This server has no internet access I found out later. where is the risk log located? I found this under c:\users\administrator\symantec \symantec log:
2A000A032231,46,1,2,Eserver,Administrator,ACG,C:\Users\Administrator\AppData\Local\Temp\DWHCADB.tmp,5,1,1,256,33554436,"",1326195286,,0,101 {AE2A45AC-2C0D-4F8F-B29D-D4F621A9846D} 0 1 ACG 2;0;13 0 0 ee795f73-c7c0-4067-b429-9d651e27f669 0,0,10823,0,0,0,,,0,,0,0,1,0,,{23FCD9FE-4776-40C1-B5F6-8D969F6339B2},,,,domain,84:2B:2B:01:C9:3B,11.0.6000.419,,,,,,,,,,,,,,,,999,,091d987d-a428-425d-bef1-39242b4f8978,0,,
2A000A032231,5,1,2,Eserver,Administrator,ACG,C:\Users\Administrator\AppData\Local\Temp\DWHCADB.tmp,5,1,1,256,37769284,"",1326195286,,0,201 4 3 0 0 5 1 6 0 0 0,1333535321,10823,0,1,0,0,0,0,,0,2,4,0,,{23FCD9FE-4776-40C1-B5F6-8D969F6339B2},,,,domain,84:2B:2B:01:C9:3B,11.0.6000.419,,,,,,,,,,,,,,,,0,,091d987d-a428-425d-bef1-39242b4f8978,259784710,,