Multiple eMail notification when new risk is detected
Created: 08 Jun 2012 | Updated: 08 Jun 2012 | 18 comments
Hello, since I upgrade SEPM from 12.1RU1 to 12.1RU1MP1, when client detect a nex risk I receive a mail to notifie me that a new risk has been detected and every 10 minutes I receive another mail. This is how is configure 'Notification' :
Mails :
What's wrong with this notification policy ?
Thanks.
Discussion Filed Under:
Comments 18 Comments • Jump to latest comment
can you delete the policy and create a new one with same settings and let know if it fixes?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hello pete, I delete and recreate the policy, and that doesn't fixe.
DCourtel.
End User Support Technician
Publish Third Party Applications in Wsus : http://wsuspackagepublisher.codeplex.com/
Hello,
If the number of Single Risk Event notifications is small, removing/re-creating the notifications will resolve the issue. This works because newly created notification conditions will include the time zone name value.
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Hi Dcourtel,
It's happening because damper protection setting is set to 'Auto'.
Set the specific time setting and monitor the difference.
I hope it will resolve your issue.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Trying with 20 minutes. I wait for the next virus :-)
DCourtel.
End User Support Technician
Publish Third Party Applications in Wsus : http://wsuspackagepublisher.codeplex.com/
You can use this for testing
http://www.eicar.org/86-0-Intended-use.html
:)
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Did you tryed by changing the damper settings?
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Hi Folks,
same issue here. One Event creates 6 Notification being sent exactly every 10 minutes.
I have a NEW SEP 12.1 RU1 MP1 Installation.
Regards,
Holger
------
Holger Mundt | I.Tresor GmbH & Co. KG | Germany | http://www.i-tresor.de
Hello HolgerMu, edit the notification policy and set the "Damper" setting to 5 hours. It's very funny.
DCourtel.
End User Support Technician
Publish Third Party Applications in Wsus : http://wsuspackagepublisher.codeplex.com/
Setting the Damper Setting to 20 Minutes sends 2 Messages per Risk event within 10 minutes
I assume 30 minutes sends 3 messages for 30 minutes and so on....
5 Hours only sends 1 Message....funny funny stuff
------
Holger Mundt | I.Tresor GmbH & Co. KG | Germany | http://www.i-tresor.de
any news about this Problem
We had this problem and this is what Symantec Enterprise Support had us do:
"There may be a workaround. Try editing the conf.properties file located at Program Files (x86) \ Symantec \ Symantec Endpoint Protection Manager \ tomcat \ etc\
Edit the line scm.securityalertnotifytask.notification.interval=1
Change the 1 to 59."
Our value was 10.. but after changing it to 59 as suggested the problem went away.
Supplemental Materials
SEP 12 SMB -- Multiple Risk Outbreak email notifications are sent within the Damper period
SEP 11 RU6 MP2 --- SEPM email notifications sent repeatedly for old events
Additional improvements are expected in the next release of SEP12.1
Mohan Babu
moglie20@gmail.com
+91 9884382160
Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)
Having this stupid problem after upgrading SEPM to the latest version. Email every 10 minutes for the Virus definitions out-of-date alert. Deleting and re-creating the alert doesn't help.
I'm running RU1, MP1. The article linked above states this is fixed in RU1?
I had no problem with this on RU1. Stupid Symantec, fix one thing, break 10 other things as usual.
When i spoke to Symantec Enterprise support about this they said yes they did fix it in RU1, but it appears that it became broken again in RU1MP1... lol
Please try the following.
Delete the notification, wait for a day and then re-create the same notification.
why? 1 day is the magical number? why not two or three days?
I'm trying the suggestion Muad'Dib has above. Hopefully it works, but who knows what else it's going to break?
It works.. and the suggestion came directly from Enterprise Support. We havent experienced any fallout from the setting change. They did mention however when the next release is sent out that you should roll back this setting before updating.
Would you like to reply?
Login or Register to post your comment.