Thank you, that's what I thought. I'm unsure where to look in the logs to see where it's coming from. If it's on my network I'd like to sort that out before I block the traffic. I've looked at every log on the Endpoint client that is producing the messages, there doesn't appear to be anything that relates to the pop up messages I see in the task bar.
Every Windows machine on the newtork is patched with MS17-010.
Any sugestion on where to look up that log info would be greatly appreciated.