The Intrusion Prevention System (IPS) of a Symantec Endpoint Protection Cloud (SEPC) client is being triggered by traffic to a website that is believed to be safe.
Whitelist a website that you believe to be safe that the SEPC client is blocking.
Note: Legitimate websites and public-facing internal webservers may have been compromised by an attacker to serve malware, or malicious advertisements on those pages (maladvertizements) may be attempting to redirect visitors to a site hosting a drive-by download for vulnerable browsers.
If the IPS event is believed to be a False Positive (FP), please follow these steps:
Change Submission Type to "Provide blocked URL (IPS)
Input the URL or Public IP Address
Complete the required information on this page and click submit.
At this point Symantec will test whether the detection is a false positive or not. Please give Symantec some time to do it's tests. Once the tests are completed you should receive an email containing the results.
Subscribing will provide email updates when this Article is updated. Login is required.