Endpoint Protection for Mac displays "At Risk" when Intrusion Prevention Policy is withdrawn or disabled
Article ID: 209807
Updated On:
Products
Issue/Introduction
Symantec Endpoint Protection (SEP) for Mac client displays "At Risk" when Intrusion Prevention Policy is withdrawn or disabled at the SEPM (Symantec Endpoint Protection Manager).
A "Fix Now" button is displayed in client but "At Risk" status remains after clicking it or running LiveUpdate.
Customize->Activity->Definition Status will display up-to-date Virus and Spyware Protection and LiveUpdate status but Intrusion Prevention definitions status will be "Not available"
Cause
This is a result of the IPS policy being withdrawn or disabled. Normally, SEP should not display any error for features that are deliberately disabled and locked by an administrator. Symantec is aware of this issue and is investigating.
Environment
SEP for Mac
macOS
Resolution
Enabling IPS policy will resolved the symptoms. This article will be updated as new information becomes available.
Once IPS policy has been enabled long enough for SEP Mac client status to become green, you may disable IPS again: leave the policy itself enabled but uncheck the Intrusion Prevention settings box and lock that setting. Please advise technical support if "At Risk" warning returns after that:
Attachments
Feedback
