Nobody have any idea?
Please check that the client is not sending two events of the same kind, therefore resulting in two events in the database for the same Event ID, thus justifying the duplicate emails.
Might sound crazy but I suspect there could be two events generating one of which like that: "Infected files were found"and the other "Scan found and cleaned infected files" or the like.
You can check all the events for this particular client in the database around the timestamp you cite here and then if my theory is true, you can decide to suppress one of the events.
But, I only have one auto reponse that deals with OnDemand Scans. The event log only shows 1 per machine (event id 1038) when I filtered the results, so it is not the logs that are doubled, but the generated response is. As I said in my previous post, the email generated reports are doubled from the exact same log it found.
I have attached a screen shot showing the emails. The body of the emails are exact, but the time it was sent to me is 3 min apart. OnDemand scan is only an example, I also get them for trojans/virus's found as well.
These are the only auto repsonses I have enabled.
Adware Detection, Buffer Overflow, KeyLogger, Non-compliant computer detected, OnDemand Scan, P2P Detection,
Port Blocking Rule, Rootkit Detection, Scheduled Task, SpyWare Detection, Tojan Detection, Unwanted Programs
Those are all my own. I disabled the Malware response that came default.
response_emails.jpg 97.1 K