Single risk event notifications generate duplicate emails once every three minutes.

Article:TECH190349  |  Created: 2012-06-04  |  Updated: 2013-03-28  |  Article URL http://www.symantec.com/docs/TECH190349
Article Type
Technical Solution


Environment

Issue



Single risk notifications are configured within the Symantec Endpoint Protection Manager (SEPM). When a single risk notification is generated, it sends an email for the same event approximately once every three minutes. The insert time for the event in the database is the same in every email.

 


Environment



Observed with fresh install of SEP 12.1 RU1 MP1. Embedded database.

 


Solution



This problem is fixed in Symantec Endpoint Protection (SEP) 12.1 Release Update 2 (RU2). For more information on obtaining the latest version of SEP, see Obtaining the latest version of Symantec Endpoint Protection or Symantec Network Access Control.

 

If it is not immediately possile to upgrade, a workaround has been identified:

 

Workaround:

  1. Make a backup of conf.properties (found in the Symantec Endpoint Protection Manager installation path, under "\tomcat\etc\")
  2. Edit conf.properties and locate the line scm.securityalertnotifytask.notification.interval=1, changing the value to 60.
 

 


Supplemental Materials

SourceETrack
Value2788568



Article URL http://www.symantec.com/docs/TECH190349


Terms of use for this information are found in Legal Notices