If you want proper commuincation between clients and SEPm you need Sylink Watcher or Sylink Monitor.
it will tell you that sylink reflect there policies for client to SEPm.
Before that you need to tamper Protection feature disabled before following these steps. (Tamper Protection does not need to be disabled on a SEP 11 client.) If Tamper Protection is not disabled, it will block the following Registry key modifications. To disable Tamper Protection, open the SEP 12.1 client, click Change settings, click Configure Settings (next to Client Management), click Tamper Protection, remove the checkmark from "Protect Symantec security software from being tampered with or shut down", and click OK.
- Click Start > Run
- Type in: regedit and click OK
- Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
- Double-click smc_debuglog_on
- Change the Value data to 1 and click OK
- Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
- Click Edit > New > String Value
- Name the new value: DumpSylink
- Double-click DumpSylink
- In the Value data field, specify the file name (Sylink.log) and desired location for the log file. Example: C:\Sylink.log
- Click OK
- Close the Registry Editor window
- Click Start > Run
- Type in: smc -stop and click OK
- Wait until the SEP icon disappears from the system tray. (Approximately thirty seconds.)
- Click Start > Run
- Type in: smc -start. Click OK. Sylink debug logging is now enabled; the sylink.log file will appear in the location specified in step 10.