IPS Action taken not reported to Endpoint Protection Manager for Mac clients.

book

Article ID: 221439

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When reviewing logs on the Symantec Endpoint Protection Manager (SEPM) or when exporting these logs to an external logging server (syslog server), the Action field is not populated for IPS events reported by macOS clients.  Reviewing the firewall logs on the Mac itself shows an action, such as "Vulnerability Blocked"

Resolution

Our Engineering team is investigating this issue and will update this document when a solution becomes available.