Clear Still Infected
Created: 11 Oct 2011 | 8 comments
How do I clear still Infected from my Home Page.
It is showing more than 5,00,000 I cannot manually clear 1000 by thousand from Logs page.
Can I do this via some SQL script or is there a shortcut ?
Discussion Filed Under:
Comments
Login to SEPM Monitors
Login to SEPM
Monitors tab
Logs tab
Set log type to Computer Status
Click on Advanced settings
Click on Compliance Options
tick the box for Infected Only
Click View log
Drop down the selected option and select All
Click on Clear Infected Status at the top
Endpoint Knowledge Base
Security Best Practices
Hi Brian, I am aware of this
Hi Brian,
I am aware of this process but I am looking for something which can be done in 1 click using any SQL script or something. Clearing that many infected status will take huge amount of time.As you can't imagine how super fast my SEPM console and SEPM srerver is.
hi
Try this
Delete from SEM_Agent where INFECTED <> '1'
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Or update INFECTED = 0
Or update INFECTED = 0
Endpoint Knowledge Base
Security Best Practices
SEP 11 or 12.1?
I would use SQL queries with caution...
sandra
Symantec Endpoint & Mobility Group / Information Development
Don't forget to mark your thread as 'solved' with the answer that best helped you!
Hi Sandra, My SEP is Ru6mp3
Hi Sandra,
My SEP is Ru6mp3 not SEP 12.1,
Hi Brian,
I wont be able to test this query on my production SEPM without testing in test environment. Can anyone of you confirm if Brian's query works as if anything goes wrong my job will be at stake.
Articles
Hello,
Here are few Articles whcih may be helpful to you:
1) How to clear an erroneous "Still Infected" status from Reports in the Symantec Endpoint Protection Manager
http://www.symantec.com/business/support/index?page=content&id=TECH102954
2) How to delete Quarantined items from the Symantec Endpoint Protection Manager.
http://www.symantec.com/business/support/index?page=content&id=TECH106444
3) Sweeping SEPM log data from the database manually.
http://www.symantec.com/docs/TECH105351
4) Managing log data in the Symantec Endpoint Protection Manager (SEPM)
http://www.symantec.com/docs/TECH90856
If you are looking forward for SQL, check this:
1) Using a custom schema for the sem5 database used by the Symantec Endpoint Protection Manager.
2) Symantec™ Endpoint Protection Manager Database Schema Reference
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
Additional Helpful Article
This new article describes how to remove these "still infected" notifications in bulk (1000 at a time).
Please use this method as needed - do not attempt to manually manipulate the data in any table of your SEPM's database. &: )
With thanks and best regards,
Mick
Would you like to reply?
Login or Register to post your comment.