What Does "Risk was partially removed" Mean?


Article ID: 177722


Updated On:


Endpoint Protection


Is there cause for alarm if Symantec AntiVirus or Symantec Endpoint Protection detects a threat (virus, worm, or other malicious code) and reports in its risk history log that "Risk was partially removed" or "Clean was partially successful." Is any additional, manual action necessary?

Example log:

 SEP Risk Logs may also contain the event "Remediation action on an anomaly failed"


Further manual steps are necessary by the end user. SAV or SEP has detected the threat, but due to the nature of the file or the technologies involved it is not possible to completely remediate it.

Customers are strongly encouraged to read in detail the "Removal" section of the threat write-up to determine what manual steps are necessary in order to completely remove the threat from the computer.

A full system scan in safe mode will, under most circumstances, completely remove threats that were "partially removed" earlier. Be sure to check the risk log after the scan has been run for confirmation.