In an environment using the Linux agent included in Symantec Endpoint Protection (SEP) 14.3 RU1 or later, a virus is detected, but the record isn't sometimes uploaded to Symantec Endpoint Protection Manager (SEPM). So the the risk log cannot be confirmed on SEPM console. Also, although the log of the start of the scheduled scan is recorded, the log at the time of completion is not uploaded, so it seems that the scan is continuing and the next scheduled scan started.

I would like to know the reason why the log cannot be checked normally on the SEPM console.

Release : 14.3 RU1 or later

When the Linux agent sends risk logs, it attempts to send them to the SEPM with the connection information registered in the Sylink.xml file created according to the settings in the management server list assigned to the group the agent belongs to.

If due to any reason, risk log upload fails, we do not retry to upload the logs which failed to upload previously. 
Therefore, if the connection destination selected after risk detection cannot communicate, the log will be missing.

This issue occurs only with the logs contained in AVMan.log.

CRE-10789
CRE-11666