Virus has found from the DVD and the same is removed same day. But Virus log is showing daily in SEPM 12 Console. Even I have fully scan the system but still the same. How could I remove the log from the Server.

Note : I'm only having limited administrator Rights in SEPM console. If you could help in client side, will be better.

Thank you.

what is the version you are using?

in SEPM 11 you can manually delete.

in SEPM 12. the system should be clean when it reports it's next scan status

Cannot Delete the "Still Infected" Value From the SEPM 12.1 Console

http://www.symantec.com/business/support/index?page=content&id=TECH165846

How to clear the "Still Infected" status from Reports in the SEPM

http://www.symantec.com/business/support/index?page=content&id=TECH139565

To clear the "Still Infected" status:

1. Choose Monitors from the left hand panel, and click on the Logs tab.
2. For Log Type, choose Computer Status.
3. Choose the appropriate time range, then choose View Log.
4. On the report that is generated, select any item that has a red diamond in the first column that has been verified as cleaned.
5. Click Clear Infected Status

How to clear the "Still Infected" status from Reports in the Symantec Endpoint Protection Manager

How to reset the "Still Infected" status of clients in bulk from the Symantec Endpoint Protection Manager.

Put a clean DVD in and run another scan. As long as the scan comes back clean, it will automatically clear out.

Right click on Drive and select Scan. Right click on SEP icon and update policy

Hello,

In your case of SEPM 12.1, the "Still Infected" number will go down automatically as the threat is completely removed from the network.

This is a part of the enhanced management console.  The management server resets the Still Infected Status for a client computer once the computer is no longer infected. It gives a more accurate status for how many client computers really are infected.

In your case, initiate a full scan on the system. Entry would be removed from Still infected status.

You can check the scan action and rescanning the identified computers by following the steps provided in the article below:

http://www.symantec.com/docs/HOWTO80991

Still Infected is a subset of Newly Infected, and the Still Infected count goes down as you eliminate the risks from your network. Computers are still infected if a subsequent scan would report them as infected. 

For example, Symantec Endpoint Protection might have been able to clean a risk only partially from a computer, so Auto-Protect still detects the risk.

The management server resets the Still Infected Status for a client computer once the computer is no longer infected. This should produce a more accurate status for how many client computers really are infected, rather than requiring user interaction to define a computer as clean.

Check these Articles:

Cannot Delete the "Still Infected" Value From the Symantec Endpoint Protection Manager 12.1 Console

http://www.symantec.com/docs/TECH165846

Secondly, I would suggest you to work on these Articles:

Identifying the infected and at-risk computers

http://www.symantec.com/docs/HOWTO80990

Remediating risks on the computers in your network

http://www.symantec.com/docs/HOWTO80936

Hope that helps!!

Hi,

Thank you for posting in Symantec community.

In the virus log what's the location of Risk? It's showing path for external DVD?

The system should be clean when it reports it's next scan status.

No manual job is required.

Try to find out End user machines infection path, SEP client should show everything is clean and clear.

Those logs will be uploaded on SEPM and it should show reflect the status correctly.

Hi,

To find out the source computer that causing the infection should be the first steps

1) Please enable risk tacer

http://www.symantec.com/docs/TECH94526

2) Update the latest virus definitons

3) Run full scan

4) After the scan is complete collect risk log and also top source of attack report from 

SEPM-> Reports-> Quick reports-> Report type -> Network threat protection-> Select a report-> Top source of attack -> fine tune the other settings as per your wish adn view report which would give you the  possible computers that are vulenrable and causing the infection

5) Run further scan on those computer

Hope this helps!