It reports on these ports/certs.
Port 8640 CN=127.0.0.1 (Localhost)
Port 8834 Nessus Server (Tenable Nessus!)
Port 9527 Hikvision CN=127.0.0.1 (Localhost, security camera?)
It looks like you are running the scanner software against the machine that hosts the software. That is not a valid network scan. The Windows firewall will not block access to localhost, 127.0.0.1.
I do not have any experience with Tenable but it appears that it's function is to scan your network to see what machines have open, vulnerable, ports exposed to the network. You should install the Tenable software on a machine whose sole purpose is to scan the other machines on your network.
You can test to see if those ports are exposed to the network by running Powershell from another PC.
Test-NetConnection -ComputerName YourPCname -port 8640
Test-NetConnection -ComputerName YourPCname -port 8834
Test-NetConnection -ComputerName YourPCname -port 9527
Even if the ports are open, then that is not necessarily a vulnerability. If you have a test web site defined to IIS on port 8640, well, so what? At least it has a self signed certificate.
If you have camera security software installed and it offers a user interface on port 9527, that is not necessarily a vulnerability. If the ports are open and you don't want that software accessed by other machines on your network, then you can run "wf.msc" and modify the rules in the firewall to block access.