Symantec Endpoint Protection Manger's (SEPM) Single risk event alert notification caveats.
This is by product design.
SEPM 14.3.x
SEPM send's Single Risk Alert notification for below categories only and does not trigger notification for all the detection categories.
This is expected behavior by current product design.
As a security best practices, SEPM administrators are advised to refer SEPM Risk logs to review all detection events happened across the endpoint's on network.
A notification for "New Risk Detected" will trigger only once when a risk is first logged in the SEPM. Any subsequent detection will not trigger notification irrespective of damper settings.
This is by design.
New Risk Detected Notification