When SEP (Symantec Endpoint Protection) detects a risk, a hash value is usually (but not always) generated and provided in the detection event details.
Missing hash value in SEP risk detection event details.
Files where the path which is unavailable for some reason (file locked or in use), or that are Linux files as indicated by the forward slash (/) in the file path, or files stored in archival format (e.g. a compressed file), do not generate hash values in risk detections.
SEP is functioning as designed. The absence of hash generation in SEP Mac and Linux detections should be addressed in a future version of SEP 14.