When Symantec Protection Engine is configured to log events at any logging level, and SMTP notifications are enabled, then every time a user logs in or out the Protection Engine Web Interface, an email will be sent to administrators.

This behaviour could cause a high volume of unwanted emails sent to administrators.

The described behaviour is currently as per design.

Symantec is currently investigating on how to improve the feature and allow a more flexible handling of Audit events.