I have a repeated notification of an intrusion attempt. I’m pretty sure it’s safe but could someone either confirm or give me an idea of what to look for (to see if it’s safe or not)? Thanks!
Details are:
Application: Windows operating system
Action: X Blocked
Protocol: UDP
Source IP: 0.0.0.0
Source port: 68
Destination IP: 255.255.255.255
Destination port: 67
This identical entry seems to appear every 2 to 6 minutes. I don’t think it’s associated with anything I’m doing. Is this something that I need to be concerned about?
Happy to answer more questions if someone needs more info.
Hi Dennis, this does exactly look like my issue. Just to be absolutely clear, this process is basically looking for other clients on my network, and it’s absolutely OK for me to trust it? Apologies if this is a really stupid question, just that I don’t understand networks.
Oh and… which of the many svchost.exe processes do I trust?
That was really useful - I was looking in the wrong place to edit this setting. Thanks - now edited and hopefully it will be fine and won’t pester me with these logged events.
In Network Security Policy (“Application Rules” tab) I have added a rule for svchost.exe that allows both in/out UDP traffic from 0.0.0.0 port 68 to 255.255.255.255 port 67 but unfortunately it’s still coming up in the Firewall Events log as blocked