Symantec Endpoint Protection (SEP) clients show connecting to the Symantec Endpoint Protection Managers (SEPM) when viewed in the SEPM, but is not updating policies.

SEP On-Prem environment.

Excessive logging from misconfigured policies causing lag in the processing of updates coming from the client to the manager. 

The client status in the SEPM, will remain showing connected until two heartbeats (check-ins) are missed. When a group of clients is configured in such a way that large volumes of logs are being created and uploaded to the SEPM, it can overwhelm it and cause delays in the processing.

When there is a discrepancy between the client status showing in the SEPM and what you believe it should be, it's always a good idea to look directly at the client if possible to confirm if the client status is in agreement with what is being viewed in the manager.

As a normal process of troubleshooting, when no error messages are present, a quick look through the client logs often reveals issues such as this one.

Using the logs on the client, identify the features that are being logged excessively.

Review the policies relating to those features and modify appropriately.