Reviewing the Investigate tab Audit events in ICDm shows an Adaptation Policy was updated by the User System.

The Adaptation Policy is updated automatically whereby the granular behavior rule exceptions/adaptations can be automatically added and managed based on telemetry for Adaptive Protection.

The Adaptations Policy is not viewable from the Policies tab. The policy is listed on the Device page and can be opened for viewing from the device tab only. These adaptations are for EDR Incident Rules.

Adaptations are essentially exceptions Incident Rules based on telemetry from an environment. Telemetry from your specific environment helps determine the adaptations.

Symantec uses machine learning and a set of internal rules to create these adaptations for your environment.

Adaptations are automatically applied to the devices that use the policy. The adaptations are applied as an internal policy. They can be denied or accepted under the Managed Exceptions tab within Policies > Adaptive Protection Settings.