search cancel

Endpoint Protection client does not upload risk event to Endpoint Protection Manage when the log length is more than 1024 bytes

book

Article ID: 174690

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection (SEP) client does not upload risk event to Symantec Endpoint Protection Manager (SEPM) sometimes. The detection can be found in Risk Log and MMDDYYYY.log file under Logs\AV directory. However, there is no corres​ponding log entry in AVMan.log.

Cause

Max message buffer provided is not large enough to hold some of the log with length more than 1024 bytes. 

Product code considers the maximum buffer size of 1024 to read a single line. But once the single line has length more than 1024 bytes for any reason such as the log has URL information for the detection, the log will not be written to AVman.log. As a result, the log will be skipped and not uploaded to SEPM.

Resolution

This issue is fixed in Symantec Endpoint Protection 14.2 RU1 by adding max message buffer size. For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec Endpoint Protection.