I saw this SK you mention when I was searching.  There is not really anything that is breaking per se.  Its just making a mess of the logs because there are a bunch of "alerts."  In fact they are not even drops.  We just have a routine that reports on all of the "alerts" and then I have to sift through these protocol violations.  Do you know how to fix it?  Is it something I have to do in the rulebase?  OR is there a way to stop alerting on it since they are allows?  I just don't want to stop alerting on something that is worthwhile in order to cut down on noise.  I could easily just not log everything and that would get rid of the noise 🙄  For the most part its UDP4500 and 500 as well as 443/128/25, etc, but then if I eliminate them from the log view there are a bunch of random HO ports with "protocol unknown" in the protocol field.

I see something similiar:

Firewall - Protocol violation detected with protocol:(DNS-UDP), matched protocol sig_id:(1), violation sig_id:(12). (500)

The traffic is allowed but is alerting.  If this is not cause for concern how can we stop this from happening?

I could not find anything on Support site for this.

I have not found a way to easily eliminate the noise unless you filter out through a repot in SmartEvent.  Or filter out in the logs view, but as I stated you may then filter out pertinent information that you want to see.  As for logs themselves though its very annoying and the premium that it costs with exponential amount of logs in R80 makes it a challenge.  If anyone comes up with a work around please add to the thread.

Not found a way either, it would be useful if Checkpoint can offer a solution for this.

Hi Checkpoint advised me to use sk114917 ....worked for me 

Firewall - Protocol violation detected with protocol (SMTP) .....etc..etc....ect.....