You have configured your Symantec Endpoint Protection Manager to forward logs to your Security Information and Event Management (SIEM). You notice that Application and Device Control logs are not being forwarded. Other types of Symantec Endpoint Protection logs are being forwarded as expected.

Your Symantec Endpoint Protection Manager is not configured to forward Application and Device Control logs.

Navigate to your Symantec Endpoint Protection Manager external logging settings (Admin > Local Site > Configure External Logging). Select the "Log Filter" tab. Check that the "Control Log" box is checked and configure the severity for Client Logs that will be forwarded according to your environment.