Viruses Shown as 'Still Infected' even after performed removal action plan - SEPM Server
Updated: 01 Jun 2010 | 20 comments
This issue has been solved. See solution.
Hi There,
I have performed the removal on the selected desktop that was shown as infected and cleaned as instructed, but I still find in the dashboard the amount of desktops is still showing as 'Still Infected'. I went to the logs sections and clear the infected flags.Now it has been reduced but still the counter has some value on it.How to go about it? The next issue is i have secured all the desktops and servers with endpoint protection but i believe its still floating in my networks as the bandwith becomes heavy as i'm noticing by the performances.I suspect the culprit behind this was the Downadup virus.How to put a conclusion on this?
Thanks,
m_k
Discussion Filed Under:
Comments
Fist assure that all your PCs
Fist assure that all your PCs in the network having latest defs and os patches.
Symantec Endpoint Protection Manager console Home shows "Still Infected" count even though all infections were cleared in the Computer Status log
How to clear an erroneous "Still Infected" status from Reports in the Symantec Endpoint Protection Manager
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Def and Windows Updates was updated
Hi Arvind,
All the desktops was updated with latest patches and definitions.
Thannks,
m_k
What is the version of SEP is
What is the version of SEP is installed?
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
Hi Prachand, Im currently
Hi Prachand,
Im currently using 11.0 version.
Thanking in advance,
m_k
He is asking full version.
He is asking full version. For example 11.0.4000.2295
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Im sorry, the full version is
Im sorry, the full version is 11.0.4202.75
Thanks,
m_k
Can you please migrate to RU6
Can you please migrate to RU6 and see if that helps
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010041310404248
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
Thanks for the info, let me
Thanks for the info, let me upgrade it first then come back to you.
Thanking in advance,
m_k
Hi Prachand, The new version
Hi Prachand,
The new version that you recommended is 11.60 right? Because I have noticed few updates there and I found this should be the one.Please correct me if i'm wrong.
Thanks,
m_k
Try by upgrading to
Try by upgrading to RU6
Migrating to Symantec Endpoint Protection 11.0 RU6
There is some fixes are present related to this problem
Ref:Release notes for Symantec Endpoint Protection 11.0.x and Symantec Network Access Control 11.0.x
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Hi There, I have upgraded to
Hi There,
I have upgraded to version 11.0 RU6. There are some clients still have not updated with the latest version even after i pushed the install packages to the particular clients. What will be the possible reason for this issue?
Thanks
m_k
On the client go to the event
On the client go to the event viwer and check to see if there are any errors or not?
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
Doesnt seem any errors in
Doesnt seem any errors in event viewer related to symantec in the client pc's.
manual upgrade is working in
manual upgrade is working in this client?
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
what do you mean by manual
what do you mean by manual ugrade? what i have tried was, move these particular client which was not updated to a newly created group and installed back the version update, it also have been failed.
What I mean is copy the new
What I mean is copy the new version package into that client.and then run it locally.Are you getting any error here?Whether the upgrade is success?
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Ya correct, when i do manual
Ya correct, when i do manual ugrade its works fine but it takes time.
Thanks Buddy.
Use risk tracer to find out
Use risk tracer to find out the computers which is creating the problem,quarantine those computers scan in safemode remove risk put back in network
Worms and threats that spread across networks by network shares have become more common in recent years.--Like Downadup/Conficker
Simple steps to protect yourself from the Conficker Worm
Have a look in this KB also
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
When you search for computers
When you search for computers with the Infected Flag, how far back in the time range are you going? If you are not going back far enough (a week vs 3 months or a year) then it might not show you ALL of the machines with the Infected Flag. Jsut a thought.
_________________________________________________________________
Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer
Try setting it to show past 3
Try setting it to show past 3 months or even a year for the "Infected only", that should get everything.
Endpoint Knowledge Base
Security Best Practices
Would you like to reply?
Login or Register to post your comment.