The current version of the Symantec Endpoint Protection Small Business Edition (Symantec.cloud) incorrectly identifies Unresolved Risks as "green" items on the affected computer's history log.
As a result, the only the client sees the pop-up. The Managed Services Provider or anyone else who is controlling the client's software and site does not receive an email notification. And if the client doesn't click on the pop-up (and we've taught them not to, right?), then it is up to us to find out about the issue - which doesn't present itself on the Computer page, nor on the PMC.
Symantec, please - you flag cookies as risks, which is absurd! Could you PLEASE flag an unresolved risk as something we should take action on?