Endpoint Protection

 View Only

  • 1.  Computer Status Logs Infected only

    Posted Jan 17, 2011 10:46 AM

    I upgraded our SEPM servers (Win2k3 R2 SP2) at the end of December to 11.0.6200.754. Our clients are still running 11.0.5002.333. I run daily reports to identify infected system on our network (Monitors/Logs-Computer Status/Default Standard options and under Compliance options Infected only is checked).  Last week I started to see a couple of systems in this report showing up as infected, but under the “Detailed Event Information” of the report it says: Current Viruses for (Machine)(IP address) NONE; Current Risks- NONE. I’ve cleared them from the Infected report and rescanned them and they do pop back up as infected. Over the past week I’ve seen one or two of these but this morning we had 15 systems reporting infected (which is high for us) and all 15 systems showed up this way.  I’m not sure what to make of it.  Is this a virus that SEP can’t identify or is there something wrong with the database?  We run a remote SQL database and all of the other reports we run seem to be fine and I don’t see any other indications that the SEPM is having issues with the database. Any ideas?



  • 2.  RE: Computer Status Logs Infected only

    Posted Jan 17, 2011 10:58 AM

    Upgrade one of the clients as a test to see if this fixes it.



  • 3.  RE: Computer Status Logs Infected only

    Posted Jan 17, 2011 11:16 AM

    I have around 50 clients that are running the new version of SEP and they are not showing up in the report.



  • 4.  RE: Computer Status Logs Infected only

    Posted Jan 17, 2011 12:52 PM

    Check the date of SEPM server, if you or some1 changed it to an old date, this will be reflected by the reports for that date although your all client are ok. Or check the "Time range" option before viewing the log.

     

     

     



  • 5.  RE: Computer Status Logs Infected only

    Posted Jan 17, 2011 01:34 PM

    any replication involved?



  • 6.  RE: Computer Status Logs Infected only

    Posted Jan 17, 2011 04:06 PM

    Thanks for the replies, sorry for the lul.  There is no replication involved, we're running a clustered SQL database. The time on our SEPM is good as well as the time frame for the report. Think I need to open a ticket up on this one.  I'll post the resolution when I get it.



  • 7.  RE: Computer Status Logs Infected only
    Best Answer

    Posted Jan 19, 2011 02:30 PM

    Here is what the issue was.  I had a setting not to scan compressed files more than 3 directories deep. The SEP client was able to see that the files were infected, but was not going far enough in them to report what it was infected with.  That's why the Infected Systems report was coming back that the system was infected with Risk:None and Virus:None.

     

    Hope this helps. 



  • 8.  RE: Computer Status Logs Infected only

    Posted Jan 19, 2011 04:38 PM

    Thank yourself.

    :)

    And thank you for posting the solution