Results 1 to 5 of 5

Thread: NTOSKRNL.EXE

  1. #1
    Member
    Join Date
    Feb 2005
    Location
    Palmerston North
    Posts
    108

    Default NTOSKRNL.EXE

    I am running Windows XP Pro.

    This programme is consistently trying to access the internet, and is blocked by my Firewall.

    Should I allow it access?

    Or do i have a deeper problem?

    TFYH

    GrahamB

  2. #2
    in for the kill
    Join Date
    Aug 2006
    Posts
    750

    Default Re: NTOSKRNL.EXE

    In operating systems, the role is provided by the "kernel". All MS operating systems have an executeable or dll for this.

    One of the reasons (there are others) you periodically see the "kernel" get blocked in Windows, is that since 98 came out, MS has increasingly tied internet based functionality into all aspects of the operating system.

    What happens in many cases, is you will have been running an application which makes use of some native Windows internet functionality, and then have moved on to something else. When the app closes out, it releases its links to the various modules it was using and Windows returns the freed resources to the "general" pool.

    However, There is one last thing which needs to happen which is to properly shutdown the TCP connection which was established. If the the originating app doesn't handle this itself or has exited before the connection is shut down completely, the kernel takes over the role of monitoring for the "handshake" traffic from the port reset, since the allocated socket can't be left "abandoned".

    You can see this in operation using a tool like Netmon for example (you will see a dying connection shown in the "time wait" state). If the timeout expires the connection will close at your end, regardless if the expected reponse was received.

    At this point, if there is no firewall, the kernel would send a "reset/ack" packet back to inform the sender the connection is closed. If you have blocked the kernel, you get the popup, and no response is sent back.

    Another possibility, again due to the tight integration of internet functionality, is if traffic (both internal or external) arrives which the running apps don't know what to do with, it will be directed back to the kernel to try and figure out what's going on, which can lead to popups depending on the circumstances.

    So after all that yes allow it to go through

  3. #3
    Damn furballs! Shortcircuit's Avatar
    Join Date
    Dec 2004
    Location
    jaffaville
    Posts
    2,147

    Default Re: NTOSKRNL.EXE

    Luv it all... especially the last line (actually not joking- beautifully worded!)

    It can also be 'hi-jacked' by a trojan Graham, but fairly unlikely. My advice would be deny it access for a while and see if anything goes pear-shaped or not. Maybe also update your AV and run a scan just to be safe.
    The best buzz is a short, sharp shock

  4. #4
    Member bk T's Avatar
    Join Date
    Dec 2004
    Location
    Auckland
    Posts
    5,979

    Default Re: NTOSKRNL.EXE

    trinsic, excellent reply and explanation! One of the best replies before the year ends.

    Well Done!

  5. #5
    Bowling Club Member
    Join Date
    Dec 2004
    Location
    Auckland
    Posts
    184

    Default Re: NTOSKRNL.EXE

    Nice reply Trinsic
    This came off a Sygate Forum. Nothing wrong with that except you should give credit where its due.
    Ian
    I may not be as good as I once was but I'm far better once than I ever was.

Similar Threads

  1. Winxp Driver Verifier found ntoskrnl.exe
    By PeteS in forum PressF1
    Replies: 8
    Last Post: 05-09-2008, 05:07 PM
  2. ntoskrnl.exe modded but not working
    By Agent_24 in forum PressF1
    Replies: 3
    Last Post: 13-01-2006, 10:36 PM
  3. missing or corrupt ntoskrnl
    By blondie in forum PressF1
    Replies: 1
    Last Post: 19-03-2005, 11:46 AM
  4. ntoskrnl - what is that?
    By TideMan in forum PressF1
    Replies: 5
    Last Post: 18-01-2004, 10:34 PM
  5. Win 2k boot problem - missing ntoskrnl.exe
    By allanl in forum PressF1
    Replies: 3
    Last Post: 30-06-2003, 05:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •