Endpoint Protection

 View Only

  • 1.  Clear Still Infected

    Posted Oct 11, 2011 02:49 PM

    How do I clear still Infected from my Home Page.
    It is showing more than 5,00,000 I cannot manually clear 1000 by thousand from Logs page.
    Can I do this via some SQL script or is there a shortcut ?



  • 2.  RE: Clear Still Infected

    Posted Oct 11, 2011 03:13 PM

    Login to SEPM

    Monitors tab

    Logs tab

    Set log type to Computer Status

    Click on Advanced settings

    Click on Compliance Options

    tick the box for Infected Only

    Click View log

    Drop down the selected option and select All

    Click on Clear Infected Status at the top



  • 3.  RE: Clear Still Infected

    Posted Oct 11, 2011 03:21 PM

    Hi Brian,

    I am aware of this process but I am looking for something which can be done in 1 click using any SQL script or something. Clearing that many infected status will take huge amount of time.As you can't imagine how super fast my SEPM console and SEPM srerver is.



  • 4.  RE: Clear Still Infected

    Posted Oct 11, 2011 03:48 PM

    Try this

    Delete from SEM_Agent where INFECTED <> '1'



  • 5.  RE: Clear Still Infected

    Posted Oct 11, 2011 04:08 PM

    Or update INFECTED = 0



  • 6.  RE: Clear Still Infected

    Posted Oct 11, 2011 04:31 PM

    I would use SQL queries with caution...

    sandra



  • 7.  RE: Clear Still Infected

    Trusted Advisor
    Posted Oct 12, 2011 09:57 AM

    Hello,

    Here are few Articles whcih may be helpful to you:

    1) How to clear an erroneous "Still Infected" status from Reports in the Symantec Endpoint Protection Manager

    http://www.symantec.com/business/support/index?page=content&id=TECH102954

    2) How to delete Quarantined items from the Symantec Endpoint Protection Manager.

    http://www.symantec.com/business/support/index?page=content&id=TECH106444

    3) Sweeping SEPM log data from the database manually.

    http://www.symantec.com/docs/TECH105351

    4) Managing log data in the Symantec Endpoint Protection Manager (SEPM)

    http://www.symantec.com/docs/TECH90856

     

    If you are looking forward for SQL,  check this:

    1) Using a custom schema for the sem5 database used by the Symantec Endpoint Protection Manager.

    2) Symantec™ Endpoint Protection Manager Database Schema Reference

     

    Hope that helps!!



  • 8.  RE: Clear Still Infected

    Posted Oct 15, 2011 03:43 PM

    Hi Sandra,

    My SEP is Ru6mp3 not SEP 12.1,

    Hi Brian,

    I wont be able to test this query on my production SEPM without testing in test environment. Can anyone of you confirm if Brian's query works as if anything goes wrong my job will be at stake.



  • 9.  RE: Clear Still Infected

    Posted Mar 15, 2012 09:22 AM

    This new article describes how to remove these "still infected" notifications in bulk (1000 at a time).

    How to reset the "Still Infected" status of clients in bulk from the Symantec Endpoint Protection Manager.
    Article: HOWTO59235   |  Created: 2011-09-14   |  Updated: 2012-03-15   | 
    Article URL http://www.symantec.com/docs/HOWTO59235   

    Please use this method as needed - do not attempt to manually manipulate the data in any table of your SEPM's database.  &: )