Endpoint Protection

Operating system: windows 8 64-bit operating system. SEP version 12.1.12015.2015. Updated as of today.
SEP keeps creating a popup that states "traffic has been blocked from this application: SVCHOST.EXE."

I have disabled IP6, searched for imposter SVCHOST.EXE and many other things to stop whatever this is from happening. It still happens every couple minutes, continuously. Some sources say it is SEP acting funny over no threat. Some sources say that it is malicious.

I tried a system recovery after it started, which failed.

How can I eliminate this "high risk?" Please help

Look in the Traffic log at the time this popup occurs and see what's going on. Specifically, the port assocoated with it.

I've seen this happen with MS updates as well so it could be a false positive.

You can check the traffic logs .

Check this thread

https://www-secure.symantec.com/connect/forums/traffic-has-been-blocked-application-svchostexe-3

Hi

Kindly upgrade to SEP 12.1.3 and observe

Regards

Hello,

Check these Threads with similar Issue:

https://www-secure.symantec.com/connect/forums/svchostexe-traffic-has-been-blocked-sep-netowork-threat-protection

https://www-secure.symantec.com/connect/forums/svchostexe-traffic-being-blocked

https://www-secure.symantec.com/connect/forums/svchost-pop

https://www-secure.symantec.com/connect/forums/svchost-exe

Hope that helps!!