Should I worry about NTOSKRNL.EXE ?

Toggle sidebar Toggle sidebar
G

geezer

Distinguished
Feb 18, 2002
114
0
18,680
Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

Lately my firewall keeps signal it is blocking 'ntoskrnl.exe'. Should
I worry about this, and how do I get rid of it, or should I?

Thanks
 
G

Guest

Guest
Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

"geezer" <wee@willy.com> wrote in message
news:nt6h11tvc8vkb4qkdc9vl169fjalcms5nt@4ax.com...
> Lately my firewall keeps signal it is blocking 'ntoskrnl.exe'. Should
> I worry about this, and how do I get rid of it, or should I?

The name of a file tells you very little.
Anything could call itself ntoskrnl.exe

I suggest running this
http://www.hijackthis.de/downloads/hijackthis_199.zip
Then paste the log here
http://www.hijackthis.de/
And analyse.
Scroll down to see the results.
Is ntoskrnl.exe mentioned?

Jason

>
> Thanks
 
V

vanguard

Distinguished
Aug 9, 2004
254
0
18,780
Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

"geezer" <wee@willy.com> wrote in message
news:nt6h11tvc8vkb4qkdc9vl169fjalcms5nt@4ax.com...
> Lately my firewall keeps signal it is blocking 'ntoskrnl.exe'. Should
> I worry about this, and how do I get rid of it, or should I?
>
> Thanks


It may get involved with networking requests which are benign and
expected under Windows. However, it should never need to make an
*Internet* connection. You could add an application rule to always
block it but then it may interfere with networking processes you need
for your own intranetwork, or even for same-host networking processes.
You could define an application rule for it to allow access to 127.0.0.*
and 0.0.0.* (and you could add the IP address range for your
intranetwork hosts, too). Just don't let it connect to the outside
world.

--
____________________________________________________________
Post your replies to the newsgroup. Share with others.
E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
____________________________________________________________
 
G

geezer

Distinguished
Feb 18, 2002
114
0
18,680
Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

On Sun, 20 Feb 2005 14:50:48 -0000, "Jason Edwards"
<none1@invalid.invalid> wrote:

>The name of a file tells you very little.
>Anything could call itself ntoskrnl.exe
>
>I suggest running this
>http://www.hijackthis.de/downloads/hijackthis_199.zip
>Then paste the log here
>http://www.hijackthis.de/
>And analyse.
>Scroll down to see the results.
>Is ntoskrnl.exe mentioned?
>
>Jason
>

Thank you - very interesting.
www.hijackthis.de result did not show 'ntoskrnl.exe'. It did show
flag several IExplorer entries however.

Geezer
 
G

Guest

Guest
Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

"geezer" <wee@willy.com> wrote in message
news:1sbh11999h536sdkqt1kjvjv4f6uqlestl@4ax.com...
> On Sun, 20 Feb 2005 14:50:48 -0000, "Jason Edwards"
> <none1@invalid.invalid> wrote:
>
>>The name of a file tells you very little.
>>Anything could call itself ntoskrnl.exe
>>
>>I suggest running this
>>http://www.hijackthis.de/downloads/hijackthis_199.zip
>>Then paste the log here
>>http://www.hijackthis.de/
>>And analyse.
>>Scroll down to see the results.
>>Is ntoskrnl.exe mentioned?
>>
>>Jason
>>
>
> Thank you - very interesting.
> www.hijackthis.de result did not show 'ntoskrnl.exe'. It did show
> flag several IExplorer entries however.


http://tinyurl.com/68soy

It can be exploited by undetected malware running on the machine.

Ntoskrnl.exe should by running out of the system32 directory. You can check
that with Process Explorer and you can look inside ntoskrnl.exe and see
what's using ntoskrnl.exe or piggy backing off of it. You may spot
something. ;-)

http://tinyurl.com/klw1

Duane :)
 
G

Guest

Guest
Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

geezer wrote:

> Lately my firewall keeps signal it is blocking 'ntoskrnl.exe'. Should
> I worry about this, and how do I get rid of it, or should I?
>
> Thanks

As far as I know, "ntoskrnl.exe" stands for "NT (which stands for New
Technology) Operating System Kernel". This file is the core of the Windows
Operating system, it is not dangerous but essential. But it does not need
to connect to the internet so you can safely block it, if you want to.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom