c:\porgramdata on a regular MANAGED (Domain Jioned/GPO best practice) W7 (W10?) client is NOT VISIBLE to the enduser.
I am unsure if he COULD access it but i doubt 95% don't know how to do that. In most Manages envoriments C: IS Hidden from
workplace and EXPLORER.
Hope this clears your question.
Still i'ts not very smart done. BUT i have to SAY in the EPO Policy YOU CAN CHANGE the logfile to 5 different location (%Temp%, special folder etc.)
So what is the point of not showing log entries ?
The \PROGRAMDATA directory is initially hidden by Microsoft design; it's the new version of the previous \DOCUMENTS AND SETTINGS directory on older Windows operating systems.
Non-admin users should be able to unhide or browser manually to the \PROGRAMDATA directory as needed, unless you have further domain GPO restrictions on them.
But this is not explain why you cant see any entries in the GUI.
What type of events? Firewall events do not appear in the ENS GUI interface (unless you mark the FW rule as LOG MATCHING TRAFFIC); they will be logged to the FirewallEventMonitor.log file by default. This is by design. Page 24 of .McAfee Corporate KB - Endpoint Security 10.5 Product Guide PD26799.