Endpoint Protection

First off let me start by saying that I am new to the Symantec Endpoint Protection Management Console. In our environment we have email notifications being sent out to a group of people for Viruses that are found.  A single risk event is sent out to the group with all of the pertinent details.  Often times the risk is cleaned by deletion or appropriate action has been taken on the client to remediate the risk within the first hour of the first message being generated but the emails from the server keep coming every hour (to the minute) for about eight hours and report the same exact risk and event time/date.  How do I configure my notification to stop sending the additional messages?  When I check the management console it tells me that there are no unacknowledged events.

Thanks in advance!

have you set the damper period?

Hello,

What version of SEP 12.1 are you carrying??

The Latest Version of SEP 12.1 RU1 (12.1.1000) is taking care of a similar issue:

A notification for "new risk detected" is triggered repeatedly, despite longer damper setting
Fix ID: 2497657, 2212158
Symptom: The damper setting on a notification for new risks is configured for a specific time value. The first risk triggers the notification correctly. Subsequent risks before the damper period time incorrectly trigger the notification.
Solution: The damper option on notifications was modified to prevent this issue.

Reference: http://www.symantec.com/docs/TECH174565

Incase, if you are carrying the SEP 12.1 RTM version, please migrate to the Latest version of SEP 12.1 RU1 (12.1.1000). http://www.symantec.com/docs/TECH174545

Hope that helps!!

I had the same problem when I upgraded from SEPM11.x.  Delete and re-create the notifications fixed it for me.

Funny. I encountered this issue after I upgraded to the latest version (12.1 RU1).

Our version of SEPM is 12.1.671.4971.  I was reading about the damper option and I guess I don't quite undrstand how it works. The way that I read it is that the damper just sets the period between events that are sent out so that a flood of events does not continuously flow from the server.  Our damper period is set to AUTO. The messages that we keep getting are for the same exact event and there are no acknowledgments that are unresolved. In fact we haven't seen any type of acknowledgement at all.

Thanks for the info.  We are going to try this and hopefully it works for us.

HI BR-RCIS,

There are additional notification-related enhancements and improvements planned for the next release of SEP 12.1.  Keep an eye out for this next release later on in the Spring.

You may also wish to cast a vote in support of this proposed Idea:

Prevent Info-Level "Application and Device Control is ready" events from triggering Notifications
https://www-secure.symantec.com/connect/ideas/prevent-info-level-application-and-device-control-ready-events-triggering-notifications

That is related to ADC notifications rather than Virus notifications, but is in a similar vein.

Hope this helps!

Mick

We deleted and recreated as suggested and the problem appears to have gone away.  Thanks a bunch for the suggestion.

Hello thread followers,

Just a quick update.... Here's the official article on the issue that is going to be improved in the next release.

Symantec Endpoint Protection Manager 12.1 RU1 Notifications ignore time filter and email a full report
Article: TECH178317   |  Created: 2012-01-05   |  Updated: 2012-01-27   | 
Article URL http://www.symantec.com/docs/TECH178317