Should I worry about NTOSKRNL.EXE ?

[geezer]

Lately my firewall keeps signal it is blocking 'ntoskrnl.exe'. Should
I worry about this, and how do I get rid of it, or should I?

Thanks

 

[Jason Edwards]

Lately my firewall keeps signal it is blocking 'ntoskrnl.exe'. Should
I worry about this, and how do I get rid of it, or should I?

The name of a file tells you very little.
Anything could call itself ntoskrnl.exe

I suggest running this
http://www.hijackthis.de/downloads/hijackthis_199.zip
Then paste the log here
http://www.hijackthis.de/
And analyse.
Scroll down to see the results.
Is ntoskrnl.exe mentioned?

Jason

 

[geezer]

The name of a file tells you very little.
Anything could call itself ntoskrnl.exe

I suggest running this
http://www.hijackthis.de/downloads/hijackthis_199.zip
Then paste the log here
http://www.hijackthis.de/
And analyse.
Scroll down to see the results.
Is ntoskrnl.exe mentioned?

Jason

Thank you - very interesting.
www.hijackthis.de result did not show 'ntoskrnl.exe'. It did show
flag several IExplorer entries however.

Geezer

 

[Duane Arnold]

Thank you - very interesting.
www.hijackthis.de result did not show 'ntoskrnl.exe'. It did show
flag several IExplorer entries however.

http://tinyurl.com/68soy

It can be exploited by undetected malware running on the machine.

Ntoskrnl.exe should by running out of the system32 directory. You can check
that with Process Explorer and you can look inside ntoskrnl.exe and see
what's using ntoskrnl.exe or piggy backing off of it. You may spot
something. ;-)

http://tinyurl.com/klw1

Duane

 

[Vanguard]

Lately my firewall keeps signal it is blocking 'ntoskrnl.exe'. Should
I worry about this, and how do I get rid of it, or should I?

Thanks

It may get involved with networking requests which are benign and
expected under Windows. However, it should never need to make an
*Internet* connection. You could add an application rule to always
block it but then it may interfere with networking processes you need
for your own intranetwork, or even for same-host networking processes.
You could define an application rule for it to allow access to 127.0.0.*
and 0.0.0.* (and you could add the IP address range for your
intranetwork hosts, too). Just don't let it connect to the outside
world.

 

[geezer]

It can be exploited by undetected malware running on the machine.

Ntoskrnl.exe should by running out of the system32 directory. You can check
that with Process Explorer and you can look inside ntoskrnl.exe and see
what's using ntoskrnl.exe or piggy backing off of it. You may spot
something. ;-)

http://tinyurl.com/klw1

Duane

Thanks again.

The only ntoskrnl I find with Windows Explorer indeed is under
system32.

G

 

[Matthias Kirchhart]

Lately my firewall keeps signal it is blocking 'ntoskrnl.exe'. Should
I worry about this, and how do I get rid of it, or should I?

Thanks

As far as I know, "ntoskrnl.exe" stands for "NT (which stands for New
Technology) Operating System Kernel". This file is the core of the Windows
Operating system, it is not dangerous but essential. But it does not need
to connect to the internet so you can safely block it, if you want to.