Managed to find a fix in the end. The security issue was a red herring. Under normal circumstances on IE10 it will use jsop and give this message:
"SignalR: Using jsonp because this browser doesn't support CORS"
However, with this particular client this was not happening. Specifying the use of jsonp explicitly when connecting fixed the issue.
$.connection.hub.start({ jsonp : true },function () { ...