Identifying The Infected And At-Risk Computers - Symantec 20032623 - Endpoint Protection Small Business Edition Implementation Manual

134 Managing Virus and Spyware Protection
Remediating risks on the computers in your network
Step Task
Step 3 Check scan actions and
rescan
Step 4 Restart computers if
necessary to complete
remediation
Step 5 Investigate and clean
remaining risks
Step 6 Check the Computer
Status log

Identifying the infected and at-risk computers

Remediating risks on client computers (continued)
Table 11-2
Description
Scans might be configured to leave the risk alone. You might want to edit
the Virus and Spyware Protection policy and change the action for the risk
category. The next time the scan runs, Symantec Endpoint Protection Small
Business Edition applies the new action.
You set the action on the Actions tab for the particular scan type
(administrator-defined or on-demand scan, or Auto-Protect). You can also
change the detection action for Download Insight and SONAR.
See Checking the scan action and rescanning the identified computers"
on page 135.
Computers may still be at risk or infected because they need to be restarted
to finish the remediation of a virus or security risk.
You can view the Risk log to determine if any computers require a restart.
You can run a command from the logs to restart computers.
See Running commands on the client computer from the logs"
If any risks remain, you should to investigate them further.
You can check the Symantec Security Response Web pages for up-to-date
information about viruses and security risks.
http://securityresponse.symantec.com
http://www.symantec.com/enterprise/security_response/
On the client computer, you can also access the Security Response Web
site from the scan results dialog box.
Symantec Technical Support also offers a Threat Expert tool that quickly
provides detailed analysis of threats. You can also run a loadpoint analysis
tool that can help you troubleshoot problems.
View the Computer Status log to make sure that risks are remediated or
removed from client computers.
See Viewing logs"
You can use the Symantec Endpoint Protection Manager Home page and a risk
report to identify the computers that are infected and at risk.
See Remediating risks on the computers in your network"
on page 275.
on page 280.
on page 132.