Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

How do I clear the infected status in 12.1?

  • 1.  How do I clear the infected status in 12.1?

    Posted Jan 19, 2012 02:51 PM

    In SEP 11.0.6, if you go to the Logs tab from the Monitors icon, you can select the infected computer and select the "Clear infected status" from the list of available options.  It used to be accessed using the "Computer Status" report, viewable by clicking the "View Log" button.

    Where is this in 12.1?  Or do we need to worry about it?  The option in the same area doesn't exist.

    Thanks.



  • 2.  RE: How do I clear the infected status in 12.1?

    Posted Jan 19, 2012 03:29 PM

    In there, click on Compliance options and tick the box for infected only

    A few more options have also been added.



  • 3.  RE: How do I clear the infected status in 12.1?

    Posted Jan 19, 2012 04:25 PM

    Brian81, I have been all through the options on the Monitors tab and cannot find anything for clearing the infected status in the Compliance options.  Can you take me on a step-by-step tour in getting there?  Who's bright idea was it to put the clearing the infected status in the Compliance options?  It just doesn't make sense to put it there.



  • 4.  RE: How do I clear the infected status in 12.1?

    Broadcom Employee
    Posted Jan 19, 2012 11:30 PM

    The "Still Infected" number will go down automatically as the threat is completely removed from the network.

    This is a part of the enhanced management console.  The management server resets the Still Infected Status for a client computer once the computer is no longer infected. It gives a more accurate status for how many client computers really are infected.

    check this article

    http://www.symantec.com/business/support/index?page=content&id=TECH165846



  • 5.  RE: How do I clear the infected status in 12.1?

    Posted Jan 20, 2012 12:01 AM

     

    How to clear an erroneous "Still Infected" status from Reports in the Symantec Endpoint Protection Manager

    http://service1.symantec.com/SUPPORT/ent-security....



  • 6.  RE: How do I clear the infected status in 12.1?

    Posted Jan 20, 2012 05:55 AM

    Hi Guys, 

     

    The information pete provided is right. 

     

    In 11 .0.x even though the threat didnt exist in the network the still infected count would still show up. 

    However 12.1 has an enhancement .The security status would automatically clear the still infected status once the threat is no more in the network . This is added advantage. Since it is automatically clearing it we do not require an option to delete. 



  • 7.  RE: How do I clear the infected status in 12.1?

    Posted Jan 20, 2012 09:31 AM

    In the SEPM

    Go to Monitors >> Logs >> Select the Computer Status log

    Click Advanced Settings

    Click Compliance Settings

    Check Infected Only

    Click View Log

    Does this not show for you?



  • 8.  RE: How do I clear the infected status in 12.1?

    Posted Jan 30, 2012 01:52 AM

    Please do the following:

     

    Stop the Symantec Endpoint Protection Manager service

      1. Click Start, then Run
      2. Type services.msc
      3. Click OK
      4. Locate and right-click Symantec Endpoint Protection Manager in the list, then click Stop

    1. Open Windows Explorer and navigate to the following folder; back up all files residing in this folder before proceeding:

      \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo
    2. After backing up the files, delete the contents of the folder so that the agentinfo folder is empty
    3. Start the Symantec Endpoint Protection Manager service
      1. Click Start, then Run
      2. Type services.msc
      3. Click OK
      4. Locate and right-click Symantec Endpoint Protection Manager in the list, then click Start

    4. Log into the Symantec Endpoint Protection Manager
      • Go into Monitors & Logs and clear any remaining clients of their infected status
      • The homepage should now update the "still infected" field

     


    Regards

    Regards



  • 9.  RE: How do I clear the infected status in 12.1?

    Broadcom Employee
    Posted Jan 30, 2012 02:07 AM

    SEP 12.1 does not have clear still infected button as in SEP 11.



  • 10.  RE: How do I clear the infected status in 12.1?

    Posted Jan 30, 2012 02:48 AM

    The infected status wil get cleared automatically, once the infection is been taken care.

    you cannot manually clear it in SEP 12.1



  • 11.  RE: How do I clear the infected status in 12.1?

    Posted May 01, 2012 11:57 AM

    While I understand that the manager will automatically clear the infected status, that does not work well for those systems that get decommissioned soon after they report an infected status.

    Our environement is large enough that we cannot keep track of workstation attrition and we are required to keep systems in our database for 30 days, unless we know they have gone away.

    So please bring back the "Clear Infected Status" button!

    I think the manual option must stay, if you don't trust the AV admins (which taking away this option seems to imply) then they shouldn't have SEPM access.



  • 12.  RE: How do I clear the infected status in 12.1?

    Posted May 01, 2012 01:49 PM

    I agree.  This feature should be put back on.  So many forum parts, KB articles, etc refer to the 'clear infected status button'.  I finally found out eventually that the feature was removed from 12.1 altogether.