You need to use a specific notification conditions - have a look here:
About the preconfigured notifications
Article:HOWTO55128 |
| |
Created: 2011-06-29 |
| |
Updated: 2011-12-16 |
| |
Article URL http://www.symantec.com/docs/HOWTO55128 |
...particular of interest in this case would be:
New risk detected
This notification triggers whenever a new risk is detected by virus and spyware scans.
Risk outbreak
This notification alerts administrators about security risk outbreaks. You set the number and type of occurrences of new risks and the time period within which they must occur to trigger the notification. Types of occurrences include occurrences on any computer, occurrences on a single computer, or occurrences on distinct computers.
This notification condition is enabled by default
Single risk event
This notification triggers upon the detection of a single risk event and provides details about the risk. The details include the user and the computer involved, and the actions taken by the management server.