Thanks to all that a have responded. Right after I posted this we had a server go down and I had to handle that instead.
First off Sandip, I can't really update this client yet however we will be updating all clients over the next month or so. That being said, the client is stopping this for running and contacting the remote hosts like it should I just need to find out what it is so I will know if I should clean it or allow it so the warning go away. I think it is a good suggestion but it looks like with this version it is seeing that there’s something running and it is blocking so I am not so sure updating would solve anything.
Aniket, I did see that post but I am not sure that it applies here. I say that because the end result of that was if the system shows no infection status then it is safe. I don't think that is always true and I don't think it is true here. I will explain this in just a second.
Jason, I have installed Process Explorer and I think it is a good program but I am not so sure it is helping me. I will explain this in just a second. I did try to install the Microsoft hot fixes associated with fixing a "vulnerability/exploit/ of the RPC service but since this PC is up to date on all Microsoft updates then it was already installed.
Again thank you all for your suggestions I have followed each one of them but right now I don't think the can help me. Allow me to explain further and you will see why.
Even though it says there is no infection and I have scanned this PC about 5 times and even though the Process Explorer shows me the values of the svchosts that are running. I still think there is something else going on. First of all if this is something new then it is possible for it not to be classified as an infected PC. Second the Process Explorer only shows me running processes, here's where it gets tricky to me. Each of these 'Intrusion Prevention' messages occurs between 4 A.M. and 5 A.M. when no one is on the system.
I have checked the Scheduled Tasks on the PC and nothing is set to run at this time of day. And I think that what ever this is does not show in the Process Explorer because it doesn't run until then.
Does all of this make sense? Am I thinking about this correctly? Any suggestions on how I can track what this is when it fires up at 4-5 in the morning when no one is on the system?
Again thanks for your input and I look forward to more feedback on this issue!