I initially started off with IPS disabled in my policies. After testing it on a couple of machines, I decided to deploy it to more clients. So I've been moving clients slowly to the new group with IPS turned on. I'm finding that some clients go out of sync (according to the management console) when I do this. The client will have all grey question marks as if it's not in communication with the management console, but the View History shows that communication and definition updates are taking place.
Sometimes rebooting the client does not clear the issue up. In one instance, after unsuccessfully rebooting on a Thursday, I came back on the following Monday to find that the troublesome client managed to fix itself over the weekend.
It would be really useful to have a button on both the Console and the Client that says "Resync Policy".
Are there any other tips for this issue? There is a Troubleshooting link under out-of-sync clients in the Console that points to https://support.symantec.com/en_US/endpoint-protection.54619.html but I have not found any relevant information on that page. The only other tips that the Console gives is to make sure the client is connected to the internet and try restarting the client.