SPF and and WIN32 Kernel Core Comp...

OK, as an application I have told my SPF to block

WINDOWS\System\kernel32.dll

but it just doesn't seem to want to... this thing is still showing access all over my traffic log... I dunno what it does but I want to make it stop, and can't figure out how. I haven't added any rules to this thing before and wonder if someone who has knows how to make a rule to stop this application since blocking it as an application isn't doing the job??

 

Oh, dunno if it matters but the log in Sygate shows the "rule name" as applied to each situation, and every time kernel gets through (a lot!) the rulesname shown is

GUI%GUICONFIG#RULE@NBENABLEYOU#ALLOW-UDP

 

*bump*

 

Sir no sir!

But now that I know about it, I will do it tonight sir!

 

Hm, I did an "advanced" configuration on the application and I'll wait n see if that worked. I hadn't known there was more stuff to choose from than just "blocking", but hope it'll work. If not, I'll look deeper.. hehe

 

Hm well that advanced stuff did NOT do the truck, for some reason Sygate just did NOT want to block that "kernal" crap...

Anyway I just paid attention for a bit and noticed that all incoming and outgoing traffic from kernal was going through ports 137 and/or 138, and was always UDP. So, I made my first advanced rule to block all UDP on ports 137 and 138, worked like a charm ;-)

 

Ports 137 and 138 belong to your Netbios according to: http://www.portsdb.org/bin/portsdb.cgi?portnumber=138&protocol=UDP&String=

Regards,

Pieter

 

Come on guys quit making me look so nooby in here!

No really I asked about Netbios once before and still kinda don't know what exactly it does, but I have had no ill effects (that I am aware of) since blocking these ports... Might I find some? Or be having some I don't know about?