Hi Mick,
Again a traffic is been generated from another workstaion to the one more server. As suggested by the symantec I have checked the NTP and PTP logs nothing have. But that workstaion is not patched with MS17-010. We have installed the patch and no detection were , after that no detection were found.
Since many machines are not properly patched. we are getting this kind for detection.
Thank you so much for giving me clarity about this signature.
So if this signature is triggered again.
1) need to check both the machines are patched with MS17-010
2) check on the affected workstation if there any poorly designed software is being used.
3) May be it would be false alarm