As Chuck mentioned those are CSP IDS "Collectors" which are responsible for such things as monitoring the registry, windows event logs, etc... These collectors do cache events in certain circumstances, specifically on very busy systems, likely these are snippets of events while the shutdown process of the executable is occuring. The "cache" is basically a FIFO (first in first out) scenario, as a sub process "sanity" checks the log or file message (event) before it is injected into the log files below, where it is then processed by logger.exe which eventually injects them into the CSP DB.
If actual events were being deleted then you would see them removed from :\program files (x86)\symantec\ciritical system protection\agent\scsplogs\SISRTevents.csv or SISIDSevents.csv