Hi,
We have a IPS exclusion policy(internal Vm machine IP's) applied for the entire org. Somehow, only for few machines(MAC), its still detecting as attack even though these machines are in excluded host's.
I pulled the attack logs and however the machine was not there. But, the user sent a screenshot and its very clear that symantec blocked our internal VM IP since its considered as threat(port scan).
I am just confused why in the attack logs i couldnt see it. This is MAC machine's. The problem is, the user is in remote place and he cannot share his machine(MAC) since we use windows 7. Is there a way where we can check from SEP manager console itself.
Note: The IPS exclusion policy is verified and its applied to entire Org.