You can also check this out in regards to the setting you set. It gives a full explanation:
About configuring event aggregation in the SEPM
Article:HOWTO27472 |
| |
Created: 2010-01-08 |
| |
Updated: 2012-09-25 |
| |
Article URL http://www.symantec.com/docs/HOWTO27472 |
On the Clients page, Policies page, Client Log Settings
Use this location to configure the aggregation of Network Threat Protection events. Events are held on the clients for the damper period before they are aggregated into a single event and then uploaded to the console. The damper period helps to reduce events to a manageable number. The default damper period setting is Auto (Automatic). The damper idle period determines the amount of time that must pass between log entries before the next occurrence is considered a new entry. The default damper idle is 10 seconds.