ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

IPS Action taken not reported to Endpoint Protection Manager for Mac clients.


Article ID: 221439


Updated On:


Endpoint Protection


When reviewing logs on the Symantec Endpoint Protection Manager (SEPM) or when exporting these logs to an external logging server (syslog server), the Action field is not populated for IPS events reported by macOS clients.  Reviewing the firewall logs on the Mac itself shows an action, such as "Vulnerability Blocked"


Our Engineering team is investigating this issue and will update this document when a solution becomes available.