Endpoint Protection client does not upload risk event to Endpoint Protection Manage when the log length is more than 1024 bytes
Last Updated May 09, 2019
Symantec Endpoint Protection (SEP) client does not upload risk event to Symantec Endpoint Protection Manager (SEPM) sometimes. The detection can be found in Risk Log and MMDDYYYY.log file under Logs\AV directory. However, there is no corresponding log entry in AVMan.log.
Max message buffer provided is not large enough to hold some of the log with length more than 1024 bytes.
Product code considers the maximum buffer size of 1024 to read a single line. But once the single line has length more than 1024 bytes for any reason such as the log has URL information for the detection, the log will not be written to AVman.log. As a result, the log will be skipped and not uploaded to SEPM.