This hasn’t happened in the two years of using the product, what are the chances this is a false positive or bad configuration instead of some unique infection? Only other difference I notice are more blocked inbound connections to svchost.exe than normal, I don’t see anything else suspicious and multiple Antivirus scans come out clean.
Can you be more specific by what you mean CIS treats svchosts as? Are you getting HIPS alerts for the process or do you see it being listed in unblock applications task?