Video Screencast Help

NT Kernel & System (ntoskrnl.exe)

Created: 27 Dec 2010 | 2 comments

Does anybody knows what is  NT Kernel & System (ntoskrnl.exe)? It is trying to connect to internet constantly. Is it a malware or a system file/program? According to information posted on Microsoft, Windows has "NT Kernel" and "System" seperately, but not together. They recommend running antivirus scan. I have scan (full scan) the whole computer several times but nothing has come up.


Comments 2 CommentsJump to latest comment

Thomas K's picture


If you suspect a threat , and you are using SEP or SAV, I would start with downloading the latest Rapid Release definitions.

If using any other AV, make sure you have the latest definitions as well.

One you have the new defs, boot into safe mode and running a Disk Cleanup (right-click the C drive, Properties, Disk Cleanup) - that will delete all the files that are in these temporary locations, as well as IE's temporary files, etc. Perform a full system scan in safe mode.

If that fails to detect and remove the threats,

there are useful some tools that are provided by Symantec for help with finding those hard to detect threats.

1.       The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.

2. The SERT (Symantec Endpoint Recovery Tool)is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively.

3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common loadpoints where threats can live.

Rapid Release Virus Definitions –

Power Eraser tool –

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions –

Support Tool with Power Eraser Tool included –

How to use the Load Point Analysis within the Symantec Support Tool to help locate suspicious files

If you are unable to remove the threat(s) from your systems, please submit the suspected files to Symantec or ThreatExpert for analysis. New signatures will be created and included in future definition sets for detection.

MD5SUM's picture

     The cause for this is because you have selected to Enable NetBIOS protection in your firewall rules.  Though annoying, this is harmless.  You basically have two options:

1. Disable NetBIOS protection

       a) Launch SEP > click Change settings > click Configure Settings in the Network Threat Protection row > on the Firewall tab in the Traffic Settings
           group uncheck Enable NetBIOS protection

2. Reconfigure your Intrusion notification settings

       a) See below (pasted directly from the SEP Client Help Pages)

          Hope This Helps

Configuring intrusion prevention notifications

You can configure notifications to appear when the client detects a network attack on your computer or when the client blocks an application from accessing your computer. You can set the length of time that these notifications appear and whether the notification occurs with an audio announcement.

You must enable the intrusion prevention system for the intrusion prevention notifications to appear.


Your administrator may have configured these options to be unavailable.

To configure intrusion prevention notifications

  1. In the client, in the sidebar, click Change settings.

  2. Beside Network Threat Protection, click Configure Settings.

  3. In the Network Threat Protection Settings dialog box, click Intrusion Prevention.

  4. Check Display Intrusion Prevention notifications.

  5. To hear a beep when the notification appears, check Use sound when notifying users.

  6. Type an amount of time you want the notifications to appear in the Number of seconds to display notifications field.

  7. Click OK.