"1 Endpoint needs attention We recommend you check whether this endpoint has automatic remediation enabled on the assigned policy."
I've checked the settings and I see nothing called "Automatic remediation".
I've tried running another scan and it still just says it's infected. I've also tried using the cleanup command but that doesn't work either. If I click on the actual threat, the only option is "Create override". What am I supposed to do? So far it's not very straight forward. Where is the clean command? How can I make sure it's been quarantined?
Best answer by pcman
The learning scan is the first scan that occurs when you first install SecureAnywhere. By enabling "Automatically remove threats found on the learning scan" this means that if any infections are found when you initially roll out SecureAnywhere the cleanup process will start (although it still might require a reboot depending on the type of infection found).
The default for this option is off to allow people to 'evaluate' the infections in their environment upon first rolling out SecureAnywhere. You have to consider that the computer is already infected ; the damage is done so to speak and so it might be a good idea to analyze the overall threat status of your machines to see if there is a common reason why all the computers were infected to begin with (perhaps all the machines that were already infected when you rolled out SecureAnywhere did not have the latest Windows Updates) - it is simply a best practice option but by all means if you want to remediate infections immediately upon rolling out SecureAnywhere then enabling "Automatically remove threats found on the learning scan" will do the trick.
Considering that the status appears to be green / protected after the reboot this suggests that a reboot was required to complete the cleanup process and explains why all the scans that occurred before the reboot would still have reported the infection.
There are policy options to automatically reboot during cleanup however this can be frustrating for end users if they are in the middle of something which is why it is disabled by default.
Thanks for letting us know that you resolved the issue this along with our tips should hopefully provide guidelines for others who encounter a similar scenario.