I have a user that is in a remote office and has a public IP. Symantec keeps popping up the message below every 5 to 10 minutes. He is using Windows 7 all MS updates are current. I find the log in the Client Management log.
8 8/1/2012 11:13:09 AM Intrusion Prevention Critical Incoming TCP 75.109.151.136 45595 N/A 75.109.188.XX 135 N/A \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE 20386 72052 OS Attack: MS RPCSS Attack CVE-2004-0116 2 USER-ID user-PC Default 1 8/1/2012 11:12:58 AM 8/1/2012 11:12:58 AM [SID: 20386] OS Attack: MS RPCSS Attack CVE-2004-0116 2 attack blocked. Traffic has been blocked for this application: \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE
Any help in resolving this would be appreciated.