Thank you for your reply.
I have just installed SEPM 12.1.1 MP1 and we are still in testing phase for the new SEP client settings, so I will also upgrade the clients, but not immediately.
My problem is that I do not really know how to find out what machines are infected.
If I go to Monitors->Logs and I select computer status with the Infected only compliance criteria set, I do not see any infected machine. I have set up notification to receive an email every time a malware is detected in the environment and I have at least 2 machines that are in the same situation as the one described above: auto-protect has found a malware, the actions should have been clean/quarantine and the actual action is leave alone.
Should I ignore the report generated as described above and rely only on the report generated form Monitors->Logs->Risk and filter the report to just see the Left alone actual action?
I am a little confused, as the people who actually clean the malware in the environment are not directly informed about the malware and I have to generate a report for them.
I used to generate this report by using the sections in the Home page (Still infected). As this option does not meet my reuirements at the moment (it only reports the 12.1 and above clients), I have to use some other way of generating the report.
Could you please suggest the best aproach for generating this report in order to make sure that it contains information about all the infected machines in the enviornment (no matter what client version is installed on the machine)?
Thank you.