Should I worry about NTOSKRNL.EXE ?

Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

Lately my firewall keeps signal it is blocking 'ntoskrnl.exe'. Should
I worry about this, and how do I get rid of it, or should I?

Thanks
5 answers Last reply
More about should worry ntoskrnl
  1. Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

    "geezer" <wee@willy.com> wrote in message
    news:nt6h11tvc8vkb4qkdc9vl169fjalcms5nt@4ax.com...
    > Lately my firewall keeps signal it is blocking 'ntoskrnl.exe'. Should
    > I worry about this, and how do I get rid of it, or should I?

    The name of a file tells you very little.
    Anything could call itself ntoskrnl.exe

    I suggest running this
    http://www.hijackthis.de/downloads/hijackthis_199.zip
    Then paste the log here
    http://www.hijackthis.de/
    And analyse.
    Scroll down to see the results.
    Is ntoskrnl.exe mentioned?

    Jason

    >
    > Thanks
  2. Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

    "geezer" <wee@willy.com> wrote in message
    news:nt6h11tvc8vkb4qkdc9vl169fjalcms5nt@4ax.com...
    > Lately my firewall keeps signal it is blocking 'ntoskrnl.exe'. Should
    > I worry about this, and how do I get rid of it, or should I?
    >
    > Thanks


    It may get involved with networking requests which are benign and
    expected under Windows. However, it should never need to make an
    *Internet* connection. You could add an application rule to always
    block it but then it may interfere with networking processes you need
    for your own intranetwork, or even for same-host networking processes.
    You could define an application rule for it to allow access to 127.0.0.*
    and 0.0.0.* (and you could add the IP address range for your
    intranetwork hosts, too). Just don't let it connect to the outside
    world.

    --
    ____________________________________________________________
    Post your replies to the newsgroup. Share with others.
    E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
    ____________________________________________________________
  3. Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

    On Sun, 20 Feb 2005 14:50:48 -0000, "Jason Edwards"
    <none1@invalid.invalid> wrote:

    >The name of a file tells you very little.
    >Anything could call itself ntoskrnl.exe
    >
    >I suggest running this
    >http://www.hijackthis.de/downloads/hijackthis_199.zip
    >Then paste the log here
    >http://www.hijackthis.de/
    >And analyse.
    >Scroll down to see the results.
    >Is ntoskrnl.exe mentioned?
    >
    >Jason
    >

    Thank you - very interesting.
    www.hijackthis.de result did not show 'ntoskrnl.exe'. It did show
    flag several IExplorer entries however.

    Geezer
  4. Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

    "geezer" <wee@willy.com> wrote in message
    news:1sbh11999h536sdkqt1kjvjv4f6uqlestl@4ax.com...
    > On Sun, 20 Feb 2005 14:50:48 -0000, "Jason Edwards"
    > <none1@invalid.invalid> wrote:
    >
    >>The name of a file tells you very little.
    >>Anything could call itself ntoskrnl.exe
    >>
    >>I suggest running this
    >>http://www.hijackthis.de/downloads/hijackthis_199.zip
    >>Then paste the log here
    >>http://www.hijackthis.de/
    >>And analyse.
    >>Scroll down to see the results.
    >>Is ntoskrnl.exe mentioned?
    >>
    >>Jason
    >>
    >
    > Thank you - very interesting.
    > www.hijackthis.de result did not show 'ntoskrnl.exe'. It did show
    > flag several IExplorer entries however.


    http://tinyurl.com/68soy

    It can be exploited by undetected malware running on the machine.

    Ntoskrnl.exe should by running out of the system32 directory. You can check
    that with Process Explorer and you can look inside ntoskrnl.exe and see
    what's using ntoskrnl.exe or piggy backing off of it. You may spot
    something. ;-)

    http://tinyurl.com/klw1

    Duane :)
  5. Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

    geezer wrote:

    > Lately my firewall keeps signal it is blocking 'ntoskrnl.exe'. Should
    > I worry about this, and how do I get rid of it, or should I?
    >
    > Thanks

    As far as I know, "ntoskrnl.exe" stands for "NT (which stands for New
    Technology) Operating System Kernel". This file is the core of the Windows
    Operating system, it is not dangerous but essential. But it does not need
    to connect to the internet so you can safely block it, if you want to.
Ask a new question

Read More

Configuration Firewalls Customization Ntoskrnl.Exe Windows XP