After upgrading to Symantec Endpoint Detection and Response (SEDR) 4.0.0, the number of Incidents logged each day suddenly increase to a number in the thousands.
Symantec is investigating at this time.
If an excessive number of incidents are created following upgrade, review Incidents to identify if a single process is triggering multiple incidents. Within the user interface of SEDR, navigate to Incidents, rather than Search to examine the number of Incidents created.
To request that a particular Incident rule be disabled, create a new case with Symantec Technical Support for further assistance. Work with support to attach the following to the case: