Sign in with
Sign up | Sign in
Your question

Should I worry about NTOSKRNL.EXE ?

Last response: in Windows XP
Share
February 20, 2005 5:16:50 PM

Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

Lately my firewall keeps signal it is blocking 'ntoskrnl.exe'. Should
I worry about this, and how do I get rid of it, or should I?

Thanks

More about : worry ntoskrnl exe

Anonymous
February 20, 2005 5:50:48 PM

Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

"geezer" <wee@willy.com> wrote in message
news:nt6h11tvc8vkb4qkdc9vl169fjalcms5nt@4ax.com...
> Lately my firewall keeps signal it is blocking 'ntoskrnl.exe'. Should
> I worry about this, and how do I get rid of it, or should I?

The name of a file tells you very little.
Anything could call itself ntoskrnl.exe

I suggest running this
http://www.hijackthis.de/downloads/hijackthis_199.zip
Then paste the log here
http://www.hijackthis.de/
And analyse.
Scroll down to see the results.
Is ntoskrnl.exe mentioned?

Jason

>
> Thanks
February 20, 2005 5:52:28 PM

Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

"geezer" <wee@willy.com> wrote in message
news:nt6h11tvc8vkb4qkdc9vl169fjalcms5nt@4ax.com...
> Lately my firewall keeps signal it is blocking 'ntoskrnl.exe'. Should
> I worry about this, and how do I get rid of it, or should I?
>
> Thanks


It may get involved with networking requests which are benign and
expected under Windows. However, it should never need to make an
*Internet* connection. You could add an application rule to always
block it but then it may interfere with networking processes you need
for your own intranetwork, or even for same-host networking processes.
You could define an application rule for it to allow access to 127.0.0.*
and 0.0.0.* (and you could add the IP address range for your
intranetwork hosts, too). Just don't let it connect to the outside
world.

--
____________________________________________________________
Post your replies to the newsgroup. Share with others.
E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
____________________________________________________________
Related resources
February 20, 2005 6:40:16 PM

Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

On Sun, 20 Feb 2005 14:50:48 -0000, "Jason Edwards"
<none1@invalid.invalid> wrote:

>The name of a file tells you very little.
>Anything could call itself ntoskrnl.exe
>
>I suggest running this
>http://www.hijackthis.de/downloads/hijackthis_199.zip
>Then paste the log here
>http://www.hijackthis.de/
>And analyse.
>Scroll down to see the results.
>Is ntoskrnl.exe mentioned?
>
>Jason
>

Thank you - very interesting.
www.hijackthis.de result did not show 'ntoskrnl.exe'. It did show
flag several IExplorer entries however.

Geezer
Anonymous
February 20, 2005 7:07:18 PM

Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

"geezer" <wee@willy.com> wrote in message
news:1sbh11999h536sdkqt1kjvjv4f6uqlestl@4ax.com...
> On Sun, 20 Feb 2005 14:50:48 -0000, "Jason Edwards"
> <none1@invalid.invalid> wrote:
>
>>The name of a file tells you very little.
>>Anything could call itself ntoskrnl.exe
>>
>>I suggest running this
>>http://www.hijackthis.de/downloads/hijackthis_199.zip
>>Then paste the log here
>>http://www.hijackthis.de/
>>And analyse.
>>Scroll down to see the results.
>>Is ntoskrnl.exe mentioned?
>>
>>Jason
>>
>
> Thank you - very interesting.
> www.hijackthis.de result did not show 'ntoskrnl.exe'. It did show
> flag several IExplorer entries however.


http://tinyurl.com/68soy

It can be exploited by undetected malware running on the machine.

Ntoskrnl.exe should by running out of the system32 directory. You can check
that with Process Explorer and you can look inside ntoskrnl.exe and see
what's using ntoskrnl.exe or piggy backing off of it. You may spot
something. ;-)

http://tinyurl.com/klw1

Duane :) 
Anonymous
February 26, 2005 11:49:43 PM

Archived from groups: alt.comp.virus,microsoft.public.windowsxp.customize,comp.security.firewalls (More info?)

geezer wrote:

> Lately my firewall keeps signal it is blocking 'ntoskrnl.exe'. Should
> I worry about this, and how do I get rid of it, or should I?
>
> Thanks

As far as I know, "ntoskrnl.exe" stands for "NT (which stands for New
Technology) Operating System Kernel". This file is the core of the Windows
Operating system, it is not dangerous but essential. But it does not need
to connect to the internet so you can safely block it, if you want to.
!