As a workaround, you may create a custom IPS signature to allow this download. As the "Custom IPS signatures" will be processed before the "IPS signatures that are downloaded through LiveUpdate", the download will be allowed by the "Custom IPS signatures" and hence avoiding the inspection of this traffic by the "IPS signatures that are downloaded through LiveUpdate". please check the following links.
About the firewall rule, firewall setting, and intrusion prevention processing order
http://www.symantec.com/docs/HOWTO81187
Creating custom IPS signatures
http://www.symantec.com/docs/TECH102676
Note: Creating a custom IPS signature may involve a lot of testing. You may need to enable logging on the custom IPS signature to check if the required traffic is being allowed.