I am running SEP 11.0.6. When I have an virus alert I run update content and scan on the machine. After the scan is completed in the monitor how do I tell if the system is still infected?

Is there not a way to view the logs and quarantine of the remote system like in SAV?

Hello,

Check the Logs and Reports:

About the information in the System reports and logs

http://www.symantec.com/business/support/index?page=content&id=HOWTO27236&actp=search&viewlocale=en_US&searchid=1300289771657

About the reports you can run

http://www.symantec.com/business/support/index?page=content&id=HOWTO27245
 

About the information in the Risk reports and log

http://www.symantec.com/business/support/index?page=content&id=HOWTO27238

 

Risk Log would tell you everything you need to know.

You can generate a risk log/scan log (SEPM-->monitor-->Logs).This log will give you more information.If you go to advanced options you can more customize it again..

To view the files in Quarantine perform the following:

1. Log into the Endpoint Protection Manager.
2. Click on the Monitors tab on the left pane.
3. Click on the Logs tab at the top of the right pane.
4. Click on Risk in the Log type drop-down menu.
5. Select a time range from the Time range drop-down menu. (The default is Past 24 hours.)
6. Click Advanced Settings in the bottom left hand corner.
7. Next to Action Taken: choose Quarantined
8. Click on the View Log button. This gives you a list of the quarantined items.

http://www.symantec.com/business/support/index?page=content&id=TECH106444&actp=search&viewlocale=en_US&searchid=1300291216424

Thank you all for your quick assistance.

Another question for this thread, why when I run a manual scan why would the scan tell me Left Alone and not remove the issue? The manual scan settings on the SEP console is configured to delete then quarantine. Am I missing something here?

Left alone means Symantec Endpoint Protection detected a risk but did not take action. This can occur if the first configured action is Leave alone or if the second configured action was Leave alone and the first configured action was not successful. This may mean that a risk is active on the endpoint.

Have a look at this KB

Best Practices for responding to "Left Alone" in the virus or threat history log

Depends on what the file is? Possibly a password protected RAR or ZIP file or perhaps a file that has hooked an important system process. If so SEP cannot delete these. However, SEP will block further access to the files(s) until manual intervention can be mande.

Best Practices for responding to "Left Alone" in the virus or threat history log

http://www.symantec.com/business/support/index?page=content&id=TECH101661

Mithun, I do have that setting enabled. I will have a helpdesk tech stop and take a look at the workstation to see if it could be a false postive or something else. Thank you all for your help.

Hello,

Sure.

However, I personally would say try it yourself by following the Steps in the Article first:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

By performing the steps provided in the article first, you woudl assure yourself  if there is something or not...

I will try that. Is the process ran on the client machine?

Hello,

The Symantec Support Tool could be run on any machine (ofcourse Windows) where you are facing an issue.

I am sure that may help you determine the issue and more.

Thank you.