search cancel

"Browser Intrusion Prevention is not functioning correctly" warning in SEP/SESC client when Chrome extension is blocked


Article ID: 226741


Updated On:


Endpoint Protection Endpoint Security


"Browser Intrusion Prevention is not functioning correctly" warning in Symantec Endpoint Protection / Endpoint Security client, when the installation of SEP Chrome extension is blocked.


This may occur in SEP/SES version 14.3 RU3 or later if the SEP Chrome extension is blocked. See blocking methods described at bottom of the following KB article: Installing the Endpoint Protection Chrome Browser Extension using an Active Directory Group Policy Object

When the SEP Chrome extension is properly allowed, you should see a registry entry of the form




        C:\ProgramData\Symantec\Symantec Endpoint Protection\<Version>\Data\Definitions\WebExtDefs\20210809.038\updates.xml, where <Version> is the number version of SEP.  i.e. 14.3.7388.4000


Starting with SES 14.3 RU4, you can disable IPS "Browser Intrusion Prevention" in SES client settings or SES IPS policy which will unload or prevent the installation of the SES Chrome browser extension without producing this error. Note: when re-enabling Browser Intrusion prevention, it can take some time for the extension to reload.

NOTE: The above change is only for cloud enrolled SES clients. SEP clients managed with on-premises SEPM will include this feature in version 14.3 RU5 (only the manager needs be updated to RU5). Until then, disabling Browser Intrusion Prevention in SEP policy still requires the extension to be installed — it is just put into pass-through mode — and to prevent this error you must allow its installation or disable/withdraw the SEP IPS policy entirely. 

If you disable Browser Intrusion Prevention in SEP Policy, you may still see a Browser Intrusion Protection is Disabled error on the client UI.  To avoid this, select the padlock icon next to the policy item to "lock" the BIPS in disabled state.