SSDP is used to provide remote installation services. The protocol was designed to simplify administration by allowing you to install a device on your LAN and and in turn have it install itself onto all computers on the LAN. The original implementation was flawed and exposed a security risk. A security patch was released for Windows ME, 2000 and XP to fix several serious issues. However, opening port 1900 to the Internet is generally not wise even with a patched system. If you are on a school LAN or share several systems, you may see three events per system every few minutes. This can be ignored. If you do not see three items from the same system (on average) then you may wish to report this as an attack. If you are receiving a large number of these events, we recommend that you consider changing your "When an Event is Detected" setting (Options: General) to "Flash the Tray Icon". If you need to open this port, it can be opened in the "System Services" tab.