I confess I'm fairly ignorant of what NIS does to protect my computer, I just assume that it knows what it is doing.  Recently, NIS 2011 blocked some intrusion attempts (Fake AV webpage request and a http blackhole toolkit activity).  It then picked up and quarantined a downloader.

Since then I regularly look at the security history log.  There seems to be a lot of firewall activity logged as info that reports Rule "Default Block SSDP" blocked ....Inbound TCP connection.......process name is c:\windows\system32\svhost.exe"

Please can someone help to explain what this means and is it indicative of any problems that I need to address? eg intrusion attempts?  Also what number of alerts would be considered to be a normal daily level?

Thanks