Endpoint Protection

I keep getting a popup that svchost.exe is being blocked. I have ran the scan along with malware and avg and nothing is popping up. I seen on other forums that people posted their tasklist to others to look at. I attached mine.... if you could tell me if you notice anything fishy that would be greatly appreciated. Thanks!!!!@

Attachment(s)

tasklist.docx   75 KB 1 version

tasklist2.docx   39 KB 1 version

This is the IPS notification. It's more than likely a legit process.

I assume you have an unmanaged client?

Would need to see the Traffic log but one of the rules is causing this, perhaps due to IPv6.

There are only a few options to deal with this.

1. Allow the specific traffic ( would need to see traffic log to see exactly what it is)

2. Disable the rule (not recommended)

3. Turn off the notification (you won't see these alerts but you may miss something else)

4. Allow svchost (not recommended as malware can hide within this process)

Thanks Brian,  Here is some of the traffic log...

Attachment(s)

traffic.docx   515 KB 1 version

Looks to be the rule "Block UPnP Discovery"

This is an unmanaged client, correct?

If so, there is no way to stop the alerting on this rule, unlike if it was a managed client, you could turn off logging of this rule.

The easiest way to go here is just to turn off the notification but than you won't see any alerts at all.

Not really sure what you want but there are the options I mentioned above that will help you deal with this.

Yes unmanaged. Thanks, just wanted to make sure it was not something hidden in my system. Some people began getting bugs on a network i connect to and i wanted to make sure it was not something more.

Nope, doesn't look to be malware.