It would be in the audit log if anywhere, bu it may not go to that level of detail.
Usage is covered in the product guide, but basically:
Use the Audit Log to maintain and access a record of all McAfee ePO user actions. The Audit Log entries are displayed in a sortable table. For added flexibility, you can also filter the log so that it
displays only failed actions, or only entries that are within a certain age.
The Audit Log displays seven columns:
• Action — The name of the action the McAfee ePO user attempted.
• Completion Time — The time the action finished.
• Details — More information about the action.
• Priority — Importance of the action.
• Start Time — The time the action was initiated.
• Success — Whether the action was successfully completed.
• User Name — User name of the logged-on user account that was used to take the action.
Audit Log entries can be queried against. You can create queries with the Query Builder wizard that target this data, or you can use the default queries that target this data. For example, the Failed
Logon Attempts query retrieves a table of all failed logon attempts.
Thank you rackroyd