Users receiving IPS notifications stating "Symantec Vulnerability Protection has found and blocked an ARP Cache Poison attempt (99990)". This message appears even though exceptions have been made. Turning off the notification from the Symantec Endpoint Protection (SEP) client interface or Symantec Endpoint Protection Manager (SEPM) has no effect.
This issue is resolved in Symantec Endpoint Protection (SEP) 14.2 and above.
For more information on upgrading, see Upgrade or migrate to Endpoint Protection 14