After a threat detection, the user is presented with a pop-up that asks what action to take on the detection or directs them to contact their administrator. Additionally, the client shows compromised in the Symantec Endpoint Protection Cloud (SEPC) Portal and may say Manual Removal Required for the detection. Looking in the History in the SEPC agent, you see detections in the Unresolved Security Risks section awaiting an action to be chosen.
The SEPC client will mark a threat as an Unresolved Security Risk if user action is needed to remediate the threat. The client will be marked as compromised until these actions have been selected in the client user interface via History -> Unresolved Security Risks; this cannot be cleared via the Portal.
Go to the affected client and log in with a Windows Administrator account, open the SEPC client, go to History -> Unresolved Security Risks and choose the action for all items listed. It is recommended to run a full scan after choosing the actions to ensure there are no other threats detected. Non-admin users will not see or be able to select any actions to resolve this.
Please note that when viewing the action details for a listed item. A yellow box may appear with the requested action as a suggestion. Please select the yellow box as it is a button in addition to the other actions presented.
NOTE: Taking the recommended action through the UI to delete the file will resolve the risk even if the file is gone. Eg, selecting to remove a unresolved risk on a drive that is no longer present will still resolve the risk, even though the file is no longer available to be removed.