After enabling  "Prevent changes to system using Internet Explorer (IPS) [AC14] "  in applicaiton control.

Gives me an error "browser intrusion prevention is  malfunctioning".

I have refered to the below thread http://www.symantec.com/connect/forums/browser-intrusion-prevention-add-problem

There are no GPO applied.

IE is 8 and 9.

Is the pop up on all the machines  or are there machines with similar web browser version and everything's running fine?

Expected behavior of Browser Intrusion Prevention

http://www.symantec.com/business/support/index?page=content&id=TECH172174

Hello,

I do not recieve a pop . I see it in the system logs that "browser intrusion prevention is malfunctioning ".

Is the log entry is seen in all the systems ?

can you check running the support tool and see the errors ?

Hello,

It is important to understand what is the RULE AC14: "Prevent changes to system using Internet Explorer (IPS) [AC14] "  in application control.

AC14 Rule Set: Prevent changes to system using Internet Explorer (IPS)

(Rule) > Internet Explorer Protection

Note: applies to processes matching iexplore.exe and firefox.exe 

• • iexplore.exe
  • firefox.exe

(Condititon) > AC14-1.1 Block writing to system folders

• • %windir%*\*
  • %programfiles%*\*
Excluded Files and folders
• • *\*softwaredistribution*
  • *\*softwaredistribution*\*\*
  • *\*windowsupdate*
  • *\*windowsupdate*\*\*
  • %windir%\profile*\*\*.

(Condititon) > AC14-1.2 Allow IE to launch system process

• • %windir%*\*
  • %programfiles%*\*
Excluded Processes
• • *script*.exe
  • telnet.exe
  • mshta.exe
  • cmd.exe
  • ftp.exe
  • rundll32.exe
  • reg.exe
  • at.exe

Reference: http://www.symantec.com/docs/TECH132307

To resolve the issue, check this Thread: 

https://www-secure.symantec.com/connect/forums/sep-hardening-policy-application-control-problems

Hope that helps!!