Endpoint Protection

 View Only

  • 1.  Multiple copies of the same alerts and reports

    Posted Apr 01, 2014 05:29 PM

    I have three SEPM servers (SEPM version 12.1.4) in different sites which all replicate and work fine, however the annoying thing is when one of them triggers an email (report, risk detection etc) I get three copies, one from each SEPM.

    For example I have setup the monthly risk report and it gets emailed to myself and management on the first day of each month but we get three emails with the same report.

    To work around this I have turned off (purposly missconfigured SMTP settings) on two of the SEPM servers so only one will successfully email the reports / alerts, the down side to this is virus detections and security risk events (which I want to know about ASAP) are delayed until replication has taken place.

    Does anyone know if there is a way to designate one SEPM server as the "email / alert server" or does Symantec have something in the pipline to address this.

     

    Many thanks



  • 2.  RE: Multiple copies of the same alerts and reports

    Posted Apr 01, 2014 05:52 PM
    Just disable the alerts on two of the SEPMs. I believe this is the only way currently.


  • 3.  RE: Multiple copies of the same alerts and reports

    Posted Apr 02, 2014 01:00 AM

    Its a bug, what you have currently done is a workaround

    When logs are replicated between Symantec Endpoint Protection Manager sites, duplicate email notifications may be received

    http://www.symantec.com/business/support/index?page=content&id=TECH98265