ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

SEP for Mac generates IPS alerts when blocking traffic between host groups

book

Article ID: 186631

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

SEP (Symantec Endpoint Protection) for Mac generates IPS (Instruction Prevention System) alerts when blocking traffic between host groups, i.e. a firewall rule that blocks traffic between two subnets:

"Vulnerability Blocked"
"System Infected"
"Trojan.Sibakdi" or "Trojan.Backdoor"

Cause

Symantec is investigating

Environment

SEP for Mac 14.2.2.x (14.2 RU2 or newer)

Symptoms do not occur in older versions

Resolution

As a workaround you may prevent these IPS detections by creating a "Local Host Group" for the IP addresses of your Mac clients, ticking "Enable Excluded Hosts" in Intrusion Prevent Policy, and excluding this local host group. 

Symantec is aware of this issue and will update this article as new information become available.