Hi. I am having issues with annoying poupus coming up every few minuits, saying SEP blocked application "svchost.exe". I have been using this PC with SEP for little over an year now and I haven't had this popup come up until yesterday. The only thing I remember changing on that time was setting up a Dropbox share folder, which I assume is unrelated from the information I show below.
I am on an unmanaged client.
I checked the network threat protection logs, and has identified the notification is coming from an incoming traffic to port 3702, from an IPv6 address. The log tells me that the applied rule is Block Web Services discovery.
Here is the exact log entry:
2018/06/14 10:10:44 遮断しました 3 着信 UDP FE80:0:0:0:6152:E281:F972:22C8 28-16-AD-21-2F-0F 64489 FF02:0:0:0:0:0:0:C 33-33-00-00-00-0C 3702 C:\Windows\System32\svchost.exe LOCAL SERVICE NT AUTHORITY Default 4 2018/06/14 10:10:20 2018/06/14 10:10:25 Block Web Services Discovery
遮断しました = blocked, 着信 = inbound (I run on a Japanese client. Sorry for the inconvenience)
I looked through other forum posts, and have figured out I can change this particular firewall rule to allow traffic, but I don't know if this is safe to do. So I want some expert advice on the matter.
I am currently supressing the popups by turning off Network Intrusion Alert but this is probably not ideal in the long term.