PC Pals Forum
Technical Help & Discussion => Broadband, Networking, PC Security, Internet & ISPs => Topic started by: Simon on March 16, 2003, 11:15
-
Application NT Kernel & System (ntoskrnl.exe)[/color] keeps being blocked by my Firewall, and I get a pop up alert. Does anyone know what this is, and what it might be trying to do? I would imagime it's something to do with Windows NT, but seems odd as I'm using XP, although I realise they are similar.
I recently switched from Norton 2003 to Sygate Pro Firewall, and I have been getting the alerts since then.
Edit: Should have said, this is an incoming TCP from various IP addresses that is being blocked. A Whois doesn't give much away.
-
NTOSKRNL.EXE is a core part of Windows XP/2000/NT.
You should always allow it through your firewall. But also wake sure that it is regularly scanned for viruses/trojans as it is a popular file for attack!
-
Just found this too Simon. It may be relevant
http://216.239.57.100/search?q=cache:l6WNR3xY9jgC:cert.uni-stuttgart.de/archive/ntbugtraq/2003/01/msg00058.html+ntoskrnl.exe+firewall&hl=en&ie=UTF-8 (http://216.239.57.100/search?q=cache:l6WNR3xY9jgC:cert.uni-stuttgart.de/archive/ntbugtraq/2003/01/msg00058.html+ntoskrnl.exe+firewall&hl=en&ie=UTF-8)
-
Thanks Sean, I'll have to take some time to read all that later.
Can you just confirm I should allow INBOUND traffic to this NTOSKRNL.EXE, as that's what it seems to be blocking.
-
I'm honestly not sure Simon :-X I would leave it as it is for the moment.
There are some more documents on the Sygate site regarding this. It's probably best to read them all before making a descision.
-
OK, thanks