Symantec Endpoint Protection Manager (SEPM) has been configured to send email notifications for risk events, e.g. Single Risk Event or Risk Outbreak by Number of Attacked Computers, with a damper period. The damper period is designed to prevent a flood of notifications or emails for several similar events within the same time period.
For example, a Single Risk Event notification with a damper period of 20 minutes should be limited to one email for any number of similar events during a 20-minute period.
When the notification condition is triggered, a single email notification is received as expected during the damper period, however, many more notifications for the same event(s) are received later, well after the damper period is expired.
For SEP 12.1, a fix to improve the behavior was released in SEP 12.1.1 (RU1). Additional improvements were added in SEP 12.1 RU1 MP1.
For SEP 11, one possible cause of this behavior was corrected in SEP 11 RU7 MP1.
To resolve this issue, download the latest version of Symantec Endpoint Protection.
SEP 12 SMB -- Multiple Risk Outbreak email notifications are sent within the Damper period
SEP 11 RU6 MP2 --- SEPM email notifications sent repeatedly for old events
SEPM email notifications are sent repeatedly for old events