upgrade to windows 8.1 yesterday, installed a few other softwares too.

booted pc today SEP gave me a message "Host Process for windows services has changed since the last time you used it"

"Do you want to allow it to acess the network"

 svchost.exe

Yes No Detail

Detail has my IP address for this PC and it has a remote IP address that I've never seen before, what do I do?

got a second one, NT Kernal _system has changed since the last time you used

NTOSKRNL.EXE

has my IP and the remote IP is on my subnet, last number has changed

got a third one "spooler substystem app has changed since the lasttime you sused it"  spoolxv.exe

allow access to network yes no detail

has the ip address of my printer and remote is on my subnet last number looks like another pc on my network

It sounds like network application monitoring it turned on. Is this an unmanaged client?

http://www.symantec.com/docs/HOWTO18280

try to ping that ip and check the host name.

Symantec Endpoint Protection states that "an application has changed since the last time you used it."

help me here a bit.  it's not an unmanaged client ( i don't think) it's got SEP installed on it by itself.  no server, no remote monitoring. if i'm missing what you are saying please rephrase as I'm not a PC expert.

the links provided by rafeeq, seem to indicate it aligning with me installing 8.1 i hit allow on all three (because I tried to print and couldn't)... assume that was because of the spooler app was being held up...

my computer hasn't blown up yet so i'm open to other comments or suggestons, but I think this may be normal for a win 8.1 upgrade with SEP already on the PC.  ????  idk. 

It sounds like this is an unmanaged install (no SEPM server to manage clients?)

Open your SEP GUI

Under Network Threat Protection select Options >> Change Settings

Under Traffic Settings is "Enable network application monitoring" enabled?

Also, check the Security log to see what info shows for this

the network application monitoring is NOT enabled.

looking at the log there is some outgoing things being blocked.  i don't know what this means.

most ahve a severity of 3.  most say win8.ipv6.microsoft....etc.

some others show a strange hex code e.g. FE80:0:0.... etc.

the last one shows an IP address I'm not familar with and is not on my network...

there are multiple instances of each of these since booted the machine today.  going back one day (that's all i can see in the filter... these same three blocks are going on).  I can't tell if it occured before I installed 8.1 because it doesn't go back that far.

It could be releated to IPv6. I believe the default firewall in SEP is to block IPv6. IPv6 is not really in use much yet. You can disable it

http://www.techunboxed.com/2012/08/how-to-disable-ipv6-in-windows-8.html

DId you check IPV6 if thats enabled under the rules section?

First check the logs

open sep- ntp - logs

If you see something like 

1/1/2011 11:39:11 PM    Blocked    3    Outgoing    IPv6 [type=0x86DD]    0.0.0.0    33-33-00-01-00-02    0    0.0.0.0    00-22-B0-6E-B1-F0    0        Steven    SoederFTW    Default    1    1/1/2011 11:38:09 PM    1/1/2011 11:38:09 PM    Block IPv6 (Ethernet type 0x86dd)   

then follow these steps

1. Turn off the iphelper service, set to manual.  This stopped the warning dialog from popping up.  But, I noticed there were still a lot of ipv6 requests being blocked in my logs (roughly half the amount there were before stopping iphelper service)

2. Open your network and sharing center, click "change adapter settings", select the adapter you are using (for me it was my wireless adapter), right-click and hit properties. Untick the box next to Internet Protocol Version 6 (TCP/IPv6). 

3. Restart machine.