Risk Details --> Status: Still contains xx infected items
Created: 17 Jan 2012 | 10 comments
Hi All,
As per above, have you all encounter it?
SEP Action taken is actually quarantined but mentioned in the Risk Details, "Status: Still contains 1 infected items"
Sample is a zipped file.
Discussion Filed Under:
Comments
RE: Risk Details --> Status: Still contains xx infected items
Yes, it does happen on 11.x versions. It is not present in version 12.1
You could clear them up immediately by going to the Monitors > Logs
Then select Computer Status > Compliance options >>
Check the "Infected only" then click on "View Log"
Choose "All" on the right drop-down box and click on "Clear Infected "Status"
“Your most unhappy customers are your greatest source of learning.”
Still Infected status
check this Article:
Still Infected status not clearing on Symantec Endpoint Protection Manager home page
http://www.symantec.com/docs/TECH95463
Check these Articles
Hello,
Please work on the steps provided in the Article below:
How to clear an erroneous "Still Infected" status from Reports in the Symantec Endpoint Protection Manager
http://www.symantec.com/docs/TECH102954
How to delete Quarantined items from the Symantec Endpoint Protection Manager.
http://www.symantec.com/docs/TECH106444
Sweeping SEPM log data from the database manually.
http://www.symantec.com/docs/TECH105351
Managing log data in the Symantec Endpoint Protection Manager (SEPM)
http://www.symantec.com/docs/TECH90856
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
Thanks all. This status is
Thanks all.
This status is actually from the client itself, not from SEPM.
I wonder what actually this mean, because main sample ".exe" file inside the zipped file has been deleted...
are there any other files
are there any other files apart from .exe in zip?
if you extract the zip file do you see the exe?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
I understand.
Hello,
I understand, that's because the file was Quarantined. That is the reason, you see no .exe in the zip folder.
Check this:
Understanding Quarantine.
What to do after you quarantine a file
So, that is the reason: SEP Action taken is actually quarantined but mentioned in the Risk Details, "Status: Still contains 1 infected items"
Hope that explains.!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
Ok thanks, but in any case
Ok thanks, but in any case this is weird... the file is already quarantined... it shouldn't say
"still contains 1 infected items"
and yes.. there's other non-malicious files in the zip file....
Hi
Hello,
For Clear Infected file or Delete Infected file, checked below mentioned link.
http://www.symantec.com/docs/TECH102954
http://www.symantec.com/docs/TECH106444
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/5acc619d5a30571b882573980069a3cd?
Check the logs
Hi,
For a particular PC with a "Still infected status", could you generate a Risk log and see when the last infection report date was, and compare that with the PC's last scan date.
“Your most unhappy customers are your greatest source of learning.”
Hi
Please do the following:
Stop the Symantec Endpoint Protection Manager service
\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo
Regards
Would you like to reply?
Login or Register to post your comment.