The Symantec Endpoint Protection (SEP) event collector does not collect events.  After further research into the problem deadlock errors are found in symcep.log.

Problem with query: Transaction (Process ID 51) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.

Deadlocks are caused by two processes trying to access the same resource at the same time.  When a deadlock occurs, the database system allows the current process accessing the object time to complete.  Once what the system is programmed to allow has passed, if the process has not released the object, the process is flagged as the "deadlock victim" and is killed by the system.

To resolve this, add a lockTimeout value to the Database URL string in the SEP Collector sensor configuration.

To add the lockTimeout value, at the end of the Database URL string, add a semi colon, then lockTimeout=<enter value>.

Here is an example:  jdbc:sqlserver://222.222.222.222:1433;DatabaseName=sem5;lockTimeout=5000