Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Clear Infected Status button missing............

Created: 07 Sep 2011 | 8 comments

Previously on SEP11, I have been able to clear the infected status of a computer by going to monitors-logs and running the computer status log, then highlighting the infected user and clicking the link "clear infected status". I finally had built up some more computers to perform this on and in version 12, this button seems to be missing. Any help..........

Comments 8 CommentsJump to latest comment

Rafeeq's picture

do u have any systems infected; 

thre is a new column called infected

once its infected; u hght light that and should have the option enabled.

Mithun Sanghavi's picture

Hello,

In SEP 12.1, Improved status reporting automatically resets the Still Infected status for a client computer once the computer is no longer infected.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

CaryC's picture

So there is no way to clear this status otherwise? Do we have to wait for another full scan for this to clear if that was how the detection was made in the first place?

Paul Murgatroyd's picture

With SEP12, if the client is marked as infected, then it needs attention.  The infected status will be removed only if the client is able to remediate the threat properly - it will try to do this after each definition update it receives.  If the client is staying infected for multiple days, you should take manual action on the client. 

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

ioniancat21's picture

With SEP12, if the client is marked as infected, then it needs attention. The infected status will be removed only if the client is able to remediate the threat properly - it will try to do this after each definition update it receives. If the client is staying infected for multiple days, you should take manual action on the client.  

Thanks for the info Paul, but you stated I should take "manual action" to remove the infected status, How would one do this because that in essence is my problem. Machines are keeping their infected status and are not clearing. Looking at my console now I have some machines that are still classified as infected from almost 30 days ago.

HELP!!!!!!

cus000's picture

lol...if not cleared the boss will find out is it?

kidding aside...i think there's one option to 'delete risk event' after xx days in SEPM database option..

hmm would changing the value to 1 days clear infection status the next day?

i'm not sure if same option exist in SEPM 12...

ioniancat21's picture

"With SEP12, if the client is marked as infected, then it needs attention. The infected status will be removed only if the client is able to remediate the threat properly - it will try to do this after each definition update it receives. If the client is staying infected for multiple days, you should take manual action on the client. "

Thanks for the info Paul, but you stated I should take "manual action" to remove the infected status, How would one do this because that in essence is my problem. Machines are keeping their infected status and are not clearing. Looking at my console now I have some machines that are still classified as infected from almost 30 days ago.

HELP!!!!!!

UPDATE - 9-12-11: Has anyone here found a solution to removing the infected status or is this a more complex issue that support can only answer??

Go_Beavs's picture

As Paul mentioned earlier in SEP 12.1 there isnt a 'clear infected status' button like there was in 11.x.  If the client still shows as infected you will want to go to that client and take a look at it.  Sometimes it could be as simple as the machine needs a reboot to completely remove the threat or perhaps we are detecting the file, but not able to clean it for some reason.

Those are just a couple possibilities, but ultimately you should take a look at the machine more closely to determine what may be going (check the risk log first thing) on and give support a call if further help is needed.