Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Clearing "Still Infected" status from malware detected on DVD-R (SEP 12.1)

Created: 14 May 2013 • Updated: 15 May 2013 | 3 comments
This issue has been solved. See solution.

I'm trying to figure out how to clear an issue where one of my user's system is showing a false positive of still being infected.  

Here's the situation:

The user had a disc of personal documents and programs on their machine that Symantec Endpoint Protection detected during a scan (anybody remember Kazaa?).  Because the detected malware was on a read-only disc, SEP reported the issue and that it wasn't able to quarantine or kill it.  

Since then the disc has been removed from the system, but I'm still showing it as an infection for the file on the user's disc.  The user has stated that the disc hasn't been put back into their machine since then (mid-April).  By now, the system should have had multiple scans, both full and active, since the malware was detected, but SEP Manager still shows the system as being "still infected" even though the user's program states there are no problems.  

I'm trying to remove "false positive" this from the summary of Virus and Risk activities.  I understand that in SEP 12.1 you can no longer manually clear an infection status, but is there anything I can do to get SEPM to recognize that the DVD-R disc and detected infected file is no longer there?  

Any recommendations as to what I can do?

 

Operating Systems:

Comments 3 CommentsJump to latest comment

.Brian's picture

Correct, you can no longer clear it like you could in 11.x, it happens automatically for 12.1.

I found a similar thread here:

http://www.symantec.com/connect/forums/sep-121-can...

Sounds like you just need to put in a "clean" disc and re-scan it.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
retrovertigo's picture

Thanks! I grabbed the nearest copy a Microsoft product on disc (which is becoming a rarity today, it seems), ran the scan on the drive, and it cleared up the issue. Thanks! I've marked your response as the solution.

retrovertigo's picture

Thanks! I grabbed the nearest copy a Microsoft product on disc (which is becoming a rarity today, it seems), ran the scan on the drive, and it cleared up the issue. Thanks! I've marked your response as the solution.