Hello,
I don't think that is possible with custom IPS Signature.
The IPS signatures are packet-based.
Unlike Symantec signatures, custom signatures scan single packet payloads only. However, custom signatures can detect attacks in the TCP/IP stack earlier than the Symantec signatures.
Packet-based signatures examine a single packet that matches a rule. The rule is based on various criteria, such as port, protocol, source or destination IP address, TCP flag number, or an application. For example, a custom signature can monitor the packets of information that are received for the string "phf" in GET / cgi-bin/phf? as an indicator of a CGI program attack. Each packet is evaluated for that specific pattern. If the packet of traffic matches the rule, the client allows or blocks the packet.
You can specify whether or not Symantec Endpoint Protection logs a detection from custom signatures in the Packet log.
Check these Articles:
About custom IPS signatures
http://www.symantec.com/docs/HOWTO80930
Creating custom IPS signatures
http://www.symantec.com/docs/HOWTO27083
Managing custom intrusion prevention signatures
http://www.symantec.com/docs/HOWTO55161
Defining variables for custom IPS signatures
http://www.symantec.com/docs/HOWTO55453
Changing the order of custom IPS signatures
http://www.symantec.com/docs/HOWTO55464
Testing custom IPS signatures
http://www.symantec.com/docs/HOWTO55177
Adding signatures to a custom IPS library
http://www.symantec.com/docs/HOWTO55170
Hope that helps!!