Endpoint Protection

Upon investigating a recent risk event, I noticed that the local system AV log located in \ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Logs\AV contained entries for "Internet browser temporary file cache" and "Browser Cache Remediation Delete Internet browser temporary file cache". However, when viewing the risk log (Monitors->Logs->Log type Risk) for the same system in the SEP Manager, this information was not presented. Any reason why these particular details would not be displayed when viewing the risk log information in the SEP Manager? The risk name in question is WS.Reputartion.1 and the action taken was 'Deleted'.        

Did you verif the client is connected to SEPM and uploading its logs in general? Depending on heartbeat intervals it may have not yet checked in and uploaded them.

Thanks for the quick reply Brian. All looks well with the client as its successfully connecting to the SEPM and uploading logs,etc. In this case, I can view the log in SEPM and see event information such as Risk Name, Action taken, etc but it would be helpful to also see Event Data such as "Browser Cache Remediation Delete Internet browser temporary file cache" without having to access the log on the system directly. I was more curious than anything as this may be expected behavior.         

It just may be that specific line/entry isn't included in what's uploaded to SEPM, but, someone from symc with internal knowledge may need to confirm/deny.