Issue:
When configured the SEPM (Symantec Endpoint Protection Manager) to compress identical "risk found" events; identical risk events found within the same one-hour interval are compressed into one summary event with a count. The database settings in the SEPM site properties have been configured to delete compressed events after a number of days.
To know the details of the risks that are summarized:
<
p>check the details of a summarized event, the File/Path section which show each folder where individual detections occurred. This is because the original events are still in the database and can be referenced by the summary event. When enough time has passed, the File/Path section no longer shows the same details. This is because the original records have been deleted based on the "Delete Compressed Events" setting. The summarized event is still a Risk Event and it’s deletion is governed by the "Delete Risk Events" setting.