We are currently running CSA ver. 22.214.171.124.
We see the message: "The process 'C:\WINDOWS\System32\svchost.exe' (as user NT AUTHORITY\SYSTEM) attempted to accept a connection as a server on UDP port 123 from (Internal IP Address) The operation was denied.
I believe it is just be a printer checking in with a PC to coordinate its internal clock.
We have tracked down all the IPs in these events and they are printers.
HP. Lexmark et al make no mention of this port, so I'm not sure if we can disable it at the printer.
The sheer number of these messages is annoying.
Network Access Control Rule 484 is involved. It states:
"Deny and log all applications when they attempt to act as a server for network services UDP and TCP communicating with all host addresses using all local addresses"
I don't want to define the host or local addresses (too many), and I'm leery of rebuilding the rule to exclude UDP/123
I also don't wnt to disable all logging. just in case there is a real problem someday.
Has anyone else addressed this?