SEP Full Agent log...
I would like to see, within Endpoint Protection, a method to view the logs of every task an agent has performed: Start scan, stopped scan, threat identified, definitions updated etc. This would allow an administrator to easily determine the status of an agent at the time of an attack. What exact definition was the agent running when the threat/risk was identified? etc.
This presented itself when a client was attempting to "phone home" and was flagged by my firewall. After an extensive conversation with support we believe it would be beneficial to determine exactly what definition versions the client was running at the time (the incident occurred overnight and should have updated the definition while we were out of office). Working with support we were able to identify which definitions the agent should have been using, but we could not determine the exact version.