This error indicates that a particular policy has generated 10,000 incidents in a single day. It is intended to alert you to the fact that incident volume is very high and may affect performance of your Vontu software. This is usually an indication that the policy may be in need of refinement, either by making it more restrictive or by breaking it into a few smaller policies.

This limit will be reset any time you save the policy again, whether you make changes to it or not. Symantec recommends considering changes to this policy (adding exceptions for internal domain names, adding more keywords to the filter, etc.) to reduce the number of incidents before running the policy again.

If there is a true need to leave the policy as is, there are ways to control this behavior via the following advanced settings found in the Enforce UI under System > Servers and Detectors > select your Detection server > Server Settings:

IncidentDetection.IncidentLimitResetTime:

Specifies the time frame used by the IncidentDetection.MaxIncidentsPerPolicy setting. Default is 1 day as specified in milliseconds (86400000).

IncidentDetection.MaxIncidentsPerPolicy

Defines the maximum number of incidents which are detected by a specific policy on a particular monitor within the time-frame specified in the IncidentDetection.IncidentTimeLimitResetTime. The default is 10,000 incidents per policy per time limit.