What is "ntoskrnl.exe" for

[deltaf508]

Hey everyone, I'm running Sygate as my firewall and every few minutes I get a message that says

Quote:

Application NT Kernel & System has been blocked, File Name is ntoskrnl.exe

Can anyone tell me what this file does and if it should be blocked or not? I assume it is trying to access something outside my computer perhaps on my home network? I'm also running a hardware firewall as well.

OS is windows 2000

Here is an attachment of the message that pops up.

Thanks,

Gary

[SickPup404]

Hmmm... Never seen that one (I run ZAP)...

This refers to XP, but I would gather to say it's the same for 2K.

Says it's VERY bad. Others might want to read.

[SickPup404]

Does it have anything to do with the stuff about the TCP/IP stack Steve Gibson's been screaming about? (see www.grc.com)

I thought he was just screaming about "raw sockets" and XP. But you can never tell w/ that guy.

I would imagine Sygate's software is up on the DDoS of that port and is warning you that it's trying to get through. Do you have "File and Print Sharing" enabled? Sounds like it's doing a good job.

[deltaf508]

Wow, thanks! I didn't figure it was to neccessary since my machine is running great even though I'm blocking it.

Come to think of it though. When I reformatted my machine I didn't have sygate up and running for about a day or so and I was having some occurances of my proccessor being at 100% and I couldn't figure out why. Since I've installed Sygate everything has been great. I never put the two together. Thanks for pointing that link out.

For those of you who might be interested in blocking this file/application with your firewall software it can be found at:

C:\WINNT\System32\ntosknrl.exe

(in windows 2000, that is)

Just set your firewall to block any traffic with this application. I've had no negative effects from it and I have been running like this for a few weeks now.

BTW: I don't have any shared folders or printers, but some other machines on my network do.

Thanks everyone,

Gary

[Stormin Normin]

HI all: I'm running Sygate's free firewall and i to was concerned about the ntosknrl.exe trying to access the internet so i went searching Google for an explaination of what it is. Not much luck there but i found this thread. I thought i would help everyone out by asking Sygate's Technical support what ntosknrl.exe was and should I/ We let it access the internet.
Here is their reply and its a short one, I guess i'll trust them,
Dear Stormin Normin:

NTOSKRNL.EXE is Windows NT Kernel. This is a low level communication tool that allows Windows to function.
Disabling this may prevent Internet access and file print share. I recommend that you allow this.


Please keep all previous e-mail intact.
Please note that if you do not respond within three days, your case will be closed.

Sincerely,
Trinh
Product Support
Sygate Technologies, Inc.
6595 Dumbarton Circle
Fremont, CA 94555
http://smb.sygate.com
-----Original Message-----
From: Enterprise Support
Sent: Wednesday, August 06, 2003 6:48 PM
To: Sygate Support
Cc: Enterprise Support
Subject: FW: One question

I think this is for SPF group.
-Dave

-----Original Message-----

To: Enterprise Support
Subject: One question
My Sygate blocks the ntoskrnl.exe from contacting the internet. I haven't found a valid reason why it (ntoskrnl.exe) wants to do this. This forum addresses the issue, please read (http://www.techimo.com/forum/t43615.html) can you advise me what its used for and should i let it access the internet? or keep it blocked. I searched your site but no real explanation was found besides file sharing, etc. PS i do like your firewall........

[SeanC]

The kernel driver should have no reason to go out to the Internet. There are other Windows system files that do need access like:

- Generic Host Processes for Win32 Services
- Services and Contoller App

Sean

[Stormin Normin]

well should we keep it blocked? I haven't had a firewall for about 2 yrs now. Zone Alarm got annoying after awhile. I operated XP Pro for a long time with not much problems except now there is so much cookie tracking out there and illegal spam sites that track you and ad stuff like toolbars that are real annoying and hard to deactivate. This is a good site to find out about those pesky parasites
Click here to learn about parasite's

[SeanC]

I have it blocked on my XP Pro machine. No problems with network or Internet access.

I would suggest trying it out and seeing what happens. If things don't work allow it access to the local network. There is no reason I've found for it to have Internet access

Sean