Have you checked the attack compilation settings on the device tab?
From the IPS guide:
Configuration of attack compilation
The Attack Compilation page enables you to specify the type of attack definitions to be included in the IPS
Policies for a specific Sensor.
To access the Attack Compilation page:
1 Click the Devices tab.
2 Select the domain from the Domain drop-down list.
3 On the left pane, click the Devices tab.
4 Select the device from the Device drop-down list.
5 Select Troubleshooting | Attack Compilation.
You can select the following types of attack definitions for the Sensor:
• Default McAfee Attacks (from the Signature Set)
• Custom Attacks–McAfee Format — These are the McAfee Custom Attacks that you defined or received
• Custom Attacks–Imported Snort Rules — These are the Snort Custom Attacks that you imported into or created in the Manage
Is the snort rule 'included' on the custom attack editor?yes it is as above .
If it shows as included, what priority have you given it? what is the priority?
Does it show on the Default IPS policy?no it doesn't