We are receiving ATP alerts because our machines are trying to access Windows update at 209.197.3.8. They've been hitting that IP for months, but the alerts just started.
Is this a false positive?