Network Monitor and Email Prevent are duplicating incidents.

Email Prevent and Network Monitor are both setup, with Network Monitor setup to monitor various protocols.

If Network Monitor is setup to monitor SMTP traffic this is normal behavior, as the Network Monitor detection server will capture the same traffic as the Email Prevent detection server, and each of these servers will generate their own incidents.

Disable SMTP monitoring in Network Monitor. This can be done by taking the following steps:

1. Go to System > Servers and Detectors > Overview
2. Click on the Network Monitor server
3. Click on the "Configure" button at the top
4. Click on the "Packet Capture" tab
5. In the list of which protocols to monitor, uncheck SMTP
6. Click the "Save" button, then click "Done"
7. Recycle the services on the Network Monitor server (this can be done by clicking on the Network Monitor server from the main server overview page and then clicking the "recycle" link next to the "Status" which will stop & restart all of the services on the server in their correct order)