How do I clear the infected status in 12.1?
Created: 19 Jan 2012 | 11 comments
In SEP 11.0.6, if you go to the Logs tab from the Monitors icon, you can select the infected computer and select the "Clear infected status" from the list of available options. It used to be accessed using the "Computer Status" report, viewable by clicking the "View Log" button.
Where is this in 12.1? Or do we need to worry about it? The option in the same area doesn't exist.
Thanks.
Discussion Filed Under:
Comments
In there, click on Compliance
In there, click on Compliance options and tick the box for infected only
A few more options have also been added.
Endpoint Knowledge Base
Security Best Practices
Brian81, I have been all
Brian81, I have been all through the options on the Monitors tab and cannot find anything for clearing the infected status in the Compliance options. Can you take me on a step-by-step tour in getting there? Who's bright idea was it to put the clearing the infected status in the Compliance options? It just doesn't make sense to put it there.
In the SEPM Go to Monitors >>
In the SEPM
Go to Monitors >> Logs >> Select the Computer Status log
Click Advanced Settings
Click Compliance Settings
Check Infected Only
Click View Log
Does this not show for you?
Endpoint Knowledge Base
Security Best Practices
The "Still Infected" number
The "Still Infected" number will go down automatically as the threat is completely removed from the network.
This is a part of the enhanced management console. The management server resets the Still Infected Status for a client computer once the computer is no longer infected. It gives a more accurate status for how many client computers really are infected.
check this article
http://www.symantec.com/business/support/index?page=content&id=TECH165846
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hi
How to clear an erroneous "Still Infected" status from Reports in the Symantec Endpoint Protection Manager
http://service1.symantec.com/SUPPORT/ent-security....
Hi Guys, The information
Hi Guys,
The information pete provided is right.
In 11 .0.x even though the threat didnt exist in the network the still infected count would still show up.
However 12.1 has an enhancement .The security status would automatically clear the still infected status once the threat is no more in the network . This is added advantage. Since it is automatically clearing it we do not require an option to delete.
Don't forget to mark your thread as 'solved' or vote with the answer that best helped you!
Hi
Please do the following:
Stop the Symantec Endpoint Protection Manager service
\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo
Regards
Regards
SEP 12.1 does not have clear
SEP 12.1 does not have clear still infected button as in SEP 11.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
The infected status wil get
The infected status wil get cleared automatically, once the infection is been taken care.
you cannot manually clear it in SEP 12.1
bring the button back
While I understand that the manager will automatically clear the infected status, that does not work well for those systems that get decommissioned soon after they report an infected status.
Our environement is large enough that we cannot keep track of workstation attrition and we are required to keep systems in our database for 30 days, unless we know they have gone away.
So please bring back the "Clear Infected Status" button!
I think the manual option must stay, if you don't trust the AV admins (which taking away this option seems to imply) then they shouldn't have SEPM access.
Remember...
Where ever you go...
There you are.
I agree. This feature should
I agree. This feature should be put back on. So many forum parts, KB articles, etc refer to the 'clear infected status button'. I finally found out eventually that the feature was removed from 12.1 altogether.
Would you like to reply?
Login or Register to post your comment.