Network threat blocked

This situation can occur when a port scanning attempt on your system is detected or when an application on your device tries to transmit malicious traffic to another device on the network or exploit a security hole.

The notification displays the type of threat and the IP address of the device that initiated the activity. Click Change handling of this threat to show the following options:

Continue blocking—Blocks detected threat. If you want to stop receiving notifications about this type of threat from the specific remote address, select the radio button next to Do not notify before you click Continue blocking. This will create an Intrusion Detection Service (IDS) rule with the following configuration: Block - default, Notify - no, Log - no.

Allow—Creates an Intrusion Detection Service (IDS) rule to allow the detected threat. Select one from the following options before you click Allow to specify the rule settings:

•Notify only when this threat is blocked—Rule configuration: Block - no, Notify - no, Log - no.

•Notify whenever this threat occurs—Rule configuration: Block - no, Notify - default, Log - default.

•Do not notify—Rule configuration: Block - no, Notify - no, Log - no.

A Network threat blocked event does not always indicate a real attack. Common causes include:

•Legitimate devices on the local network, such as home routers, mesh nodes, Wi-Fi extenders, NAS devices, smart TVs and multimedia devices.

•Applications running on your device may open or probe multiple ports or communicate with other devices on the network (for example, file-sharing, streaming, remote administration utilities or update services)

•Malicious activity, such as port scanning attacks, communication from an infected device on the same network, or unwanted or suspicious processes running on your computer.