Decommissioned computers installed with Symantec Endpoint Protection are not being removed from SEPM Reports that were imported from Active Directory

book

Article ID: 160913

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Computers installed with Symantec Endpoint Protection that were decommissioned still show in the SEPM (Reports > Computer Status > Computers Not Recently Updated > Past Month) when originally imported from Active Directory.

Resolution

To remove decommissioned computers installed with Symantec Endpoint Protection that were originally imported from Active Directory, it is necessary to first delete the clients from Active Directory and then sync the SEPM with Active Directory. After SEPM has synced, entries are removed from sem_client, sem_agent and sem_computer tables, but the reporting tables are kept to provide data to support for generating older reports.

As per design the (Reports > Computer Status > Computers Not Recently Updated > Past Month) shows all the clients available in SEPM during last month, but last updated before 30 days by querying reporting table in backward fashion, hence it will retrieve all clients beyond the 30 day period. So the decommissioned computers will drop out all of the reports in approximately 45 days from when the clients are deleted from Active Directory and SEPM has resynced with Active Directory.

Note: Using the "Delete clients that have not connected for specified time (x) days" from (SEPM > Admin > Domains > Edit Domain Properties) is only applicable for clients that were not imported from Active Directory.