Endpoint Protection

Looked at this KB but it does not apply as the file is gone from network. http://www.symantec.com/docs/TECH165846

I had a CD with some network scanning tools that SEP 12.1 detected, but it was a false positive. Obviously it wasn't able to remove them being on a CD and now even though the CD has been out of the computer for over a week, SEP still shows the computer as still infected with the file path to the CD. The KB says the still infected will clear automatically when the threat is removed, and the threat is gone but the still infected flag remains.

it says

The management server resets the Still Infected Status for a client computer once the computer is no longer infected. It gives a more accurate status for how many client computers really are infected.

what if u delete the client machine from the console and wait for 5 mins

update policy on the client machine, this should come up with latest logs and status should be cleared..

Put in another, clean CD and scan it the same way you scanned the first one.

sandra

I deleted the machine, waited 10 minutes and updated the policy but it still shows as infected.

Also on the client machine in the risk logs still shows the suspicious file, but i can't do anything with it like delete or clean because it was on a CD and has been gone for a week

if the CD is infected also, u thnk SEP wil delete that file? it wil mark as infected and action will be leave alone..just wait for sometime, I should get cleared automatically

in the home page under preference ; change the time period to 12 hours format..

My time period was on LAST HOUR.

It has been "still infected" for 10 days now without the CD. I am not sure how long it would need to wait to clear the infected status.

The first time it was found through auto protect.

I put in a XP SP3 cd and scanned it and it came back clean. Now shows as clean!

Thanks for the help.

Happy to help!

sandra