What is the difference between a "new risk" and a "single risk event?"
We did a test virus yesterday and got flooded with emails.
We deleted the "single risk event" notifications. Apparently that's an unsolved SEP issue.
We still have "new risk" notifications set up. What does "new risk" mean exactly?
We ran another test today. Same test virus. We don't get any notification though -- This is because that virus has already been seen on that machine, right? Seen and deleted yesterday. Ditto for today, but no notification since it had been seen before.
Ah... Nevermind.... The email just came in. It took a full ten minutes.
That's our solution to the notification flood problem -- delete the "single risk event" notification which floods. Just have "new risk" notifications.
We're still wondering exactly how Symantec defines those though if anyone knows.
hi, Check this thread
Check symantec employee coments
Idimple Symantec Employee
Single Risk Event" will notify you each time a threat is detected. "New Risk Detected" refers to a risk new to the network
Single Risk:The detection of a single risk event triggers this notification. The notification lists a number of details about the risk, which includes the user and computer involved, and the action that Symantec EndpointProtection took.
New Risks : are calculated from the last database sweep and for the time period that is configured on the Home and Monitors tab of Preferences.
For example, suppose your Preferences time range is set to the past 24 hours. And suppose that your database is set to sweep every week on Sunday night and delete the risks that are more than three days old. If a particular virus infects a computer in your network on Monday, that is reported as a new risk. If another computer is infected with the same virus on Wednesday, that is not reflected in this count. If this same virus infects a computer in your network on the following Monday, it is reported here as newly infected. It is reported as new because it occurred during the last 24 hours and Sunday the database was swept of entries older than three days. The previous risk detections occurred more than three days ago, so they were deleted from the database.
You can go to following link for more information.
Thanks In Advance
SEPM Knowledgebase Documents
Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)
Find the below document which help you in your requirement