Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEPM 12.1 RU4 - Still infected status not cleared automatically

Created: 07 Nov 2013 • Updated: 07 Nov 2013 | 5 comments
S_K's picture
This issue has been solved. See solution.

Hello,

While I was on SEPM 12.1 RU2, Still infected status cleared automatically whenever the infection is cleaned. However, after I upgraded the console to 12.1 RU4, yesterday there was a detection (few detections of the same file), last action was "Cleaned by deletion" but "Still infected" status is not reset.

Do you know if this is some new bug in RU4 or there is anything else?

 

Operating Systems:

Comments 5 CommentsJump to latest comment

Rafeeq's picture

It wil be cleared when you run full scan.

There is no manual way of clearing it from the console.

try running a full scan from the SEPM console when the clients come up clear. the status will be cleared.

SOLUTION
S_K's picture

ok, I will run another full scan from the console and will see the result after that

Mithun Sanghavi's picture

Hello,

In SEPM 12.1, the "Still Infected" number will go down automatically as the threat is completely removed from the network.

This is a part of the enhanced management console.  The management server resets the Still Infected Status for a client computer once the computer is no longer infected. It gives a more accurate status for how many client computers really are infected.

Check this Article:

Cannot Delete the "Still Infected" Value From the Symantec Endpoint Protection Manager 12.1 Console

http://www.symantec.com/docs/TECH165846

Secondly, I would suggest you to work on these Articles:

Identifying the infected and at-risk computers

http://www.symantec.com/docs/HOWTO80990

Remediating risks on the computers in your network

http://www.symantec.com/docs/HOWTO80936

In your case, initiate a full scan on the system. Entry would be removed from Still infected status.

You can check the scan action and rescanning the identified computers by following the steps provided in the article below:

http://www.symantec.com/docs/HOWTO80991

Still Infected is a subset of Newly Infected, and the Still Infected count goes down as you eliminate the risks from your network. Computers are still infected if a subsequent scan would report them as infected. 

For example, Symantec Endpoint Protection might have been able to clean a risk only partially from a computer, so Auto-Protect still detects the risk.

The management server resets the Still Infected Status for a client computer once the computer is no longer infected. This should produce a more accurate status for how many client computers really are infected, rather than requiring user interaction to define a computer as clean.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

S_K's picture

After I have performed another full scan of the machine, Still infected status is now cleared :)

BeetleBailey's picture

I have excluded from future scans, the folder where the "virus" was detected as it was simply an email back-up directory on a storage PC.  The Quarentine has also been cleared. Unfortunately, the PC still is listed in the logs as an infected machine.  The SEMP Home page still lists this PC as an infected machine.  I am using version 12.1.2 MP1

Before I hand in this information to my IT Administator team leader, would the above suggested corrections fix my problem?