We opened a case with Symantec support today as well. I was told recently that it was a false positive (FP).
Details from their last update email: "... the issue was determined to be an FP due to a content issue. New content is expected to be posted ETA 2pm Pacific time. It will be IPS content with a sequence number of 20190115.64 ..."
I hope this info helps.
Edit #1: I just looked for the IPS content update in the SEPM console, but all I see are the Windows Definitions on the Home page. Where in the console can I see the IPS Definitions other than in the endpoint properties window for any given endpoint? Thanks!
Edit #2: I actually found that I can use the "Quick Reports" to summarize that information by using "Computer Status" report type and "Intrusion Prevention Signature Distribution" for report selection. (If there's a simpler way, I'd be happy to hear it.)