Video Screencast Help

Repeat Notifications about a machine no longer on the network from SPEM

Created: 11 Oct 2012 | 4 comments


We keep getting notifcations from SEPM


Risk Risk Type  = Trojan.Tracur Malware

File / Entry

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\SRTSP\Quarantine\APQ8C7.tmp

 This computer is no longer on the network, this pc is unplugged and sitting on the floor next to me.  Been this way for two days, and these messages have a date time of 10/05/2012 13:30:49 yet we are getting these messages now.

We just got over 100 message in 10 minutes. 

We think it has to do with SEPM, we use 12.1

Any ideas? 

Comments 4 CommentsJump to latest comment

Ashish-Sharma's picture

Symantec Aware this issue may be resolved next  SEP 12.1 RU2.

As of now, the SEP 12.1 RU2 is under BETA testing.

Incase, if you are interested in Beta Testing for SEP 12.1 RU2, check this :

Check this thread

Thanks In Advance

Ashish Sharma

Chetan Savade's picture


You should change damper setings for risk outbreak notification.

The damper period specifies the time that must pass before the notification condition is checked for new data. When a notification condition has a damper period, the notification is only issued on the first occurrence of the trigger condition within that period. For example, suppose a large-scale virus attack occurs, and that there is a notification condition configured to send an email whenever viruses infect five computers on the network. If you set a one hour damper period for that notification condition, the server sends only one notification email each hour during the attack.


Also refer this article: How to Manage Quarantined files.

How to delete Quarantined items from the Symantec Endpoint Protection Manager.

Security Response recommendations for Symantec Endpoint Protection settings

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mithun Sanghavi's picture


Are you facing issue related to Multiple Email Alert being received every 3 minutes.

Symantec is aware about this issue. The Issue seems to have been resolved in the Upcoming Version of SEP 12.1 RU2

Check this Article:

Single risk event notifications generate duplicate emails once every three minutes.

Meanwhile could you check with following workaround:

Can you set the value of securitynotifytask.notifcation.interval to 59 in

Default Location of C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\

Add the following line to


This change should create delay in multiple email response.

Check these Threads -

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

ᗺrian's picture

Delete the machine from SEPM

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.