SEP for Mac generates IPS alerts when blocking traffic between host groups
Article ID: 186631
Updated On:
Products
Endpoint Protection
Issue/Introduction
SEP (Symantec Endpoint Protection) for Mac generates IPS (Instruction Prevention System) alerts when blocking traffic between host groups, i.e. a firewall rule that blocks traffic between two subnets:
"Vulnerability Blocked"
"System Infected"
"Trojan.Sibakdi" or "Trojan.Backdoor"
"Vulnerability Blocked"
"System Infected"
"Trojan.Sibakdi" or "Trojan.Backdoor"
Environment
SEP for Mac 14.2.2.x (14.2 RU2 or newer)
Symptoms do not occur in older versions
Cause
Symantec is investigating
Resolution
As a workaround you may prevent these IPS detections by creating a "Local Host Group" for the IP addresses of your Mac clients, ticking "Enable Excluded Hosts" in Intrusion Prevent Policy, and excluding this local host group.
Symantec is aware of this issue and will update this article as new information become available.
Symantec is aware of this issue and will update this article as new information become available.
Feedback
Yes
No
Powered by
