Hello,
What version of SEP are you running? Is that SEP 11.x or SEP 12.1?
In case of SEPM 11.x,
To clear the "Still Infected" status:
- Choose Monitors from the left hand panel, and click on the Logs tab.
- For Log Type, choose Computer Status.
- Choose the appropriate time range, then choose View Log.
- On the report that is generated, select any item that has a red diamond in the first column that has been verified as cleaned.
- Click Clear Infected Status.
Items should no longer be identified as infected.
Check these Articles:
How to clear an erroneous "Still Infected" status from Reports in the Symantec Endpoint Protection Manager
http://www.symantec.com/docs/TECH102954
How to reset the "Still Infected" status of clients in bulk from the Symantec Endpoint Protection Manager.
http://www.symantec.com/docs/HOWTO59235
In case, of SEPM 12.1, the "Still Infected" number will go down automatically as the threat is completely removed from the network.
This is a part of the enhanced management console. The management server resets the Still Infected Status for a client computer once the computer is no longer infected. It gives a more accurate status for how many client computers really are infected.
In your case, initiate a full scan on the system. Entry would be removed from Still infected status.
You can check the scan action and rescanning the identified computers by following the steps provided in the article below:
http://www.symantec.com/docs/HOWTO80991
Still Infected is a subset of Newly Infected, and the Still Infected count goes down as you eliminate the risks from your network. Computers are still infected if a subsequent scan would report them as infected.
For example, Symantec Endpoint Protection might have been able to clean a risk only partially from a computer, so Auto-Protect still detects the risk.
The management server resets the Still Infected Status for a client computer once the computer is no longer infected. This should produce a more accurate status for how many client computers really are infected, rather than requiring user interaction to define a computer as clean.
Check these Articles:
Cannot Delete the "Still Infected" Value From the Symantec Endpoint Protection Manager 12.1 Console
http://www.symantec.com/docs/TECH165846
Secondly, I would suggest you to work on these Articles:
Identifying the infected and at-risk computers
http://www.symantec.com/docs/HOWTO80990
Remediating risks on the computers in your network
http://www.symantec.com/docs/HOWTO80936
Hope that helps!!