Symantec Endpoint Protection Build: 11.0.780.1109
If the Network Threat Protection component is enabled, wireless clients are unable to connect to a wireless access point which requires WPA-PSK (TKIP) or WPA2-PSK (AES) encryption. The authentication negotiation for the wireless connection fails when Network Threat Protection is enabled.
If encryption is disabled on the wireless access point, wireless clients can connect with Network Threat Protection enabled.
If Network Threat Protection is disabled, wireless clients can connect to the wireless access point using WPA or WPA2.
If Network Threat Protection is temporarily disabled, then WPA/WPA2 encryption negotiation succceeds, after which you can re-enable Network Threat Protection and the client continues to be able to use the encrypted wireless connection it obtained while the Network Threat Protection component was temporarily disabled.
I have tested this with two different wireless network adapters:
Netgear WG511T
Intel PRO/Wireless 3945ABG
To ensure it was not a supplicant issue, with both adapters I have used both the vendor wireless configuration utility and the Windows wireless configuration utility.
Both clients are running Microsoft Windows XP Professional SP2 with the KB893357 WPA2 update.