No router under my control in this case; the user is working at home. The alerts still occur when not connected to our VPN, so I can't do anything with our router to block this.
For some reason I can't turn on the machine's firewall as local admin; it says it's under control of our system administrator. I am the system admin and I haven't done anything globally to turn off the firewall, I don't think. I _may_ have done some some GPO to stop Win 10 boxes from complaining about the firewall being off, since that's the only way to stop that in Win 10, but if I did it was long ago and I don't remember. But this is a Win 7 box. I can't currently log in to the machine as a DA because I have no cached profile on it and the machine can't connect to the VPN until I'm logged in. I may be able to execute a PS script to do it via our asset management system.
In any case I've suddenly stopped receiving the alerts, though I don't know if that just has something to do with the time of day. Last one was 2:56 pm EDT yesterday.
BTW---When I purchased the avast Business Pro system I thought I purchased an anti-malware system to block attacks on individual machines by means of email, websites, or external media, not a firewall system to monitor ports and do "perimeter security". I used to be able to specifically turn off the Avast firewall feature in the 8.x version. Now there's no way to control it that I can find in the On-Premise Console. I dislike it when vendors change important aspects of the functionality of a product without notifying me and giving me an opportunity to make my own decisions about it.
The fact that Avast was blocking an alleged EternalBlue attack from something that is NOT on the machine every few minutes is not useful information to me, and it is extremely disruptive to the user. (I scanned the machine with Avast, and I hope to God that the Avast scan would actually detect the source of this behavior if it was on the machine, since it's so annoyingly adept at detecting the behavior when it occurs--in fact I got several of those popups DURING the scan, identical, except for source IP, to those that had been appearing prior to the scan, yet the scan reported no detections when it completed.) Criminals constantly hit random ports attempting to do something nasty; thousands of times a day. I don't need to hear about it every time they do that. EternalBlue is no better and no worse than any other kind of attack. This strikes me as more of an effort at marketing--whereby Avast announces that it stops EternalBlue--than as something useful.
