Endpoint Protection

I ran a scan and SEP found the items, but it kept finding the same thing over and over again. It would write to the SEPM, and it would multiply the number of current and new infections even though it was the same thing. I need to be able to delete this content so I do not have to deal with this again.  It took an uninstall and reinstall to clear all of this otherwise it would have just kept doing this over and over.

Thank you.

Version 11.6 RU A

Don't believe there is a way to do it in the managed client but rather it has to be done in the SEPM.

Under Admin ---> Local Site ---> Edit Site Properties, you can set the logs to delete after "X" days as well as set a limit on entries so it will start deleting after it hits the quota.

There could be  detections everytime!!! May be  you need to investigate why is sep detecting  a threat everytime, even though it's the  same. It's still there on the  computer!!!

What  is the action  taken by SEP?

I would assume that there was a problem with the program which at that point I would remove it and delete all related folders and files.

I will check it out tomorrow.

Thx!!

Hello Bryan ,

Another possiblity can be under quarantine folder which is on Sep client ,check if the same file getting detected by Sep as a threat if yes find the computer from risk logs go to the machine stop symantec management client service and then empty the qurantine folder and restart smc service .Find link below to clear infected status on Sep manager . Also to let you know Sep manager clean or sweps the db after every 24 hrs if it not happening there are steps to get this done which can be sucess reply once this suggestion is followed .

 Also follow the suggestion made by Vishal as above .

http://service1.symantec.com/support/ent-security.nsf/docid/2007021509381848

Thank you

Regards

Swapnil

www.symantec.com

if you find the above mentioned steps solves the issue then please change the second action taken under sep manager to delete the threat instead of qurantining it which is under policies tab > antivirus and antispyware policy >and actions taken in left pane .

Thank you

There seems to still be a folder structure for symantec Anti Virus. When I install SEP on a clean machine I never see this. If I had done an upgrade sometime before, the SAV stuff will still show. The only TRUE way I have been able to resolve this is to delete SAV content and remove and re install SEP.

Yes, when you upgrade from SAV to SEP, it installs in the SAV folder. Why? I have no clue and wish this were not the case.....

To do a fresh SEP install, remove SAV. Then go back check for and remove the following:

Delete following folders if present:

C:\Program Files\Symantec
C:\Program Files\Symantec AntiVirus
C:\Program Files\Common Files\Symantec Shared
C:\Documents and Settings\All Users\Application Data\Symantec

Delete following registry keys:

HKLM\Software\symantec
HKCU\Software\symantec

Then re-install SEP