You can enable a log-only mode for browser intrusion prevention to record what traffic it blocks without affecting the client user. You can then use the Network and Host Exploit Mitigation attack logs in Symantec Endpoint Protection Manager to create exceptions in the Intrusion Prevention policy to ignore specific browser signatures. You would then disable log-only mode.
To configure these settings in mixed control, you must also enable these settings in the Client User Interface Mixed Control Settings dialog box.
To enable network intrusion prevention or browser intrusion prevention
In the console, open an Intrusion Prevention policy.
On the policy page, click Intrusion Prevention.
Make sure the following options are checked:
Enable Network Intrusion Prevention
You can also exclude particular computers from network intrusion prevention.
Enable Browser Intrusion Prevention for Windows