On Symantec Endpoint Protection (SEP) clients 12.1 RU4 or higher, warnings are logged in client system logs about custom action for Intrusion Prevention System (IPS) signatures that can't be applied.
Failed to set a custom action for IPS signature xxxxx (errcode=0x80070057). Most probably, this IPS signature was removed from the IPS content.
Failed to set a custom action for IPS signature xxxxx (errcode=0x80010221). Most probably, this IPS signature was removed from the IPS content.
The involved IPS signatures are deprecated.
Remove the exceptions for the deprecated IPS signatures by editing the appropriate Intrusion Prevention policy in Symantec Endpoint Protection Manager.
List of current IPS signatures can be found here:
Symantec - Attack Signatures
The IPS policy has been customized with exceptions where custom actions have been set for the IPS signatures reported in the warnings.