Starting Power Eraser analysis from
Symantec Endpoint Protection Manager

You can run Power Eraser to analyze and detect persistent threats on a single computer or a small group of computers. See:
After Power Eraser detects potential risks, you view the risks and determine which risks are threats. Power Eraser does not automatically remediate risks. You must manually run Power Eraser to remediate the risks that you determine are threats. You can also run Power Eraser on a particular threat or threats that other protection features detect. Power Eraser runs on the computers that are associated with the detection. See:
When you run Power Eraser in rootkit mode, and the restart option message appears on the client computer, the administrator or the user cannot cancel Power Eraser. After the restart, the user can cancel Power Eraser if the Virus and Spyware Protection policy lets users cancel scans.
  1. To start Power Eraser analysis from
    Symantec Endpoint Protection Manager
  2. To start Power Eraser analysis from the Clients page in
    Symantec Endpoint Protection Manager
    , on the
    Clients
    page, on the
    Clients
    tab, select the computers that you want to analyze.
    If you select many computers, you might adversely affect the performance of your network.
  3. Under
    Tasks
    , click
    Run command on computers
    , and then click
    Start Power Eraser Analysis
    .
  4. In the
    Choose Power Eraser
    dialog, select whether or not you want Power Eraser to run in rootkit mode. For rootkit mode, you can set the restart options. You must have administrator privileges to set restart options and run a rootkit scan.
  5. Click
    OK
    .
    Power Eraser runs on the select computers. You can cancel the command on the
    Command Status
    tab on the
    Monitors
    page.
  6. To start Power Eraser analysis from the Computer Status log in
    Symantec Endpoint Protection Manager
    , in the console, in the sidebar, click
    Monitors
    and select the
    Logs
    tab.
  7. In the
    Log type
    list box, select the
    Computer Status
    log, and then click
    View Log
    .
  8. Select the computers on which you want to run Power Eraser and select
    Start Power Eraser Analysis
    from the
    Commands
    drop-down box.
    If you select many computers, you might adversely affect the performance of your network.
  9. Click
    Start
    .
  10. In the
    Choose Power Eraser
    dialog, select whether or not you want Power Eraser to run in rootkit mode. For rootkit mode, you can set the restart options. You must have administrator privileges to set restart options and run a rootkit scan.
  11. Click
    OK
    .
    Power Eraser runs on the selected computers. You can cancel the command on the
    Command Status
    tab.
  12. To start Power Eraser analysis from the Risk log in
    Symantec Endpoint Protection Manager
    , in the console, in the sidebar, click
    Monitors
    and select the
    Logs
    tab.
  13. In the
    Log type
    list box, select the
    Risk
    log, and then click
    View Log
  14. Select the risks on which you want to run Power Eraser. In the
    Event Action
    column, you might see an alert to run Power Eraser.
    You can run Power Eraser on any risk in the log.
  15. Select
    Start Power Eraser Analysis
    from the
    Action
    drop-down or the
    Action
    column.
  16. Click
    Start
    .
  17. In the
    Choose Power Eraser
    dialog, select whether or not you want Power Eraser to run in rootkit mode. For rootkit mode, you can set the restart options. You must have administrator privileges to set restart options and run a rootkit scan.
  18. Click
    OK
    .
    Power Eraser runs on the computers that are infected with the selected risks. You can cancel the command on the
    Command Status
    tab.