Checking the scan action and rescanning the identified computers

If you have infected and at-risk computers, you should identify why the computers are still infected or at risk. Check the action that was taken for each risk on the infected and at-risk computers. It may be that the action that was configured and taken was Left Alone. If the action was Left Alone, you should either clean the risk from the computer, remove the computer from the network, or accept the risk. For Windows clients, you might want to edit the Virus and Spyware Protection policy and change the scan action. See:
  1. To identify the actions that need to be changed and rescan the identified computers
  2. In the console, click
    Monitors
    .
  3. On the
    Logs
    tab, select the Risk log, and then click
    View Log
    .
    From the Risk log event column, you can see what happened and the action that was taken. From the Risk Name column, you can see the names of the risks that are still active. From the Domain Group User column you can see which group the computer is a member of.
    If a client is at risk because a scan took the action
    Left Alone
    , you may need to change the Virus and Spyware Protection policy for the group. In the
    Computer
    column, you can see the names of the computers that still have active risks on them. See:
    If your policy is configured to use push mode, it is pushed out to the clients in the group at the next heartbeat. See:
  4. Click
    Back
    .
  5. On the
    Logs
    tab, select the Computer Status log, and then click
    View Log
    .
  6. If you changed an action and pushed out a new policy, select the computers that need to be rescanned with the new settings.
  7. In the
    Command
    list box, select
    Scan
    , and then click
    Start
    to rescan the computers.
    You can monitor the status of the Scan command from the
    Command Status
    tab.