Endpoint Protection

 View Only

  • 1.  How to delete the "Still Infected" log from SEPM 12

    Posted May 15, 2012 03:46 AM

    Hi,

     

    After upgrade the SEPM 11 to 12 can't delete the "still infrected" log from the console Activity Summary, how can i delete the log?

     

     

    Thank you



  • 2.  RE: How to delete the "Still Infected" log from SEPM 12

    Broadcom Employee
    Posted May 15, 2012 03:52 AM

    check this link

    Cannot Delete the "Still Infected" Value From the SEPM 12.1 Console
    http://www.symantec.com/business/support/index?page=content&id=TECH165846
     



  • 3.  RE: How to delete the "Still Infected" log from SEPM 12

    Broadcom Employee
    Posted May 15, 2012 03:54 AM

    In SEP 12.1, the "Still Infected" value goes down only when the threat is removed from the network, and is no longer manually reset.

    From the Implementation Guide (Chapter 14, page 265):

    If you are a system administrator, you see counts of the number of Newly Infected and Still infected computers in your site. If you are a domain administrator, you see counts of the number of Newly Infected and Still infected computers in your domain. Still Infected is a subset of Newly Infected, and the Still Infected count goes down as you eliminate the risks from your network. Computers are still infected if a subsequent scan would report them as infected.  For example, Symantec Endpoint Protection might have been able to clean a risk only partially from a computer, so Auto-Protect still detects the risk.

    The management server resets the Still Infected Status for a client computer once the computer is no longer infected. This should produce a more accurate status for how many client computers really are infected, rather than requiring user interaction to define a computer as clean.


     

     

    Solution

    The "Still Infected" number will go down automatically as the threat is completely removed from the network.

    This is a part of the enhanced management console.  The management server resets the Still Infected Status for a client computer once the computer is no longer infected. It gives a more accurate status for how many client computers really are infected.

     



  • 4.  RE: How to delete the "Still Infected" log from SEPM 12

    Posted May 15, 2012 04:06 AM

    it is best to find the particular computer and remove tyhe infections which it will not further spread into network.



  • 5.  RE: How to delete the "Still Infected" log from SEPM 12

    Broadcom Employee
    Posted May 15, 2012 07:33 AM

    Hi Symsys,

    This option is no more available from SEP 12.1 onwards.

    As pete stated it's a part of the enhanced management console. The management server resets the Still Infected Status for a client computer once the computer is no longer infected



  • 6.  RE: How to delete the "Still Infected" log from SEPM 12

    Posted May 16, 2012 04:59 AM

    What Chentan said is correct and others said are correct....

     

    You can't hide your problem no more heh.... but i believe you can set the infected status to be cleared in certain days...

     

     



  • 7.  RE: How to delete the "Still Infected" log from SEPM 12

    Posted May 16, 2012 08:57 AM

    I had a few computers with an infected status that were not automatically clearing even after the quarantine and everything else was removed.  The "Status Last Updated" date never changed for a few months even though the client has been in use numerous times since then.

     

    I was finally able to clear the infected status on clients by upgrading the clients to the latest RU1 MP1.