The behavior as noted in additional replies is extremely unusual for an default agent deployment. Are there any post installation configurations you performed i.e. rule modifications? Are you already working with support on this item in which configurations have been uploaded?
To better evaluate:
Turn on tracing on endpoint
Attempt login
Turn off tracing on endpoint
This will expose if the interaction is taking place at the agent and what the response would be. I'm a bit perplexed that the seaudit log is showing no entry as by default a Login action (Permit or Deny) should be getting logged. Further review of the trace and endpoint configuration would be needed to pinpoint the issue.
I'll touch base against after the holiday see if made any headway.