Hi Enid,
For this intrusion alert there are almost 23-25 SIDs. Can you go to intrusion events and take a note of SID? Also, you can download that packet from intrusion event page, open it up in wireshark & take a look to content if that matched with SID.
It's not that something exist on your PC locally. Clients are reaching out to internet and the pattern in the packet matches with SID, that's why you see those alerts.
Maybe you can open up a TAC case and provide us the download packet and we can verify it for you. If that's something false positive, we would let you know.
Attached screenshot for SID ref.
Regards,
Dv