Symantec released a new Client Intrusion Detection System (CIDS) 14.1 engine update.  The new engine update is listed as “Client Intrusion Detection System signatures 12.1 RU5” and is versioned “revision 10/23/2014 r12”.  As part of this update the new engine removes the dependency of the Browser Intrusion Prevention functionality in the CIDS engine from browser plugins/add-ons.  After clients received this update we have reports that Internet Explorer may hang unexpectedly or the system may freeze and become unresponsive.

• Internet Explorer may hang unexpectedly or the system may freeze and become unresponsive. 
• Pop-up message: "Browser Intrusion Prevention is malfunctioning. Check the system logs for details."

• Symantec identified a condition where CIDS injection code may encounter an error when another process, such as Application and Device Control, has previously injected code into the browser process.  Under certain circumstances this may result in the re-injection of code, leading to an internal lock, and in turn cause the browser or system to hang.
• Use of GPO enforcement of the IPS BHO is no longer required and if the GPO is not removed it will cause the error that it is malfunctioning with CIDS 14.0 and above, because the GPO is trying to force load a plug-in that no longer exists.

Symantec has altered the CIDS injection code to avoid this condition.  Additional protections were added to avoid injecting into the same process twice.  We have created new content with an updated engine to fix this issue.  Test content is available to confirm compatibility in your environment and can be made available through Symantec Technical Support.  Symantec is releasing a new CIDS engine for all 12.1 versions of SEP up to RU5 in a staged rollout beginning in early December 2014.  Please refer to KB document TECH206118 for information about the staged rollout.

In preparation for the new engine release, please refer to KB document TECH164924, to prevent the pop-up messages indicating that the "Browser Intrusion Prevention is malfunctioning. Check the System logs for details."

Applies To

• Internet Explorer 9,10,11
• Adobe Flash Player 13.0.0.182, 15.0.0.152, 15.0.0.189
• Opening website pages with flash enabled content
• Client installed with Application and Device Control (ADC) feature
• Client configured to "Load Auto-Protect when: Symantec Endpoint Protection Starts"  This is an advanced, non default setting for Auto-Protect in the AntiVirus and AntiSpyware policy