ntoskrnl.exe permitted/authorized [hard-coded]

Phant0m · Oct 6, 2005

Hey

I remember you, Frederic stating ntoskrnl.exe is permitted/authorized (allowing all traffic In-&-Out) by default by Look ‘n’ Stop Application Filtering layer, in-fact it is hard-coded and doesn’t get logged and no custom controls…

Will this always be the case?

Frederic · Oct 6, 2005

Hi Phant0m,

No, ntoskrnl.exe is not allowed by default. I think you are refering to "kernel32" which is allowed by default, but this is supposed to apply to Win9x/Me only. I don't remember exactly the purpose of that

Not talking about "kernel32.dll" or "kernel32.exe" (which is a virus) I remember an internal windows process having simply "kernel32" as a name.

May I ask why are you asking that, Phant0m ?

Frederic

Phant0m · Oct 6, 2005

What protocols is denied from ntoskrnl.exe?

Frederic · Oct 6, 2005

Sorry I don't understand you question since I just said "ntoskrnl.exe" is not blocked by default.
I don't know if this application is supposed to connect, and if it does, the protocols it will use.

Frederic

Phant0m · Oct 6, 2005

Frederic

Frederic said:

Hi Phant0m,

No, ntoskrnl.exe is not allowed by default.
Click to expand...

Phant0m · Oct 22, 2005

Any update regarding this topic?

MickeyTheMan · Oct 22, 2005

Re: .permitted/authorized [hard-coded]

As far as i know this is a process used in the boot up cycle standing in the background and not using the network.
Should not appear in WinTask unless altered by a virus such as w32.bolzano and variants.
A corrupt boot.ini file or missing boot.ini file would give a message related to this process and prevent booting.

But i'm also wondering where your question leads to

Phant0m · Oct 22, 2005

http://soho.sygate.com/alerts/XP_default_TCP445_open.htm

Also some software firewalls, it sees and offers controls unlike Look ‘n’ Stop currenty, see image attachment…

As for my question, it is a very appropriate question to ask on the support forum for a firewall product, MickeyTheMan…

Frederic · Oct 22, 2005

Phant0m said:

Any update regarding this topic?
Click to expand...

I should have answered: there is no default handling (allowing or blocking) for ntoskrnl.exe.
But anyway I didn't understand your point.

Now with your last post I understand ntoskrnl.exe is supposed to connect.
I don't know the reason why Look 'n' Stop doesn't detect it.

Frederic

Phant0m · Oct 22, 2005

No problem Fred, you very busy, understandable.
I appreciate the response, thanks, it clears up a lot.
Hope to see you address this in the near future, thanks.

Log in or Sign up

ntoskrnl.exe permitted/authorized [hard-coded]

Phant0m Registered Member

Frederic LnS Developer

Phant0m Registered Member

Frederic LnS Developer

Phant0m Registered Member

Phant0m Registered Member

MickeyTheMan Security Expert

Phant0m Registered Member

Attached Files:

ntoskrnl.GIF

Frederic LnS Developer

Phant0m Registered Member

Log in or Sign up

ntoskrnl.exe permitted/authorized [hard-coded]

Phant0m Registered Member

Frederic LnS Developer

Phant0m Registered Member

Frederic LnS Developer

Phant0m Registered Member

Phant0m Registered Member

MickeyTheMan Security Expert

Phant0m Registered Member

Attached Files:

ntoskrnl.GIF

Frederic LnS Developer

Phant0m Registered Member

Useful Searches