Multiple Symantec Endpoint Protection Manager email notifications are sent for old events
|Article:TECH144817|||||Created: 2010-11-23|||||Updated: 2012-07-31|||||Article URL http://www.symantec.com/docs/TECH144817|
The Symantec Endpoint Protection Manager (SEPM) has been configured to send email notifications for risk events, e.g. Single Risk Event or Risk Outbreak by Number of Attacked Computers, with a damper period. The damper period is designed to prevent a flood of notifications or emails for several similar events within the same time period. For example, a Single Risk Event notification with a damper period of 20 minutes should be limited to one email for any number of similar events during a 20-minute period.
When the notification condition is triggered, a single email notification is received as expected during the damper period, however, many more notifications for the same event(s) are received later, well after the damper period is expired.
Symantec is aware of this issue and is currently investigating it.
This document will be updated as soon as more information becomes available.
One possible cause of this behavior has been corrected in SEP 11 RU7 MP1. Please upgrade to the latest available release to receive this fix.
For SEP 12.1, a fix to improve the behavior was released in SEP 12.1 RU1 (applicable to both the Enterprise Edition and Small Business Edition). Additional improvements are expected in the next release of SEP 12.1.
SEP 12 SMB -- Multiple Risk Outbreak email notifications are sent within the Damper period
SEP 11 RU6 MP2 --- SEPM email notifications sent repeatedly for old events
Article URL http://www.symantec.com/docs/TECH144817