I have a machine that is constantly showing up in my Snort logs. The machine is a proxy and does not have file/print or any netbios settings enabled (as far as I can tell).

Its constantly trying to connect to several machines on ports 139 and 445.
There are no suspicious processes and I've done full spyware/virus/trojan scans on it.

[snort] (portscan) Open Port 2005-10-19 11:46:45 x.x.x.x x.x.x.x Raw IP
the payload is "Open Port: 139"

I've tried to tweak the preprocessor sfportscan as follows:

preprocessor sfportscan: proto { all } \
memcap { 10000000 } \
ignore_scanners { x.x.x.x } \
ignore_scanned { x.x.x.x } \
sense_level { low }
Where x.x.x.x is the machine that keeps showing up in the logs.

It is also setting off some bleeding snort rules:

BLEEDING-EDGE Behavioral Unusual Port 139 traffic, Potential Scan or Infection
BLEEDING-EDGE Behavioral Unusual Port 445 traffic, Potential Scan or Infection
I've done some research on this, and it seems that this rule is being set off because an unusually high number of connection attempts. People recommend to tweak this rule or turn it off as it frequently creates quite a few false positives.

How can I suppress these portscan events from showing up in my logs?

I've looked at the threshold.conf but it looks like you can only set threshholds for certain rules but not preprocessors?