The IPS definitions dated 2009-10-20 rev.001 introduced false positives with the following description: [SID: 20628] MSRPC Mutiple Headers detected. Symantec finally released an updated IPS definitions, dated 2009-10-26 rev.018, which resolved this specific problem, but now introduces an additional false positive with the following description: [SID: 21960] MSRPC Spooler GetPrinterData DoS detected. At this point, this new false positives is only affects Windows computers that aren’t joined to our domain that are trying to connect to our Windows Server 2003 R2 x64 printer server. At this point I am seriously considering rolling back to the September’s IPS definitions, which doesn’t contain any of these false positives. When will Symantec get this correct?