Why does Defender regularly attempt to connect devices within the same subnet, using this port sequence:

106, 111, 515, 623, 660, 808, 1433, 1434, 1521, 1720, 2049, 2869, 3283, 3306, 5040, 5357, 5000

The connection attempts fail and the source is Defender, running from elevated powershell

powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -File "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\PSScript_{GUIDGUID-GUID-GUID-GUID-GUIDGUIDGUID}.ps1"

Does anyone know what this mechanism is?  Is it testing local devices?  Different machines do this - they aren't configured as local discovery electives (AFAIK).