Endpoint Protection Small Business Edition

 View Only
  • 1.  new ntoskrnl.exe thread

    Posted Jan 21, 2011 12:27 AM

    basically i'm creating a new thread for this because i haven't found anything recent on it. i'm assuming since the problem still exists there has been no permanent fix made to the program, but if anyone is aware of a safe workaround that doesn't involve just making the notifications disappear or adding the file to a list of exceptions, i'd appreciate some help with it.

    the problem is every 3 minutes or so symantec displays a popup notification:

     

    "Traffic has been blocked from this application: ntoskrnl.exe"

    my log displays the following:

     

    date & time: 1/20/2011 10:59:17 PM    

    action: Blocked

    severity: 10

    direction: Incoming

    protocol: UDP

    application: C:\Windows\system32\ntoskrnl.exe   

    rule: Block NetBIOS UDP protocols   



  • 2.  RE: new ntoskrnl.exe thread

    Posted Jan 21, 2011 09:01 AM

    add this system ip in the iPs detection

    open sepm

    policies

    ips

    settings

    click on exclusions, add this system ip..u wont get popups



  • 3.  RE: new ntoskrnl.exe thread

    Posted Jan 25, 2011 07:56 AM

    To investigate further, scan the source  IP address  machine...to know if there is any infection or  not  on it...

    Also, update the patches on the  machine, you are getting the  IPS notifications