The Symantec Endpoint Protection Manager (SEPM) is emailing the "File reputation lookup alert" concerning some endpoints.
Sample email:
-------------------------------------------------------------------------------------------------------
Message from: Server name: servername Server IP: x.x.x.x Administrator Email: [email protected]
Message from:
Server name: servername
Server IP: x.x.x.x
Administrator Email: [email protected]
Company Name: Broadcom
4 computer reported file reputation lookup issues.
Symantec Endpoint Protection
File Reputation Detection Triggering Notification on 05/13/2021 03:03:32
Updated since 05/12/2021 03:03:00
Computer
Current User
IP Address Domain Name
Server Name
Group Name Product Version File Reputation Detection Event Time
computername
admin
x.x.x.x Default
servername
My Company\Servers\ 14.3.1148.0100 Reputation check for unproven files failed because of network errors for the last 3 days. 05/13/2021 01:35:01
-------------------------------------------------------------------------------------------------------
We check many files a day on every endpoint, and rare, occasional failures is not uncommon. It can be a timeout of the submission, where the server doesn't respond in a timely manner, or the client might have little bandwidth at the time of submission.
File Reputation looks alert is one of the preconfigured notifications.
- You should be able to disable notifications in the SEPM by unchecking "Log the notification" option.
- If the emails are bothersome, it can disabled by unchecking the "Send email to system administrators" option.
Navigate to SEPM --> Monitor --> Notifications --> Notifications Conditions