Hi
We are the running Endpoint Client with the Firewall blade enabled.
When I go to Log Viewer, 99% of the logs is dropped multicast traffic from the Firewall blade.
![1.jpg.png 1.jpg.png](https://community.checkpoint.com/t5/image/serverpage/image-id/2750i5E72954E0E98C2BE/image-size/large?v=v2&px=999)
This makes investigating the logs somewhat difficult as there are limited filtering options available.
Most of the multicast traffic is LLMNR port 5355 tcp and SSDP port 1900 udp.
I want to create a Noise Rule (i.e. Track to None) so this traffic does not appear in the logs.
Is it ok to create a block rule only on the ports as below? Note the source is Any
![2.png 2.png](https://community.checkpoint.com/t5/image/serverpage/image-id/2751i039773CAE0A5FF2E/image-size/large?v=v2&px=999)
Can these ports be used by other services? And if they can then how would I create a Noisey Traffic Rule