In Symantec Endpoint Protection Manager (SEPM) > Quick Reports > Risk Reports, you select log type as Risk and report as Comprehensive Risk report. In the report, the risk severity is Unknown for a number of items.

Symantec Endpoint Protection Manager 12.1

Risk severity is set based on the following categories:

1 - Very Low 
2 - Low 
3 - Moderate  
4 - Severe  
5 - Very Severe  

If there is no category value in the LiveUpdate virus content, however, the Risk severity is set to a default value of -1. If the category in the VIRUS table is updated from Security Response, but the virus name is not present in savlisting.xml, then the category will not be updated and keep the default value. Similarly, Security Response may return a category value of 0. As both values are unknown to the reporting component, it is presented as such.

With SEPM 14, the default category and maxcategory were changed from -1 to 1 in a fresh installation. During a SEPM upgrade, default category and maxcategory are set to 1 and values are updated to 1 if they are -1 or 0. Security Reponse also ensured their default 0 category defaults to 1 for the purpose of savlisting.xml file generation.