nacatomi, thank you very much, that is most certainly helpful, looking for log files, checking the "symantec" folders and even just a search for files modified today I couldn't find anything that had reboot in it.
Completely slipped my mind to look for "Norton".
Yes, we certainly have lots of event id 1074, and exactly that text/description, which I've been Googling and checking forums, articles, and my notes from previous companies/issues, and going over every single startup process (since winnit.exe is the "Start Up Program", and coming up with nothing, the only thing I've been able to say is "Well, there have been some Symantec Cloud updates recently... bit coincidental" to the management, which obviously isn't very impressive, but I have ruled out soo many possibilities in the last week, our patching system, some rogue Windows Update Microsoft have decided to push out, any installations, or system wide program updates, power fluctuations, virus outbreak, etc. etc.
I've justed a laptop of a nearby user that rebooted this morning, and indeed he has a log file:
HotFix-2014-03-07-08h43m28s.log
with the line:
2014-03-07-08-43-29-389 : 0x14A4 : Information : force reboot
which is when he wrote down his laptop rebooted.
I'd be on the phone with them now, except we're in the UK and their phone lines aren't open yet!
Something we are not happy with when it's a global service, should have 24/7 telephone support.
I'm going to try to collate these log files from various computers, this particular user has had it every morning! That way I can see if it's one Hotfix that's struggling on some computers more so than others, or if it's a series of hotfixes. Don't think it's Virus Definitions updates at this point.