When Symantec Protection Engine is configured to log events at any logging level, and SMTP notifications are enabled, then every time a user logs in or out the Protection Engine Web Interface, an email will be sent to administrators.
This behaviour could cause a high volume of unwanted emails sent to administrators.
The described behaviour is currently as per design.
Symantec is currently investigating on how to improve the feature and allow a more flexible handling of Audit events.