After you upgrade your Symantec Endpoint Protection Manager (SEPM), you start receiving a large number of, "Critical: NETWORK LOAD ALERT: Too many requests for virus and spyware full definitions" , alerts from the SEPM via email.
Symantec Endpoint Protection Manager - 14.x and higher
Symantec Endpoint Protection Manager has the "Critical: NETWORK LOAD ALERT: Too many requests for virus and spyware full definitions" alert set by default. This alert is designed to notify administrators of possible impending bandwidth problems, as clients request and download full definition updates.
The default threshold for this alert is 25 requests for full definition sets, for any definition types, within 10 minutes.
Definition sets that are small, or which are not updated frequently, may tend to be distributed in full definition sets, rather than as delta sets.
Because all requests for full definition sets are tracked, regardless of the type of content requested, clients that are requesting multiple types of content updates may cause the counter to artificially inflate to the point of sending an alert.
It is possible for just a few client computers to trigger an alert, if they request multiple content types.
Review the information in the alert to see which content types are being downloaded and the size of those downloads.
If you see a number of these alerts, you may need to adjust the threshold for the notification to a level that it appropriate for the number of client computers that you have deployed.
To adjust the notification threshold:
Your SEPM will now send alerts only when the new threshold is reached.