I got a new pc laptop for school about 3 weeks ago and all has been well until today. I was on the school's network today and a Symantec Endpoint notification popped up in the bottom right corner of the screen, saying that a port scan attack had been logged, and that it was going to block a particular IP address for 600 seconds. This happened about 3 times. Not sure if the IP address was the same each time.

Right after the last time this message occurred, a new Symantec notification started popping up, which says that it is blocking traffic from svchost.exe. This message pops up about every 5 minutes now.

Symantec can't find any viruses and MalwareBytes can't find any infections, so I'm wondering what's going on. I tried researching online, and found explanations ranging from false alarm to remote keylogging. It might just be Symantec notifying me that the firewall is doing what it is supposed to do, but the constant notifications are annoying and I'm concerned that there might actually be a problem.

Does anyone know what I should do?

Thanks!

svchost is an important system service that hosts other services. It should not be blocked.

"Port scan attack" is an oxymoron, at worst it means someone is checking all your ports, which is equivalent to scouting, not attacking.

It looks like your virus scanner spazzed out and though that processes connecting to svchost were port scanners (I guess because your firewall is misconfigured).

Malwarebytes would have found something if there was something to find. Don't worry about it.

Ok cool. Thanks for the input.

It sounds like the firewall is just doing its thing and for some reason conflicts with svchost trying to send outgoing signals. I also realized that I had just placed the Symantec icon on the toolbar/taskbar thing in the bottom right, so it was probably always doing this, but didn't have notification pop ups until I put it there.