Multiple Symantec Endpoint Protection Manager email notifications are sent for old events

Article:TECH144817  |  Created: 2010-11-23  |  Updated: 2013-05-30  |  Article URL http://www.symantec.com/docs/TECH144817
Article Type
Technical Solution


Issue



The Symantec Endpoint Protection Manager (SEPM) has been configured to send email notifications for risk events, e.g. Single Risk Event or Risk Outbreak by Number of Attacked Computers, with a damper period. The damper period is designed to prevent a flood of notifications or emails for several similar events within the same time period. For example, a Single Risk Event notification with a damper period of 20 minutes should be limited to one email for any number of similar events during a 20-minute period.  

When the notification condition is triggered, a single email notification is received as expected during the damper period, however, many more notifications for the same event(s) are received later, well after the damper period is expired.


Solution



One possible cause of this behavior has been corrected in SEP 11 RU7 MP1.  Please upgrade to the latest available release to receive this fix.

For SEP 12.1, a fix to improve the behavior was released in SEP 12.1 RU1 (applicable to both the Enterprise Edition and Small Business Edition). Additional improvements were added in SEP 12.1 RU1 MP1.  Please upgrade to the latest available release in order to take advantage of all enhancements and improvements. 


Supplemental Materials

SourceETrack
Value2212158
Description

SEP 12 SMB -- Multiple Risk Outbreak email notifications are sent within the Damper period


SourceETrack
Value2233045
Description

SEP 11 RU6 MP2 --- SEPM email notifications sent repeatedly for old events


SourceETrack
Value2681891
Description

SEPM email notifications are sent repeatedly for old events

 



Article URL http://www.symantec.com/docs/TECH144817


Terms of use for this information are found in Legal Notices