Hey all,
No one else has posted about this yet, likely because right now USA and Europe has gone home.
Well here in Australia it's mid-Friday business, and a new CIDS (Intrusion Protection Engine) engine that's been pushed out by Symantec is causing problems.
Version 14.1.2, in my SEP RU5 Agent it reports the versions as 14.1.2.4.
Confirmed as an issue with IE 11 with SEP 12.1 versions, RU2, RU4MP1, RU5. (Granted RU2 doesn't support Browser IPS in IE 11 "officially", but it's always and still worked, but that's beside the point here)
Supported Browser versions for Browser Intrusion Prevention for Symantec Endpoint Protection 12.1.x
http://www.symantec.com/docs/TECH174537
New Features in Client Intrusion Detection System (CIDS) 14.1 (cannot find an article describing this latest CIDS release, this is the newest I found)
http://www.symantec.com/docs/TECH224237
I received a BCS Bulletin after the issue started mid-morning saying:
Symantec is releasing a new CIDS engine for Symantec Endpoint Protection. This is a staged rollout beginning today October 23rd, and is expected to be completed on Monday October 28th.
The test file contains version 14.1.2 and is available here:
https://fileshare.symantec.com
User Name: <removed>
Password: <removed>
Once logged in, please select the Shared Folders tab. The test file is available in the following path:
Component Files / CIDS / CIDS 14.2 BCS.ZIP
For more information about Staged Releases please see the following document:
http://www.symantec.com/business/support/index?page=content&id=TECH206118
Thank you, Symantec Endpoint Protection Engine Updates
So it almost looks like they've made available/released a test version the same time they're started rolling it out? (just guessing here)
For those wondering what happens, open IE 11, don't even visit a site, just open a tab, and you get this balloon.
We have some users complaining of multiple SEP system tray shield icons appearing, where one is SEP 12.1 and the other is SEP 11, and they can launch BOTH SEP 12.1 and 11 GUIs! (I've yet to replicate this on my workstation laptop)
These users have never had SEP 11 installed, it's almost as if some old code is being "activated". Still investigating this.
In the logs, under Systems Logs, it looks like this:
Will post updates as we get them.