I am running Symantec Endpoint Protection Manager 12.1.3 on a Windows 2008 server. Clients are the same version installed on Windows 7. What I am seeing is notifications that the server is sending out showing risks found on computers. These risks are shown to be in locations that don't exist, for users that have never accessed that machine and sometimes even computer names that don't exist. I am seeing this about once a month.
This is on a fresh install of SEPM on a newly built server with no other apps running on it. The clients that are connected to it are up to date and reporting correctly in the SEPM and when I look at the computer status in the Monitors it will show up as not infected.
I am curious why the Protection Manager is generating these reports.