How to Disable Client Intrusion Prevention Notifications in Symantec Endpoint Protection Manager

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/fc03b94f7fe2910988257457005b1343?OpenDocument

hmm... It doesnt appear to be an IPS block but I could be wrong. An example of the balloon message is Symantec Endpoint Security block network traffic from googletalk.exe

 This is Firewall Notification 
Edit the firewall Policy
in the rule section on the top you will see a tab for notification.

 Are your Clients in Client Control Mode ?
If yes then you wiil have to do this on the client itself.

It sounds like you have a firewall policy applied with a notification set. Look at the firewall policy applied. Under rules select the tab at the top for Notifications and see if there is a check in the box to Display notification on the client computer when the client blocks an application.

Look at rule 10 Allow all applications
What is action set for it ? 

Like Prachand mentioned, it really looks like it's IPS which is giving those notifications. Have you turned off IPS notifications?

This is difficult to explain via chat but I'll give it a try.

This particular alert has to do with Google Talk and is triggered when I move between locations (i.e. VPN to Home location).

I checked the security logs and I do see some IPS entries for [SID: 21596] Jabber IM Client Connection detected.
Traffic has been allowed from this application: C:\Program Files\Google\Google Talk\googletalk.exe

If I check the Traffic or Packet logs for the same date/time stamp the traffic is shown as being allowed.

The Traffic and Packet logs showing a blockin googletalk.exe do not match the IPS log date/time stamp but it does show Googletalk.exe a few entries later being allowed and then blocked in the next entry. Looking at locations on the allowed and then blocked log entry it shows allowed for VPN and blocked when it changes to the Home location. A few seconds later googletalk.exe begins working again on the home location.

Outside of this discussion but almost related I'm not happy that SEP doesn't seem to allow administrator control of session state because when a location changes it drops the traffic when a deny all rule is being used in the firewall policy. If you could set allow existing connection then it would allow the existing ACK SYN flags from previous connections to continue while switching profiles. This is not that big of a deal as long as I can hide popup notifications.

According to your post the message you are getting is "Symantec Endpoint Security block network traffic from googletalk.exe" .Do you have Symantec Endpoint Security installed in your PCs,because Symantec Endpoint Protection will give message as Symantec Endpoint Protection blocked something.

Can you confirm the policy is got applied in your clients.For this in SEPM console go to Clients---> <The group which the said client resides > ----->details.Here you will get the policy sl. no.(This will change if you do some changes in the policies,I mean the date and time part.) .Note it.Go to the client,In the client GUI go to Help and support----->Troubleshooting here it will show the currently applied policy sl. no.Mach it with the noted policy sl. no.Both should be same.

this is an IPS popup and if you want disable this notification then you can follow the doc mention by Prachand above.
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/fc03b94f7fe2910988257457005b1343?OpenDocument