It's not the firewall, ZA, that's producing the alerts, it's Kaspersky, see:
(and I just found the forum
. I'll ask there too). It doesn't name the port except for saying UDP Port Scan, as I described in the OP.
Kaspersky does have what it calls Network Protection. From K's Help: "Kaspersky Anti-Virus Personal Pro 5.0 allows to protect your computer against network hacking attacks from the local area network or from the internet. Hacking attacks are detected based on the records contained in the database of the attacks known at the moment. This database is updated and the updates are installed along with the update of the anti-virus database (details see Using the application). By default, protection against network attacks is started at Kaspersky Anti-Virus startup, monitors all network connections and checks all data received from the network irrespective of the source: local network or Internet. As an attempt to attack your computer occurs, this attack will be blocked. A corresponding notification will be displayed on the screen that will contain information about the type of attack, IP address of the attacking computer and the local port (if possible)."
But this behavior just started happening. It paused for several hours, but then started up this evening. I'm not alarmed by it. I'm just curious what it could be.