Unable to locate the 'active response' feature in Intrusion Prevention Policy in Symantec Endpoint Protection 12.1


Article ID: 156267


Updated On:


Endpoint Protection


When 'risk tracer' is enabled in the Antivirus/Antispyware Policy, you will get a warning "The Firewall Policy and the 'active response' feature in Intrusion Prevention Policy must be enabled for this feature to work."

 'Active response' is also known as 'Automatically block an attacker's IP address'.

When viewing the Intrusion Prevention Policy, you do not see any feature referencing 'active response' or 'Automatically block an attacker's IP address'.


This feature was moved in version 12.1 into the "Protection and Stealth" component of Firewall Policy.



Edit the Firewall Policy, Protection and Stealth, and ensure that 'Automatically block an attacker's IP address' option is checked for 'active response' to become available.