How to change or increase the value for maximum number of incidents for any given policy per 24-hr time period.

Relative to all Symantec DLP.

Use the Advanced settings page for each Detection Server. This value is changeable on a per server basis:

Login to the Enforce UI and go to System > Servers and Detectors > select the Detection Server you want to modify > Server Settings. 

Change the value for IncidentDetection.MaxIncidentsPerPolicy

Note: This value defines the maximum number of incidents detected by a specific policy on a particular detection server within the time-frame specified in the IncidentDetection.IncidentTimeLimitResetTime. The default is 10,000 incidents per policy per time limit.

Note: Use caution when modifying the settings on the server. It is recommended that you check with Symantec DLP Support before changing any of the settings on this page. Changes to these settings normally do not take effect until after the server has been restarted. Also, this setting is not applicable to the endpoint detection, it only works with server detection (including two-tier detection).

There are no advance settings on the Enforce Server that can be modified from its server detail screen.

Additional Information

IncidentDetection.MaxIncidentsPerPolicy
1000
Defines the maximum number of incidents detected by a specific policy on a particular detection server within the time-frame specified in the IncidentDetection.IncidentTimeLimitResetTime. The default is 10,000 incidents per policy per time limit.

IncidentDetection.IncidentLimitResetTime
86400000 (equals one day)
Specifies the time frame (in milliseconds) used by the IncidentDetection.MaxIncidentsPerPolicy setting.

Consult the online help on the Advanced settings page if additional information is needed.