After upgrading the Endpoint Protection Manger to 14.2, the Client activity logs no longer show the definition source when a client updates its content. This does not allow an admin to identify if the source is from a specific manager, group update provider, liveupdate administration server or from the public liveupdate servers.

The client activity log shows /content/{810D5A61-809F-49c2-BD75-177F0647D2BA} for the remote path when the expected results should be shown as 
<Server name(IP address)>:<port>/content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/180916024/xdelta180916024_To_180916032.dax

There was an overhaul of portions of our communication, and this logging change was an accidental side effect.

This issue is fixed in Symantec Endpoint Protection 14.2 RU1. For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec Endpoint Protection.