ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Endpoint Protection for Mac displays "At Risk" when Intrusion Prevention Policy is withdrawn or disabled


Article ID: 209807


Updated On:


Endpoint Protection


Symantec Endpoint Protection (SEP) for Mac client displays "At Risk" when Intrusion Prevention Policy is withdrawn or disabled at the SEPM (Symantec Endpoint Protection Manager).

A "Fix Now" button is displayed in client but "At Risk" status remains after clicking it or running LiveUpdate.

Customize->Activity->Definition Status will display up-to-date Virus and Spyware Protection and LiveUpdate status but Intrusion Prevention definitions status will be "Not available"


This is a result of the IPS policy being withdrawn or disabled. Normally, SEP should not display any error for features that are deliberately disabled and locked by an administrator. This issue has been resolved in SEP 14.3 RU2 for Mac (14.3.4625).


Release: 14.3 RU1

SEP for Mac



This issue is resolved in SEP 14.3 RU2 for Mac. Please upgrade to the latest version to resolve this issue. And you must completely withdraw IPS policy if unused, disable it, or disable the Intrusion Prevention checkbox and toggle padlock to locked:

Enabling IPS policy will resolve the symptoms in earlier versions of SEP.

Additional Information