Endpoint Protection 12.1.2015.2015 "port scan" false positive
Running Endpoint Protection 12.1.2015.2015 on Windows 7, and have had the usual tweaks that others have reported that needed to be addressed such as the "traffic from application svchost.exe" fix with IPv6, and that has since gone away for me as well with using the recommendation of turning IPv6 off since it's not being used. However, I've recently run into a snag with this machine since it runs VMware Workstation on it as well to run one of my test asterisk voip virtual machines. When I place calls out from my physical Cisco 7965 IP Phone, on every other call (usually happens with back to back calls) I get:
(screenshot taken at a different occurrance of this, but this is what displays every time)
The 64.x.x based IP is that of my SIP trunk provider, which is not a threat.
Line item from Traffic Log after the event:
1/21/2013 2:31:04 PM Blocked 10 Incoming UDP 64.x.x.x [MAC redacted] 19320 10.0.0.248 [MAC redacted] 11434 drew Default 4 1/21/2013 2:31:06 PM 1/21/2013 2:31:06 PM Block_all
Any ideas to filter this without compromising security?