What is the meaning of each “Action taken” criteria in the Symantec Endpoint Protection Manager (SEPM) event notifications?