How you can test and proof that IP is working in SEP client?
for example: to test AV, try with EICAR
Though this link is for custom IPS signature, you may need try checking this
http://www.symantec.com/business/support/index?page=content&id=HOWTO55177
even any network tool like NMAP will be identified by IPS.
Step
Action
Description
Step 1
Make sure that clients use the current Intrusion Prevention policy
The next time that the client receives the policy, the client applies the new custom signatures.
Step 2
Test the signature content on the client
You should test the traffic that you want to block on the client computers.
For example, if your custom IPS signatures should block MP3 files, try to download some MP3 files to the client computers. If the download does not occur, or times out after many tries, the custom IPS signature is successful.
You can click Help for more information about the syntax that you can use in custom IPS signatures.
Step 3
View blocked events in Symantec Endpoint Protection Manager
You can view events in the Network Threat Protection Attack logs. The message you specify in the custom IPS signature appears in the log.
Try a simulation of a ping flood attack:
Of course this is just a test for a part of the IPS functionality.
Try and download EICAR from the EICAR website - it will trigger IPS
EICAR is a (static) virus signature checker. The asker is specifically asking for IPS.
I am well aware of what EICAR is.
Trust me, try and download EICAR.COM from the EICAR.ORG website, it will trigger IPS BEFORE it triggers AV.