We've got a server (Windows 2012) running version 12.1.6 of the SEP client. We ran an outside security scan on the system, which triggered a bunch of pop-up notices from SEP saying a Heartbleed attack was detected. This makes sense, as the security scan is checking for Heartbleed weaknesses, along with other things.
The weird thing is, we went into the SEP client console to check the logs, just to see what it said, and all of the security logs windows are empty. We can't see any indication of the detected events.
To cross-check, I went to the raw logs location ( \\servername\c$\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Logs ) and in seclog.log I can see multiple events.
Is something broken? SEP is clearly detecting events and logging them, but if they don't show in the client interface it would be easy to miss the event. This one is obviously intentional, but we'd hate to overlook an actual security risk. What could be going wrong that the client isn't showing these events?