Endpoint Protection Small Business Edition

 View Only

  • 1.  SEPM Dashboard question

    Posted Apr 01, 2013 11:21 PM
    Hey guys, I've been looking around the dashboard, and I can't find the purpose of the Inforamtion named as "Disabled" under Total Endpoints* what is it for? also the other one under Virus and Risk Activity Summary names as "Still Infected" and how can we cure the Still Infected on the dashboard? Thanks,


  • 2.  RE: SEPM Dashboard question

    Broadcom Employee
    Posted Apr 01, 2013 11:43 PM
    Disabled : any one of the SEP component is disabled or malfunctioning, Still infected: to clear this status in SEP 12.1 the client needs ot be scanned and should report not infected to SEPM .


  • 3.  RE: SEPM Dashboard question

    Posted Apr 02, 2013 12:08 AM

    Disabled Means :

    It means any one of the protection technologies is disabled or malfunctioning. Could be AV, PTP, NTP, Download Protection, or tamper protection. You need to click on the disabled link above in the screenshot to get further info as to what it may be.

     

    Edited

    The still infected means that the computer has still potential riskful file(s) on it. For instance an infected or badware is detected on that computer and the file is quarantined. There for the computer is still infected but it is not harmed.

    The Still Infected count shows the total number of risks that a scan would continue to classify as infected, also within the configured time interval. For example, computer may still be infected because Symantec Endpoint Protection can only partially remove the risk. After you investigate the risk, you can clear the Still Infected count from the Computer Status log.

     

    How to clear the "Still Infected" status from Reports in the Symantec Endpoint Protection Manager

     

    Article:TECH102954  |  Created: 2007-01-19  |  Updated: 2013-03-13  |  Article URL http://www.symantec.com/docs/TECH102954

     



  • 4.  RE: SEPM Dashboard question

    Posted Apr 02, 2013 01:21 AM

    Hi,

     

    I get it now but we have scheduled scan every night, and based on the "Still infected" it was found through Scheduled scan and active scan, does that mean SEP can only detect it and not remove?

     

    Thanks,



  • 5.  RE: SEPM Dashboard question

    Posted Apr 02, 2013 01:32 AM

    hello,

    Just read one this comments

     Mithun Sanghavi

     Hello,

    The Newly Infected count shows the number of risks that have infected computers during the selected time interval only. Newly Infected is a subset of Still Infected. The Still Infected count shows the total number of risks that a scan would continue to classify as infected, also within the configured time interval. For example, computer may still be infected because Symantec Endpoint Protection can only partially remove the risk. After you investigate the risk, you can clear the Still Infected count from the Computer Status log.

    Both the Newly Infected count and the Still Infected count show the risks that require you to take some further action to clean. In most cases, you can take this action from the console and do not have to go to the computer.

    Note: A computer is counted as part of the Newly Infected count if the detection event that occurred during the time range of the Home page. For example, if an unremediated risk affected a computer within the past 24 hours, the Newly Infected count goes up on the Home page. The risk can be unremediated because of a partial remediation or because the security policy for that risk is set to Log Only.

    You can configure a database sweep to remove or retain the detection events that resulted in unremediated risks. If the sweep is configured to remove the unremediated risk events, then the Home page count for Still Infected no longer contains those events. Those events age out and are dropped from the database. This disappearance does not mean that the computers have been remediated.

    No time limit applies to Still infected entries. After you clean the risks, you can change the infected status for the computer. Change the status in the Computer Status log by clicking the icon for that computer in the Infected column.

    Note: The Newly Infected count does not decrement when a computer's infection status is cleared in the Computer Status log; the Still Infected count does decrement.
     
    You can determine the total number of events that have occurred in the last time period configured to show on the Home page. To determine total number, add the counts from all rows in the Action Summary except for Still Infected.

     



  • 6.  RE: SEPM Dashboard question

    Posted Apr 02, 2013 02:05 AM

    Disabled: You might have given users access to disable some of the sep components or SEP altogether.

    thats why it warns you. if you dont want to give access, you can lock those options in SEPM policy and it wont complain about that

    still infected: various reasons why it was not able to clean the virus. so whenever you find still infected you need to examine those machines manually.

     



  • 7.  RE: SEPM Dashboard question

    Broadcom Employee
    Posted Apr 02, 2013 07:19 AM

    Hi,

    Still infected count can be clear manually in SEP 11.x with the help of following article 

    How to clear the "Still Infected" status from Reports in the Symantec Endpoint Protection Manager

    http://www.symantec.com/docs/TECH102954

    In SEP 12.1 this option is no more exist, SEPM console should update this status automatically.

    If status remains same then need to examine those machines manually.



  • 8.  RE: SEPM Dashboard question

    Trusted Advisor
    Posted Apr 02, 2013 07:53 AM

    Hello,

    If the Home page of the Symantec Endpoint Protection Manager (SEPM), in the Endpoint Status section (Middle Left), the Disable (Orange) status shows several Symantec Endpoint Protection (SEP) clients as disabled. 

    Disabled.JPG

    The SEP Clients will show up in this section if any of the following are in a disabled state:

    • Auto-Protect Status
    • Firewall Status
    • Sonar Status
    • Download Insight Status
    • Network Intrusion Prevention Status
    • Browser Intrusion Prevention IE Status
    • Browser Intrusion Prevention Firefox Status
    • Tamper Protection Status

     

    Secondly, Still Infected: 

    Still Infected..JPG

    The Still Infected count shows the total number of risks that a scan would continue to classify as infected, also within the configured time interval. For example, computer may still be infected because Symantec Endpoint Protection can only partially remove the risk. After you investigate the risk, you can clear the Still Infected count from the Computer Status log.

    Hope that helps!!