Computers installed with Symantec Endpoint Protection that were decommissioned still show in the SEPM (Reports > Computer Status > Computers Not Recently Updated > Past Month) when originally imported from Active Directory.
To remove decommissioned computers installed with Symantec Endpoint Protection that were originally imported from Active Directory, it is necessary to first delete the clients from Active Directory and then sync the SEPM with Active Directory. After SEPM has synced
, entries are removed from sem_client, sem_agent and sem_computer tables, but the reporting tables are kept to provide data to support for generating older reports.
As per design the (Reports > Computer Status > Computers Not Recently Updated > Past Month) shows all the clients available in SEPM during last month, but last updated before 30 days by querying reporting table in backward fashion, hence it will retrieve all clients beyond the 30 day period. So the decommissioned computers will drop out all of the reports in approximately 45 days from when the clients are deleted from Active Directory and SEPM has resynced with Active Directory.
Note: Using the "Delete clients that have not connected for specified time (x) days" from (SEPM > Admin > Domains > Edit Domain Properties) is only applicable for clients that were not imported from Active Directory.
Imported Document ID: TECH222747
Subscribing will provide email updates when this Article is updated. Login is required.