Hi,
A notification for "new risk detected" will trigger only once when a risk is first logged in the SEPM. Any subsequent detection will not trigger notification irrespective of damper settings.
This is by design. Reference: http://www.symantec.com/docs/TECH209148
The damper period specifies the time that must pass before the notification condition is checked for new data. Minimum setting is 20 minutes and maximum is 10 hours or None. I would not suggest to set it to None. Notifications are critical to maintaining a secure environment and can also save you time. It means you can keep maximum difference between two emails is 10 hours.
So I believe it's not possible to configure settings to trigger only single risk notification per computer. I feel it's important as a security best practice. Sometime Admin may forget to take an action on infected machine but subsequesnt email might help him to remind it.
When a notification condition has a damper period, the notification is only issued on the first occurrence of the trigger condition within that period. For example, suppose a large-scale virus attack occurs, and that there is a notification condition configured to send an email whenever viruses infect five computers on the network. If you set a one hour damper period for that notification condition, the server sends only one notification email each hour during the attack I would suggest to maximize the time if it's practical.
Symantec recommendations:
Create a notification for a and modify the notification for .
For these notifications, Symantec recommends that you do the following actions:
-
Change the Risk severity to to avoid receiving emails about tracking cookies.
-
Keep the Damper setting at .