Endpoint Protection

 View Only

  • 1.  Clear the "Still Infected items"

    Posted Jul 19, 2013 09:51 AM

    How do I clear this? I am in the monitors area and clicked compliance options and selected infected only. The infected machine is displayed, but I can't clear it.  I looked at a page but it doesn't work. I need to do this on version RU3. My SEPM is 12.1.3001.165

     

     



  • 2.  RE: Clear the "Still Infected items"

    Posted Jul 19, 2013 09:53 AM

    Looks like this option has been removed in later versions of 12.1.

    This existed in first version of 12.1 (RTM) but it's no longer there:

    http://www.symantec.com/docs/TECH165846

    It should happen automatically now. Run a full scan on the machine and if it is found to be clean, it will reflect that in the SEPM and the counter will reset for it.



  • 3.  RE: Clear the "Still Infected items"

    Trusted Advisor
    Posted Jul 19, 2013 09:58 AM

    Hello,

    In SEPM 12.1, the "Still Infected" number will go down automatically as the threat is completely removed from the network.

    This is a part of the enhanced management console.  The management server resets the Still Infected Status for a client computer once the computer is no longer infected. It gives a more accurate status for how many client computers really are infected.

    Check this Article:

    Cannot Delete the "Still Infected" Value From the Symantec Endpoint Protection Manager 12.1 Console

    http://www.symantec.com/docs/TECH165846

    Secondly, I would suggest you to work on these Articles:

    Identifying the infected and at-risk computers

    http://www.symantec.com/docs/HOWTO80990

    Remediating risks on the computers in your network

    http://www.symantec.com/docs/HOWTO80936

    Hope that helps!!



  • 4.  RE: Clear the "Still Infected items"

    Posted Jul 19, 2013 10:13 AM

    It has been on the still infected items for three days and it was a USB stick that was already removed 2 days ago. I want to manually clear it.



  • 5.  RE: Clear the "Still Infected items"

    Posted Jul 19, 2013 10:17 AM

    Plug a USB drive in and scan it.

    Unfortunately, it happens automatically now. No way to manually clear.



  • 6.  RE: Clear the "Still Infected items"
    Best Answer

    Trusted Advisor
    Posted Jul 19, 2013 10:43 AM

    Hello,

    In your case, initiate a full scan on the system. Entry would be removed from Still infected status.

    You can check the scan action and rescanning the identified computers by following the steps provided in the article below:

    http://www.symantec.com/docs/HOWTO80991

    Still Infected is a subset of Newly Infected, and the Still Infected count goes down as you eliminate the risks from your network. Computers are still infected if a subsequent scan would report them as infected. 

    For example, Symantec Endpoint Protection might have been able to clean a risk only partially from a computer, so Auto-Protect still detects the risk.

    The management server resets the Still Infected Status for a client computer once the computer is no longer infected. This should produce a more accurate status for how many client computers really are infected, rather than requiring user interaction to define a computer as clean.

    Hope that helps!!



  • 7.  RE: Clear the "Still Infected items"

    Posted Jul 22, 2013 08:35 AM

    The infected item is still listed and has not been in the PC for days now. It was a USB stick that is no longer connected. I want this gone.

    Thank you



  • 8.  RE: Clear the "Still Infected items"

    Posted Jul 30, 2013 07:45 AM

    I cleanwiped and re installed and so far so good. I also deleted a lot of other older user profiles. That very likely could have had something to do with it.