Endpoint Protection Small Business Edition

Every other day I get 2 emails from my Symantec Cloud alerts.  I can not find any reference to these and have no idea what is causing the attack.  How can I fix this and find what is trying to connect?

A high-risk intrusion was detected on (Servername)

Server Group on 10/21/2014 4:16:52 PM.

Intrusion Name
Attack: an intrusion attempt was blocked.

Targeted Application

Targeted IP
192.168.1.200

Targeted Port Number
0

Targeted Host Name

Status
Blocked

Does it show a remote attacker IP or info?

Brian, No it doesnt show anything about attacker or IP in any of the logs.  Just what I sent in the email

Brian, update 2, in my console I finally found this:

Looks like someone is trying to use shellshock on a windows machine...  Any way you know of to completely stop this?

Thanks

Yea coming from:

P Location	United States Wyoming Tds Telecom
ASN	AS4181 TDS-AS - TDS TELECOM,US (registered Dec 16, 1994)
Resolve Host	h69-128-64-62.wyngmi.dedicated.static.tds.net
Whois Server	whois.arin.net
IP Address	69.128.64.62

NetRange:       69.128.0.0 - 69.131.255.255
CIDR:           69.128.0.0/14
NetName:        NETBLK-TDSNET-BLK
NetHandle:      NET-69-128-0-0-1
Parent:         NET69 (NET-69-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS4181
Organization:   TDS TELECOM (TDST)
RegDate:        2003-03-25
Updated:        2012-02-24
Ref:            http://whois.arin.net/rest/net/NET-69-128-0-0-1

OrgName:        TDS TELECOM
OrgId:          TDST
Address:        525 Junction Rd.
City:           Madison
StateProv:      WI
PostalCode:     53717
Country:        US
RegDate:        1994-12-16
Updated:        2014-07-31
Comment:        http://www.tdstelecom.com
Ref:            http://whois.arin.net/rest/org/TDST

well it's being blocked so it's doing it's job.

You could drop that traffic at your external firewall or IPS