The Symantec Endpoint Protection client for Windows and macOS includes an Intrusion Protection System (IPS) module that will detect network (Windows or macOS) or browser-based threats (Windows only) if those features are installed and the client has appropriate policies. This article explains how to review the detections from the client, and how to determine the next steps as a customer on how to deal with the detections.
SEP IPS module has detected one or more network or browser-based threats, has taken action on the threat and displayed a message to the user on the endpoint.
Microsoft Windows or Apple macOS Operating Systems
There are two basic scenarios that need to be examined:
Broadcom Technicians, see internal notes on KB for more information.
Ransomware Removal and Protection with Symantec Endpoint Protection - https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Using-policies-to-manage-security/preventing-and-handling-virus-and-spyware-attacks-v40739565-d49e172/ransomware-removal-and-protection-with-v117307288-d11e5383.html
Symantec Endpoint Protection Manager - Intrusion Prevention - Policies Explained: https://knowledge.broadcom.com/external/article?legacyId=TECH104434
Best Practices Regarding Intrusion Prevention System Technology: https://knowledge.broadcom.com/external/article?legacyId=TECH95347
Managing Intrusion Prevention: https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Using-policies-to-manage-security/managing-intrusion-prevention-v36820771-d53e8657.html#v36820771