We're getting this notification on a Mac Mini that we're using as a server.  We've setup the Intrusion Prevention policy to allow this traffic on this server, but to log the traffic.  We are still getting a notification on the server of this SID.  Any ideas what is triggering this?  This Mac is running RU4.

Is there a remote IP in the log that this is coming from or is local to the client?

check this link

Built-in signatures for Symantec Endpoint Protection IPS for Mac

http://www.symantec.com/business/support//index?page=content&pmv=print&impressions=&viewlocale=&id=TECH210644

add it under exception;

Hi Pete, I work with Matt, and that's what we did. The SID is already added as an exception, but we still get this notification.

But you have logging enabled, correct?

Correct, and it gets added to the log correctly. Is this pop-up considered to be a form of logging?

forgot to click reply when typing this response. comment removed.

I don't have a Mac to test on but would appear to be the case. With IPS being new for Macs in 12.1.4 I wouldn't be surprised. Support could confirm.

Looks like you are correct. With logging turned off, we have not had this pop-up occur at all. Frustrating, because I would like for this event to be written to the log without bugging the user. In this case, it's just a server, but I could conceivably see wanting to log certain IPS exceptions on an end-user's machine, but I can't do that with how it currently behaves. Thanks Brian!

That is unfortuntate. It should have the ability to write to the log (silent for user) but allow the traffic.

Since IPS for Mac is new, this could be an enhancement request.