SEPM 11 infected client status
Created: 13 Nov 2012 | Updated: 13 Nov 2012
under Monitors>>Logs>>Computer status- last 24 hours i see one infected computer, it seems the only option i have is to scan it again,
after scan i still see the infected status.
does that mean that clean/delete/quarantine options have not been sucssesful ?
do i need to manually connect to the infected machine and try additional methods?
Quick Look Solution
Edit# Hi, It should wipe out
Edit#
Hi,
It should wipe out automatically during database purge process if threat is removed.
Following article is applicable only in SEP 11 & SBE
How to clear the "Still Infected" status from Reports in the Symantec Endpoint Protection Manager
Comments
after the scan whether the
after the scan whether the client has reported to SEPM?
has the scan detected any infection files?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
the scan is updated in log
the scan is updated in log and there is "last status change" a day after the scan, defenitions are updated
the infections are from over a month ago.
Hi, You should manually
Hi,
You should manually connect to the infected computers and try with recommended steps
Could you please update what kind of infection is this. Check the risk logs.
Best practices for responding to active threats on a network
http://www.symantec.com/docs/TECH122466
Also download Sep support tool & scan the affected system with power eraser because Symantec Power Eraser is the latest Symantec Recovery tool. The tool is aimed at the detection and clean-up of "zero-day" threats as well as other threats which may have infected the user’s system. Zero-day threats are those that take advantage of a newly discovered hole in a program or operating system before the developers have made a fix available – or before they are even aware that a hole exists.
Power eraser user guide.
http://www.symantec.com/theme.jsp?themeid=spe-user...
Here is the location of the Symantec Endpoint Protection Support Tool:
http://www.symantec.com/business/support/index?pag...
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
What is the normal behavior
What is the normal behavior of the system?
does the "infected" status automatically dissapear when the risk is cleaned/deleteed/quaratined(by scan?)?
or do i always need to go through above steps manually?
Hi, It's not always needed to
Hi,
It's not always needed to go through manual steps.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
so normally the "infected"
so normally the "infected" just disappears when the risk is elimintated?
Edit# Hi, It should wipe out
Edit#
Hi,
It should wipe out automatically during database purge process if threat is removed.
Following article is applicable only in SEP 11 & SBE
How to clear the "Still Infected" status from Reports in the Symantec Endpoint Protection Manager
http://www.symantec.com/docs/TECH102954
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
In SEP 12.1 it will
In SEP 12.1 it will automaticly disappear when a second scan has confirmed that the threat is removed. In SEP 11 you have to manually remove the "Still infected" status after manually confirmed that the risk is gone.
Se the following KB: http://www.symantec.com/business/support/index?pag...
Torb
Would you like to reply?
Login or Register to post your comment.