Starting December 11, 2014 our users started getting "Symantec Endpoint Browser Intrusion Prevention is malfunctioning". We have made no changes to anything. We did not have this issue ever before and we have never touched the Add-on list Group Policies.

All users are affected? Have you opened a support case so they can look into the matter? It might be related to the new engine that was getting rolled out.

New Features in Client Intrusion Detection System (CIDS) 14.1

Check the articles

Supported Browser versions for Browser Intrusion Prevention for Symantec Endpoint Protection 12.1.x

New Features in Client Intrusion Detection System (CIDS) 14.1

Thread - https://www-secure.symantec.com/connect/forums/browser-intrusion-prevention-malfunctioning-0

Hi

We are on SEP 12.1.2015.2015, and we copped the CIDS upgrade today. (With definition 14 December 2014 r2).

Anyway, we used the GPO method to suppress the addon message with IE10.

I removed this GPO entry and seems to work ok. But looking at the add-on manager on IE, Symantec Vulnerability Protection addon is now DISABLED.

So does that mean browser intrusion is now disabled? Or the new CIDS works differently now?

Thanks,

DM

The new CIDS works differently, this article explains the behaviour:

New Features in Client Intrusion Detection System (CIDS) 14.1

How soon will Symantec release a fix for this condition? We do not have the GPO method installed (never had it) nor have we made any changes to the IE settings.The new CIDS engine update impacts the browser with these annoying messages which do not go away even though it is disabled on the SEPM server in the Intrusion Prevention policy. This needs to be resolved very quickly.

Thanks Brian... i should have read the article more carefully.

"Note: All versions of IE BHO will be disabled and all Firefox plugins removed."

DM