@Fraxlin 

FWIW  I installed the "WiFi Toolkit" app from TP-Link. Amongst checking a variety of other things, there is an "Open Port" checker. When I run this, I get "Port Scanning" alerts/notifications from my XE75Pro. Checking the Security Reports I can see that since installing my XE75 109 days ago, I've had "Web Protection" activate 9 times (naming the malicious web site and device which it was detected on). Have also had  "Intrusion Prevention" detect 4 instances ...although these were (admittedly) me using the Port Scanning function in the WiFi Toolkit. No attacks have been detected under IoT Protection as of yet.

  @Pedro109 Thanks for the answer. I just tried it, did a port scan on the Deco ip gateway (the main Deco) and a port scan on both the ip of my secondary smartphone and my PC, but I didn't get any notification from TP-Link and the Security Report had no trace of this scan. I got a notification from my Bitdefender AV on my PC about a blocked port scan, but nothing else.

Did you do a local port scan (using local ips) or an external port scan on your public ip?

  @Fraxlin 

Initially it was only an internal port scan on my network, however, after your query I just tried an external port scan on my public IP. 
Initial response back was "Target Host Unreachable". About ten seconds later a popup notification came via the TP Link app saying "Port Scanning detected". I'm reading that as a win with the scan blocked but logged.