Hi ,
Please do not delete the rule . It is a DDOS (Denial Of Service ) . Do not delete the rule .
It is not necessary it has to be a single application . This DDOS can try to get the details from the TCP and UDP packets . Using those details it can change the password to default password . There no source address for this DDOS .
This is what i suggest , Run the SEP_support_tool.exe and collect the logs . Download from
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/SEPDIAG/
Select SEP_support_tool.exe
Run the tool and collect the logs.
Upload the file and i will check it . You cannot view by notepad because the file extension is different .
It is not txt but it is SDBZ . THere is a viewer in the same Folder "SEPDIAG" download the Viewer .
Check the logs and If you find any program or application .
send it to Security Response Team.
Use This KB article : http://www.symantec.com/docs/TECH147870
This article will tell you , What do send , how to send it and whom to send it .