Logs indicate that certain IPS events are detected by Symantec Endpoint Protection on Macintosh clients, but when Symantec Security Response is queried, the response is that these are silent IPS signatures that should not be visible. In some cases, there also may be no information about this event in the list of IPS Attack Signatures. Is there any cause for concern?
SEP for Macintosh only
Example SEP for Mac log entries:
"Informational: HTTP PE Download" Signature ID: 23318
They do not indicate a threat of any kind, despite the undesired appearance in pop-ups or logging. No traffic is blocked as a result of these detections. They are meant only to gather data on traffic trends and help Symantec shape the design of signatures that actually do detect real threats. See "Data Collection" tab under site properties in SEPM.
Silent IPS signatures were completely hidden in client-side interface via LiveUpdate CIDS content version 15.0.3 in March of 2016.
Silent signatures were still visible in SEPM, and this was fixed as of SEP 14.0.
ID: 3734636, 3890781
Imported Document ID: TECH228659
Subscribing will provide email updates when this Article is updated. Login is required.