An administrator needs to identify infected computers that require a restart to finish remediation of a threat. What steps in the SEPM should an administrator perform to identify and restart the systems?
A.
View the Computer Status log to determine if any computers require a restart. Run a command from the Risk log to restart computers.
B.
View the SONAR log to determine if any computers require a restart. Run a command from the Computer Status log to restart computers.
C.
View the Computer Status log to determine if any computers require a restart. Run a command from the SONAR log to restart computers.
D.
View the Computer Status log to determine if any computers require a restart. Run a command from the Attack log to restart computers.
To identify computers that need a restart for completing threat remediation, the administrator should:
Steps for Identification and Action:
View the Computer Status login the Symantec Endpoint Protection Manager (SEPM) to see if any computers are flagged as needing a restart.
Once identified, the administrator can go to theRisk logand run a command to initiate a restart on those systems, thereby completing the remediation process.
Why This Method is Effective:
TheComputer Status logprovides comprehensive information on the current state of each endpoint, including whether a restart is pending.
Risk log commandsenable administrators to remotely trigger actions such as reboots on endpoints impacted by malware.
Why Other Options Are Incorrect:
Other options suggest using logs likeSONARorAttack logsto trigger restarts, which do not provide the necessary functionality for identifying and restarting systems in need of final remediation.
References: Using the Computer Status log along with the Risk log in SEPM ensures administrators can efficiently identify and restart infected systems.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit