Endpoint Protection

Hi All,

Got a problem with SEP 12.1.

The infected computer is sending notification that it is infected several times. Please see below.

Risk name: Trojan.Gen.3

File path: C:\Windows\TEMP\pde51FB.tmp

Event time: Sep 6, 2013 9:22:28 AM

Database insert time: Sep 6, 2013 9:22:01 AM

Source: Manual Scan

Description: "Still contains 1 infected items"

User: SYSTEM

Computer: JY-PC

Upon checking the path, the virus is not there. Then it is still sending notification to the Admin. Already check the logs of SEPM but can't find the computer name on the infected machines. Also, we already reinstall and formatted the unit but still sending notification to the Admin.

What's wrong with this? Problem with the SEPM?

Please help us. Thank you in advance!!

Regards,

JM

can you first delete the notification and create new one?

under sepm-admin -server there is an option to rebuild indexes, please rebuild and check again.

Have you cleared the "Infected" status from this machine?

Just look for the machine in the Notifications or the Computer Status logs and click the little red diamond to turn it green and clear the infected status flag agains thte client record.

Hi SMLat,

No logs generated on SEPM. even the past few years, no logs for this computer.

Can you confirm you're looking at the Computer Status logs and not the Risk ones?

If there are no Computer Status logs within the past year, then it generally means the machine is no longer checking into the SEPM.  Have you tried deleting the client record from the CLIENTS section of the console?

Alternatively, you might want to delete and recreate the Notification Condition itself, a they can sometimes get a bit confused.