We have just deployed the 12.1.2 server update and client update and I created a new package to send to all endpoints. In the package I included the firewall but not the Intrusion Prevention. Does this mean that even though the IPS is not installed for the clients the add-on is still on the machines? Is it part of the Network Threat Protection or just the IPS? When I look at the protection technology on all clients in the management console it show that the intrusion prevention for IE and FF is not installed but yet the add-on is installed for all clients anyway and IE9 asks to enable/disable the add-on.
Is this what was supposed to happen even without the IPS installed and only the Firewall installed? If it is part of the Network Threat Protection and I create a new IPS policy, can the add-on be enabled by default without user intervention?