Video Screencast Help

Browser Intrusion Prevention add-on problem

Created: 21 Jul 2011 • Updated: 26 Jul 2011 | 13 comments
This issue has been solved. See solution.

I've this feature of SEP 12.1 enabled and locked down in the policy but it still prompts user to enable or disable the first time they run Internet Explorer after the install.

Is there something else that needs to be done to have it enabled by default with no prompts?

Comments 13 CommentsJump to latest comment

Paul Murgatroyd's picture

This sounds like a feature of IE9, its not really SEP.

I dont believe there is anything you can do to prevent this without touching each machine and reconfiguring the notification options in IE.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed:

deepak.vasudevan's picture

Dear Paul,

The user is talking about SEP only. We just a related and very recent thread on the Intrusion Prevension Addon.

Mithun Sanghavi's picture


Uncheck the box "Enable Browser Intrusion Prevention" within the Intrusion Prevention Policy of Symantec Endpoint Protection Manager which controls the user ability to enable/disable this feature.

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

BadAndy's picture

So that check box in the policy is only for user' ability to enable or disable to the add-on? That doesn't make much sense. If that's the case then it needs to be clarified in the policy. Otherwise, people are going to think the same thing as myself and that the option in that policy is for enabling the add-on.

ᗺrian's picture

Unchecking the box turns it off. There is no way to turn off that notification when opening IE9 after installing the first time within SEPM. As Paul mentioned, you need to configure IE to fix this.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

BadAndy's picture

How do you configure the notification options in IE9? I'm looking at the internet options and don't see anything for notifications that would.

Even if you can disable the notification from popping up, wouldn't that leave the add-on in limbo? Obviously IE wants you to acknowledge it and accept or deny the add-on to make sure some malware program isn't automatically loading itself.

Wasn't IE 9 available for testing to Symantec during the SEP 12 beta?

Paul Murgatroyd's picture

IE9 was availabe, yes.  We saw the issue, but this is a Microsoft feature - any addon that slows the loading of IE9 (even slightly) prompts the popup.  There are several workarounds, you can increase the amount of slowdown allowed (I think by default it is 0.2 seconds) or you can disable the notifications completely.

I had a google and found this, which I think covers it:

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed:

BadAndy's picture

That makes a little more sense but I don't recall seeing that it took the add-on longer than default to load. The notification only mentioned that the add-on was ready for use and to click to enable or disable.

davidb1234's picture

Please help.  Need a way to enable the browser plugin by default.  Having the user decide this is not acceptable. Even if this is an IE thing which it is does anyone know of a way to enable it by default or prevent the user for being prompted on this?

I disabled the notfications using GPO for browser add ones causing slowness in launching and that does not fix the issue.  Users still get prompted to enable the plugin when launching IE for the first time after install.

Anyone find a workaround for this so that IE just trusts the plugin and loads it automatically?  Having the user be prompted with a choice is not acceptable.

Paul Murgatroyd's picture

have you tried this IE9 GPO?

"Automatically enable newly installed add-ons"

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed:

nbf1234's picture

Here is a better way to do this without enabling ALL plugins by default.

The proper GPO to resolve the issue is:


Use the Option ADD-ON LIST

Add the CLSID of the browser helper object and a value of '1' to enable it by default.

Name: Symantec Intrusion Prevention
Publisher: Symantec Corporation
Type: Browser Helper Object
File date:
Date last accessed: ‎Today, ‎July ‎26, ‎2011, ‏‎2:49 PM
Class ID: {6D53EC84-6AAE-4787-AEEE-F4628F01010C}
Use count: 2
Block count: 3
File: IPSBHO.dll
Folder: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\IPS

nbf1234's picture

Can I ask why all of the threads regarding this issue have symantec responses accepted as the solution when they are most certainly not the correct solution?

Paul Murgatroyd's picture

because somebody (either an administrator or the original poster) decided it was the best answer at the time.

I have moved the tag to your answer in this case.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: