search cancel

Internet Explorer displays a pop-up stating "The Symantec Intrusion Prevention add-on from Symantec Corporation is ready for use."

book

Article ID: 154663

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

With Internet Explorer and Symantec Endpoint Protection (SEP) version 12.1 installed, upon the first use of Internet Explorer following the installation of SEP 12.1 a pop-up stating "The Symantec Intrusion Prevention add-on from Symantec Corporation is ready for use.", with the options of Enable or Don't Enable will be presented at the bottom of the Internet Explorer window.  This prompt will occur upon first use of Internet Explorer following the install of SEP 12.1 for each user profile on the system. 

 

Cause

Internet Explorer is generating this prompt, informing the user that a new add-on has been installed, and presenting them with the opportunity to enable or disable this component. 

Resolution

Due to a change in how this protection works in CIDS version 14.0 and above, it is no longer recommended to implement a GPO as described below.  Leaving such a GPO in place will result in pop-up messages indicating "Browser Intrusion Prevention is malfunctioning. Check the System logs for details." 

Symantec Technical Support recommends removing such a GPO if one has been created.

 

There is no method for controlling this behavior within SEP, because Internet Explorer is the application actually presenting the user with this prompt. 

Configuration of a Group Policy Object (GPO) is necessary in order to prevent users from receiving this prompt.  Please consult Microsoft before attempting Group Policy editing, and ensure any changes are thoroughly tested before implementing on a large scale.

The GPO which controls this behavior is as follows:

User Configuration/Policies/Administrative Templates/Windows Components/Internet Explorer/Security Features/Add-on Management

The specific setting in this location is Add-on List.  By setting Add-on List to Enabled, the option to input entries within this list then becomes available.  The following CLSID of {6D53EC84-6AAE-4787-AEEE-F4628F01010C} should be input within the list, with a value of 1.  This CLSID represents the Browser Helper Object for SEP's IPS component.  By configuring this CLSID with a value of 1 in the Add-on List, the Browser IPS component of SEP will remain enabled, and users will not be prompted upon first time use of IE9 following the installation of SEP 12.1 to enable or disable this feature.  

As previously stated, the above instructions involve altering Microsoft Group Policy Objects, and any such changes should be thoroughly tested.  Only administrators familiar with Microsoft Active Directory should attempt such changes.  Any questions regarding this procedure should be raised with Microsoft Support.  Symantec Support cannot offer any guidance or troubleshooting assistance in regards to this procedure.
 

 


Applies To

Internet Explorer and SEP 12.1, with the Intrusion Prevention System (IPS) component of SEP installed.