Endpoint Protection for Mac may not forward all Intrusion Prevention detections to Manager
Last Updated January 03, 2018
Symantec Endpoint Protection (SEP) for Mac may not forward all Intrusion Prevention (IPS) detections to Manager (SEPM).
IPS detections appear and are logged locally on the Mac client, if configured to do so, but some of these events are not forwarded to SEPM. Affected IPS signatures include TCP Syn Flood (99992) and ARP Cache Poison (99990).
This issue appears to affect only SEP 14 for Mac; SEP 12.1.x for Mac will forward all IPS events OK to SEPM if configured to do so.