I'm trying to figure out how to clear an issue where one of my user's system is showing a false positive of still being infected.
Here's the situation:
The user had a disc of personal documents and programs on their machine that Symantec Endpoint Protection detected during a scan (anybody remember Kazaa?). Because the detected malware was on a read-only disc, SEP reported the issue and that it wasn't able to quarantine or kill it.
Since then the disc has been removed from the system, but I'm still showing it as an infection for the file on the user's disc. The user has stated that the disc hasn't been put back into their machine since then (mid-April). By now, the system should have had multiple scans, both full and active, since the malware was detected, but SEP Manager still shows the system as being "still infected" even though the user's program states there are no problems.
I'm trying to remove "false positive" this from the summary of Virus and Risk activities. I understand that in SEP 12.1 you can no longer manually clear an infection status, but is there anything I can do to get SEPM to recognize that the DVD-R disc and detected infected file is no longer there?
Any recommendations as to what I can do?