View Full Version : ntoskrnl.exe permitted/authorized [hard-coded]
Phant0m
October 6th, 2005, 02:09 PM
Hey
I remember you, Frederic stating ntoskrnl.exe is permitted/authorized (allowing all traffic In-&-Out) by default by Look ‘n’ Stop Application Filtering layer, in-fact it is hard-coded and doesn’t get logged and no custom controls…
Will this always be the case? :-\
Frederic
October 6th, 2005, 05:04 PM
Hi Phant0m,
No, ntoskrnl.exe is not allowed by default. I think you are refering to "kernel32" which is allowed by default, but this is supposed to apply to Win9x/Me only. I don't remember exactly the purpose of that :-\
Not talking about "kernel32.dll" or "kernel32.exe" (which is a virus) I remember an internal windows process having simply "kernel32" as a name.
May I ask why are you asking that, Phant0m ?
Frederic
Phant0m
October 6th, 2005, 05:13 PM
What protocols is denied from ntoskrnl.exe?
Frederic
October 6th, 2005, 05:33 PM
Sorry I don't understand you question since I just said "ntoskrnl.exe" is not blocked by default.
I don't know if this application is supposed to connect, and if it does, the protocols it will use.
Frederic
Phant0m
October 6th, 2005, 05:35 PM
Frederic
-{ Quote: "Hi Phant0m,
No, ntoskrnl.exe is not allowed by default.
" }-
Phant0m
October 22nd, 2005, 07:10 AM
Any update regarding this topic? :'(
MickeyTheMan
October 22nd, 2005, 12:40 PM
As far as i know this is a process used in the boot up cycle standing in the background and not using the network.
Should not appear in WinTask unless altered by a virus such as w32.bolzano and variants.
A corrupt boot.ini file or missing boot.ini file would give a message related to this process and prevent booting.
But i'm also wondering where your question leads to
Phant0m
October 22nd, 2005, 01:02 PM
http://soho.sygate.com/alerts/XP_default_TCP445_open.htm
Also some software firewalls, it sees and offers controls unlike Look ‘n’ Stop currenty, see image attachment…
As for my question, it is a very appropriate question to ask on the support forum for a firewall product, MickeyTheMan…
Frederic
October 22nd, 2005, 01:30 PM
-{ Quote: "Any update regarding this topic? :'(" }-
I should have answered: there is no default handling (allowing or blocking) for ntoskrnl.exe.
But anyway I didn't understand your point.
Now with your last post I understand ntoskrnl.exe is supposed to connect.
I don't know the reason why Look 'n' Stop doesn't detect it.
Frederic
Phant0m
October 22nd, 2005, 01:36 PM
No problem Fred, you very busy, understandable.
I appreciate the response, thanks, it clears up a lot.
Hope to see you address this in the near future, thanks.
vBulletin® Copyright ©2000-2012, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2012, Wilders Security Forums