To start, I've read nearly every post I can find on this issue. I continue to get alerts for "Traffic has been blocked from this application: Host process for windows server (svchost.exe)" and I cannot figure out how to correct this issue.
I'm a Windows 7 Pro user and an unmanaged client. I just upgraded from SEP 11.x to SEP 12.1.5. My problems started with me being unable to use a wireless network printer, but I was able to make a rule to allow the IP traffic from it's specific local IP - easy.
I continued to get alerts for svchost.exe and I noticed that my log showed that they were for UPnP discovery. I disabled the firewall rule to block UPnP discovery as indicated in this thread: https://www-secure.symantec.com/connect/forums/svchostexe-traffic-has-been-blocked-sep-netowork-threat-protection#comment-8139281
But I still get svchost.exe alerts...
I've attempted to disable TCP/IPv6 as indicated in this thread: http://www.symantec.com/connect/forums/traffic-has-been-blocked-application-svchostexe-0
I continue to get the message every couple minutes. Judging by the log, it appears to still be an issue with IPv6.
6684 2/21/2015 6:26:32 PM Blocked 3 Outgoing UDP teredo.ipv6.microsoft.com [94.245.121.251] 40-16-7E-A1-87-90 3544 192.168.1.206 90-E6-BA-07-41-40 49794 C:\Windows\System32\svchost.exe SYSTEM NT AUTHORITY Default 2 2/21/2015 6:26:04 PM 2/21/2015 6:26:20 PM Block IPv6 over IPv4 (Teredo) Remote UDP port 3544
I don't want to just disable the alerts. Can anybody offer some further advice on the subject?
Thanks in advance!