Video Screencast Help

SEP 12.1 cannot clear "still infected" status

Created: 16 Sep 2011 • Updated: 16 Sep 2011 | 7 comments
This issue has been solved. See solution.

Looked at this KB but it does not apply as the file is gone from network. http://www.symantec.com/docs/TECH165846

 

I had a CD with some network scanning tools that SEP 12.1 detected, but it was a false positive. Obviously it wasn't able to remove them being on a CD and now even though the CD has been out of the computer for over a week, SEP still shows the computer as still infected with the file path to the CD. The KB says the still infected will clear automatically when the threat is removed, and the threat is gone but the still infected flag remains.

Comments 7 CommentsJump to latest comment

Rafeeq's picture

it says

The management server resets the Still Infected Status for a client computer once the computer is no longer infected. It gives a more accurate status for how many client computers really are infected.

what if u delete the client machine from the console and wait for 5 mins

update policy on the client machine, this should come up with latest logs and status should be cleared..

ntrup's picture

I deleted the machine, waited 10 minutes and updated the policy but it still shows as infected.

 

Also on the client machine in the risk logs still shows the suspicious file, but i can't do anything with it like delete or clean because it was on a CD and has been gone for a week

sandra.g's picture

Put in another, clean CD and scan it the same way you scanned the first one.

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

SOLUTION
ntrup's picture

The first time it was found through auto protect.

 

I put in a XP SP3 cd and scanned it and it came back clean. Now shows as clean!

 

Thanks for the help.

sandra.g's picture

Happy to help!

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

Rafeeq's picture

if the CD is infected also, u thnk SEP wil delete that file? it wil mark as infected and action will be leave alone..just wait for sometime, I should get cleared automatically

in the home page under preference ; change the time period to 12 hours format..

ntrup's picture

My time period was on LAST HOUR.

 

It has been "still infected" for 10 days now without the CD. I am not sure how long it would need to wait to clear the infected status.