Endpoint Protection

Following a spate of viruses on a WAN I'm managing, I've rolled out the managed SEP 12.1, but I'm having difficulty interpreting the data from SEP Manager. SEPM reported a number of viruses so I subsequently had those machines scanned and I'm told the viruses were removed. It's a slightly difficult situation because I can't access these machines directly and have to take the word of someone else.

On the Home page, it's showing me that there are 32 "Still Infected" in the virus & risks activity summary:

When I click the '32' link to get the breakdown, it says "Status Last Updated: 28/10/14" - does that mean it hasn't had an updated since the 28th, or that nothing has changed since the 28th?

What's really confusing me is that if I go to Reports, and run a report for those specific machines it's seems to be showing the virus was removed on the 27th October (if I change the date ranges).  So I can only assume either the welcome page report is wildly out of date (which pretty much renders is useless) or I'm not entering the correct search criteria in the report.

Another curiosity is that when I go to the Client section and select the systems in question there doesn't seem to be anywhere which tells me simply if they are infected or not.

If anyone can advise me on the above, and maybe just tell me the best way to obtain up-to-date results on which machines are infected, that would be very much appreciated.

That was the last time it reported in to SEPM.

And this number will clear automatically by the SEPM once it determines the client is no longer infected.

Run a full scan on the client, make sure it's clean. It will report that back to the SEPM and that number will drop.

http://www.symantec.com/docs/TECH165846

will be gone next time when they send the scan report

Cannot Delete the "Still Infected" Value From the Symantec Endpoint Protection Manager 12.1 Console

http://www.symantec.com/business/support/index?page=content&id=TECH165846

Ok thanks for that.

I think I've worked out how the Reports for Risk - Infected and at Risk Computers works - seems to only look at the First Infected Time criteria for creating entires in the report (so if your date range is after that nothing will show, even if the Status Last updated falls within this range).

So do I infer that there's no way to get an accurate (i.e. 100% live) reading of infected computers from SEPM? If so, is there any way to force a refresh so that SEPM prompts a specific system for an update?

There is not a way to "refresh" When SEPM receives the info from the clients, it will automatically decrement this number.

yes its a combination(subset) of both. need to export both the reports and do a vlookup for the hostname. I would say run a full scan on all 32, the number should go down if they are indeed clean