I need to know the details of that perticular user who have chenged which existing symantec policy and when?
In SEPM -Reports- Quick Reports -Audit , this will show the policy change and the user made it
Audit The Audit report contains information about policy modification activities, such as the event times and types, policy modifications, domains, sites, administrators, and descriptions.
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
@Annik SAT: I would advise and recommend the Logon Banner text reflect that: "WARNING: AUDIT LOGGING IS ENABLED" of which any SEPM admin (or one entrusted with their creds to login - System Administrator, Administrator and Limited Administrator) should know their actions are monitored. Are you aware of: Which administrator activities are logged in the Symantec Endpoint Protection Manager console?(Article: TECH141668)
Marcus Sebastian Payne
"So cyberspace is real. And so are the risks that come with it."
- President Barack Obama