Endpoint Protection

What is the meaning of  historical ip in the below image ofmy firewall log as the remote host
 ip is my router's ip address. and why it is blocking that .    

Check this
 

Current IP Address

This is the IP address the client has now (or had at the last time it talked to SEPM). 

Historical IP Address

This is the IP address the client had when the attack occurred. 

Remote Host IP

This is the IP address of the other guy (usually the guy attacked this system) 

Hi Kavin Thanks for ur reply As per u Current IP Address This is the IP address the client has now (or had at the last time it talked to SEPM). ----this is fine Historical IP Address This is the IP address the client had when the attack occurred. (how this can be as my client has manual ip as 192.183.75.110) Remote Host IP This is the IP address of the other guy (usually the guy attacked this system)-----how can my router attack. One thing I forgot to mention is that I have blocked all traffic to/from that client except 5 ip address. in this log there are some remote host ips which are given manually to Line printers(network printers). and printer can't attack a system. can you please clarify

If its printers IP then its false positive..

If your router ip address is 10.33.2.101 then it is not attacking you... Port 520 is RIPv1 or RIPv2 info. If you don't want to use rip create a policy to block and no log.

there are many pcs also which are protected by sep with fully upated and on different subnet and VLAN still their ip is also in the blocked ip list. they must be broadcasting but how and why if they are all cleaned systems. and no applications are used which should make connections between these pcs.