Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

About Alert

Created: 10 Jun 2013 | 4 comments

 We created Single Risk Event notification, and set the tamper to 20 mins. When we received the "Single Risk Event", there will be another email with subject "CRITICAL: NETWORK VIRUS DETECTED" received 10 mins after every "Single Risk Event" email.
May I know what  type of notification or report setting define and trigger "CRITICAL: NETWORK VIRUS DETECTED" email?
Is this a notification or report?
If it is a report, how can it be generated in 10 mins after each notification, and be received many times in 1 day? As I know, report can only be sent once per day. Thanks

Operating Systems:

Comments 4 CommentsJump to latest comment

pete_4u2002's picture

what is the SEPM version?

disable the notifications that have been set.

Chetan Savade's picture

Hi,

There are two weekly scheduled reports & seven pre-defined notifications configured by Symantec.

Delete the notification and recreate it & check whether it makes any difference or not?

This is the only notifcation showing incorrect information?

Schedule Reports location: SEPM --> Reports --> Scheduled Reports

Predefined Notifications location:

SEPM--> Monitors--> Notifications --> View Notifications --> Notifications Conditions

 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mithun Sanghavi's picture

Hello,

What version of SEP 12.1 are you running?

Symantec is aware about this issue. The Issue seems to have been resolved in the SEP 12.1 RU2

Check this Article:

Single risk event notifications generate duplicate emails once every three minutes.

http://www.symantec.com/business/support/index?page=content&id=TECH190349

Meanwhile could you check with following workaround:

Can you set the value of securitynotifytask.notifcation.interval to 59 in conf.properties?

Default Location of conf.properties: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties

Add the following line to conf.properties.

scm.securityalertnotifytask.notification.interval=59

This change should create delay in multiple email response.

Check these Threads - 

https://www-secure.symantec.com/connect/forums/multiple-email-notification-when-new-risk-detected

https://www-secure.symantec.com/connect/forums/notifications-every-minute-single-risk-event

https://www-secure.symantec.com/connect/forums/single-risk-event-e-mails-sep-12ru1mp1

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Mick2009's picture

"Thumbs up" to Mithun- notifications have been working pretty well for me in recent builds of SEP.

The most important thing to check as an admin, of course, is what threats are being detected in your environment and if they are being completely cleaned.  Check those notificatiosn and reports daily to ensure that the SEP clients are keeping your organization safe.

With thanks and best regards,

Mick