Endpoint Protection

Hi everybody.
I want to clear infected my one computer but i can't. I upload 2 picture.
Thank you for help.
Have a nice day.

Click on the Red Diamond Icon, that'll highlight that entire wor, and THEN click n the Clear Infected Status Button. That'll fix it.

You need to select the row which you wish to clear in order for the command to take effect.

That will work...

But if this would not solve the issue..
You might need physical intervention..
Perform the following steps below...

 Virus Removal
Once the computers are removed from the network and updated with current definitions, the virus should be removed and the changes affected by the threat reversed.

Here are the steps to clean a virus once virus definitions are up to date.

A. Stop the viral process, or boot the computer to a state where the process is not loading

i. End the task - some threats may prevent this.
ii. Start Windows in Safe Mode or Safe Mode Command Prompt only
iii. Newer versions of Symantec AntiVirus (version 10) and Symantec Endpoint Protection may be able to stop the process as part of a full system scan.

B. Remove the viral files

i. Full system scan – Recommended
ii. Manually remove the files by finding and deleting them
iii. Check if there is a removal tool available for the particular threat variant.

C. Reverse the changes to system settings. It is important to make changes to the registry before rebooting the computer. Many viruses change boot setting so the user may be unable to log in once the virus is removed, if the registry changes are not undone.

i. Undo Registry Changes
ii. Undo changes to the following files – if necessary
1. hosts
2. win.ini
3. sfc.dll – may need to be replaced with new copy
4. Anti-virus and Firewall programs – may need to be reinstalled.

D. Reboot the computer into normal mode, before connecting it back to the network. This is to determine that no additional viruses are detected and the cleaning was successful.

E. If a rootkit or backdoor is detected it maybe necessary to re-image the computer to ensure security of the network.

Select the Red Diamndand clear it

@Ajitjha and @Abhishek Pradhan

I already click red diamond but nothings change. I try to Nel Ramos's answer. If it will be success of failure I will turn back in this topic.
thank you for answers.
have a nice day

Ok. Try one more thing. Run the Management Server Config wizard once and then login and see if the error goes away. The reconfig clears out any residual garbage data in the cache, and you may possibly see a resolution.

Hello Abhishek. I am sorry i am answer late.
If i am running this wizard am i lose any data in my SEPM? or it is only re configure?
Because its still same. and there is not only one computer. i cannot clear infected status now 5 computers.
Thank you.

any body have new idea for this problem?
 

I am repair my SEP manager in add/remove programs and i will look it again. I will write to result.

I guess Repairing SEPm will not resolve ur issue. The only way is to Clear using the Red Diamonds

Ajit

I have faced this problem so many times.

The actual probelm is on client side as you can see the autoprotect enabled status of the cleint is "no" means clients autoprotect is not functioning properly and client has some problem so first repair the client SEP or remove it and reinstall it again and see the autoprotect status in SEPM if it is "yes" then you can clear the infected status the way you are doing.

some times autoprotect is ok but client is not reporting to sepm .so please repair or reinstall the SEP client on that pc and you can clear the logs.

basically 10 source are by default showing

Hello Bijay. thank you for answer.
Ok I will send install package again this clients.
And there is one information too.
I can clear infected status if infected information inside ( look picture please) if this picture is not in infected computers i cannot clear it.

i upload picture again. If ınfected status have this icon i can clear status. But there is no info in "infected" tab i cannot clear.

I cannot understand. 10 client show infected everytime?

Hello All,

I'm not sure if we all looked at the pop up, when u select the option clear infected status, the pop says " 0 out of 1 " has been cleared that means the selection was not done  or the console is not taking the inputs. this is a select query issue in db if i'm not wrong. I would like to know if you are still facing the same issue so that we can run the db query and delete  it manually.

Rafeeq

Hi fatih

 yes you guessed it right as long as the infected column shows the details about the infection you can clear it.  client pc is not able to properly communicate with sepm so unable to send the details to sepm thats why you are not able to clear it.

my suggestion is go to the client physically and remove SEP and reinstall it.

and about 10 client show infected everytime . go to those pcs and check their sep logs and it any files are partially repaired then delete those files and replace with clean ones. delete temp files and temp. internet files , cookies etc.

and update windows which will solve your problem.
 

What is the actual status on the client side? Is it still infected? SEP might have done something and may need the client to restart. Does the client have a green dot on the icon system tray?

The actual probelm is on client side as you can see the autoprotect enabled status of the cleint is "no" means clients autoprotect is not functioning properly and client has some problem so first repair the client SEP or remove it and reinstall it again and see the autoprotect status in SEPM if it is "yes" then you can clear the infected status the way you are doing.

don't use copy paste  from other posts only for points

Hello everybody.
I cannot clear infected status for my pc too. Thats why i am taken picture to my pc. I delete all my temp folder and temporary internet files. My SEP is work fine. My SEP 11.0.4202.  as rafeeq said there is a message box  "0 out of 1" I add one picture. and try to show everything to  all. If you want I can install sep to my pc again.

Yes I know but it is not working properly as it can't report to sepm properly just try once . remove sepm from your machine and delete all symantec related folder like

prog files\common files\ symantec*

doc settings\ all user\ app data\symantec shared

program files\symantec

etc.

then reboot it
and again install sep .

after that see what happens.

Ok not i will try your answer. By the way Am I delete my client in SEP manager clients tab?

yes you can before you install client again. that will be better

Thank you Bijay.
I uninstall my sep client with cleanwipe.
and delete my user on SEP manager.
and deploy new fresh 4202 install package.
and i saw it is clear now in SEP manager.
But i must to to id for 14 clients more :(
Thank you for solition!
Have a nice day. 

nice to see your problem is solved .unfortunately you have to do this for all clients having problem.I do face it many times.
anyway can you mark it as solution.

sorry i didn't see that the post is already marked as solution.