Found these 2 in security event log

So I've been wondering for awhile why my security event log has been empty since the last reinstall of windows on this box, and after editing the security policies to audit success and failures of almost all events, I got these 2 errors reporting listening on high range udp ports:

"The Windows Firewall has detected an application listening for incoming traffic.

Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 1280
User account: NETWORK SERVICE
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 64997
Allowed: No
User notified: No
"
...
"The Windows Firewall has detected an application listening for incoming traffic.

Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 1280
User account: NETWORK SERVICE
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 55933
Allowed: No
User notified: No
"

Any ideas on what they are? Anyone know what these ports are commonly used for? An hour later, it seems that more and more random attempts are being blocked by windows firewall, are these used by NAT for normal traffic? Thanks