Hi,
Thank you for posting your query on Symantec community & would be glad to assist you.
During the installatin of the SEPM most important notifications and reprots are pre-configured. Can verify it under SEPM --> Monitors --> Notifications --> Notification Conditions & SEPM --> Reports --> Scheduled report
Details of pre-defined notifications are listed here: http://www.symantec.com/docs/TECH91535
Risk outbreak is one of the important notificaiton & enabled by default.
Risk Outbreak: You can set the number and type of occurrences of new risks and the time period that should trigger this type of notification. Types include occurrences on any computer, occurrences on a single computer, or occurrences on distinct computers.
Note: If you set the notification damper period to None, you should make sure that clients can upload critical events immediately. The Let clients upload critical events immediately option is enabled by default and configured in the Communications Settings dialog box.
I will suggest you to configure Single risk event.
Single risk event: This notification is triggered when a single risk event is detected.This notification triggers whenever virus and spyware scans detect a new risk. The notification includes the affected user, computer, and the actions that the management server has executed.
The settings indicates the length of the limitation (time) period in minutes or hours that you want to use for notification. A notification will take place as soon as a single risk event is generated. Future notifications will be retained, during the restriction period and sent every 60 minutes as configured.The limitation (time) period helps to get events into a manageable number (efficient process), and so that there isn't around hundreds of emails, all at once .This avoids the situation, when a virus does not occur, and in addition, when there is e-mail system and network load to consider.
The default setting for the limitation period is "Auto" (Automatic) . This means that every 60 minutes, a notification is sent until no further infections occur in your network. This value can not be set below 20 minutes, in order to avoid multiple triggered notifications, which in turn, would generate multiple emails being sent.
If configured Single risk notififcation however it takes at least 20 minutes for this notification to be generated by the SEPM. The on-screen notification appears immediately on the SEP client. This is to be expected. Event Notifications and Event Log Forwarding are separate steps. Virus events will be written from the client to the server based on the log aggregation setting on the client, but alerts/notifications will be generated based on the Notification Damper setting.
While setting up notifications in the SEPM, you notice that you can set a damper on the alert. The default selection for this setting is Auto, yet there are other settings, varying from 20 minutes to 10 hours. The auto setting for the damper is set for 60 minutes.