Symantec Endpoint Protection detected Risks while you were logged out
we are piloting SEP 12.1 GA.
Sometimes pilot users logon and get a popup "Symantec Endpoint Protection detected Risks while you were logged out. You may need to open the AntiVirus and Antispyware Protection Risk Log to view and take action on the risks"
Inspection of the virus and spyware logs on the client (as admin) does not show any detection.
Has anyone else seen this? Is it a bug in 12.1 - i.e. the fact that there was apparently no detection, but the user gets a popup saying there was something detected?
The following article refers to how to turn this off for SEP11, which also works for 12.1, but being a security engineer responsible for our SEP 12.1 design, I would like to understand if the notification is being incorrectly triggered. I would like it to appear if there really is something found.