Hi
I've recently upgraded to SEP 12.1.4. Since installing the upgraded Mac client on a few machines, they're all seeing intermittant port scan attacks from various IP addresses around my network, all using the application /mach_kernel
I'm fairly sure these are spurious, i've checked the machines on some of the IP's listed, and can't find any trace of malware or viruses, so my thoughts are that its something else, probably a monitoring tool or something like Bonjour traffic, that is being detected
My question is, what can i do to prevent it happening? I don't really want to block the notification, as it would be nice to know of other IPS events, but i would like to create an exception or similar to suppress this particular alert
Has anyone else experienced this before, and if so, what have you done to try and resolve it?