Endpoint Protection

 View Only

  • 1.  Frequent Pop-up, Traffic blocked from NTOSKRNL.EXE

    Posted Apr 15, 2014 05:12 PM

    Good day!  This has been a problem for some months, and I'm hoping someone can help me.  It's very annoying.  I've searched for solutions numerous times, but what I've found either didn't work or is too complicated for me to implement.

    The pop-up is as follows:

    Traffic has been blocked from this application:  NTOSKRNL.EXE

    It appears about every 5 min all day, every day, and is starting to damage my sanity.

    I'm using Symantec Endpoint Protection, version 12.1.2015.2015, managed by my company, and my computer is Win 7 SP1.

    Any other information needed?

    I am tech savvy but no expert, and I would very much appreciate any assistance!  Thank you kindly in advance!



  • 2.  RE: Frequent Pop-up, Traffic blocked from NTOSKRNL.EXE

    Posted Apr 15, 2014 06:12 PM

    If you go into the Security log, it will show the SID number and what the signature is for. Is it similar to this one found here:

    http://www.symantec.com/docs/TECH131438

    Ideally, these alerts should be managed by your SEPM admin (since it is centrally managed). It's also possible this is a false positive.

    IMO, these alerts to the end users should be disabled and handled by the SEPM admin. You may want to bring this to their attention as it could be a legitimate problem or a false positive.



  • 3.  RE: Frequent Pop-up, Traffic blocked from NTOSKRNL.EXE

    Trusted Advisor
    Posted Apr 16, 2014 04:02 AM

    If this is a recognised program you company uses try submitting it to symantec using the link below where they will check it and add it to their whitlist. Once added they will try and get the alert removed from their next set of definitions and hopefully return your sanity wink

    https://submit.symantec.com/whitelist/