In my environment I occasionally see this alert:
[SID: 55000] IRC Identification Signature attack detected but not blocked. Application path: \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
If I look at the IPS signatures, the defalt action for SIG 55000 is "Block". What gives? I would prefer that SEP automatically block this but it appears to already be set as such.
Thanks in advance..