw and assign the policies for that particular OU just to see if that works.

Check the risk logs for the clients in question and see if there is a file associated with it and see what it is.

You may then submit them to Symantec for analysis. It could either be malicious or a false-positive.

Hello,

Could you please submit these suspicious files to Security Response, here is the article on how to do so..

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Hope that helps!!

Revert your definitions to Prior to the date when u started receiving the Blood hound alert 

Make sure still you getting alerts . 

If you still get alerts that might be a threat submit those files to symantec Security Response Team for analysis.

If not It might be a definitions issue try to apply Rapid release. and check it resolved the issue 

Else if open a support case and check is der any infections on ur computer