You want to find logs for content that SEP (Symantec Endpoint Protection) clients have downloaded, including download source and file type.
Helps determine:
Logs may be exported to a csv file for filtering in a spreadsheet application. Downloads from a source with port 8014 or 443 are typically from a SEPM, and port 2967 is from a GUP.