SEP for Mac generates IPS alerts when blocking traffic between host groups
Article ID: 186631
SEP (Symantec Endpoint Protection) for Mac generates IPS (Instruction Prevention System) alerts when blocking traffic between host groups, i.e. a firewall rule that blocks traffic between two subnets:
"Vulnerability Blocked" "System Infected" "Trojan.Sibakdi" or "Trojan.Backdoor"
SEP for Mac 14.2.2.x (14.2 RU2 or newer)
Symptoms do not occur in older versions
Symantec is investigating
As a workaround you may prevent these IPS detections by creating a "Local Host Group" for the IP addresses of your Mac clients, ticking "Enable Excluded Hosts" in Intrusion Prevent Policy, and excluding this local host group.
Symantec is aware of this issue and will update this article as new information become available.