configure new  eicar alert
and refer this doc check if you get any kind of alerts

Symantec Endpoint Protection Manager: EICAR events don't send Email Notifications

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008040309460648
we need to check if your previous alerts are not working, or all the alerts

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008031219333348

Thank you!

damper is amount of time interval, by default its 1 hourt
is it possible that your mail server  might be rejecting these alert?

please check this

The Symantec Endpoint Protection Manager cannot send email notifications to a SMTP
server configured to require Secure Password Authentication. You will need to configure SEPM
to use another mail server that does not require SPA or disable the requirement of SPA from
your current email server.

http://service1.symantec.com/support/ent-security....

https://www-secure.symantec.com/connect/forums/no-notifications-no-email-notifications
 

Hi dca2r,

Make sure that there is no firewall or other component which blocks the $ character in email header information.  There's an issue which applies to RU5 on Windows 2008.  Details are in the following article:

"Email sending failed. Invalid character ('$') in username" when sending Reports from Symantec Endpoint Protection Manager

As your scheduled reports are getting through, though, I don't know if this applies.....

You may wish to use Exchange's message tracking capabilities to see if you can identify the mails from the SEPM, and see if there are any log entries about actions taken on them.

Thanks and best regards,

Mick

To check if the problem is with reporting server or not, try this.. create a test admin account in sepm and try to get an account lock out e-mail for that... also, try the same with an 'authentication failure' notification... if there is a problem, please get us the catalina.out from manager\Tomcat\Logs ... And as the gentleman says, check ur exchange queue...

If this happens due to the reporting component files mismatch or corruption, a repair install of SEPM should take care... ;)

Cheers,
Visu.

Risks events
are sent only once in a day ( I read it somewhere :) )
remove single risk event and try  only new risk event, you should get it after sometime (24 or damper period)
i think you should get after 24 hours..however I would love to see the results.

It seems like your reporting component is absolutely fine...:) ... AFAIK, new risk detected is for threats picked up by PTP and not AVAS.... single risk event is the one which notifies for AVAS... correct me if am wrong.. :)

Cheers,
Visu.

Ok, I will try that.. Just so you know, I get the e-mail from single risk event almost immediately. I have try about 7 times today and I get them every time.

I will keep you informed.

The New Risk Alert will only ever fire once for any given virus.

If you have ever had a New Risk Alert notification for a specific threat (Eicar for example) you will never get another for that specific threat.

Let me see if I understand this. The New Risk Alert is a onetime deal? If that is the case, which alert will you recommend I use to notify me of any security risks more than once?

does yur exchange have spa disabled?

Hi drudnev,

I do not manage or work with our xchange servers so can't tell you.

Sorry