It will shows as it was reported on previous days and Query to taking data from DB, Better purge that machine threat event log through ePO server task.
- Create a threat events query where define that machine events only under filter tab.
- Now navigate to ePO server task and give below action as per screen shot.
- Once server task create, Manually run the task. It will delete all the records for particular that machine. Refer below an example of server task log.
- Once done, That machine will not come again in threat detection report.
"with a very old "Last Communication" date and time" leads me to believe you also now have two systems/objects in ePO (One old/infected and one new/reimaged) If you're not cleaning up duplicates, you will probably want to delete the old system from ePO, especially if you are monitoring things like DAT compliance. There is a pre-defined Query called Duplicate System Names to make it easier to find.
That was one of the other things that we found as we did more research. Once we deleted the duplicates, there were quite a few things that went away. The Duplicate System Names and I are best friends.