Video Screencast Help
Search Video Help Close Back
to help

that problem is this?

Created: 05 Oct 2012 | 4 comments
Marduk's picture
Marduk
0 0 Votes
Login to vote

 

I wonder what this message is and where I can get information. or if you can help me solve this notice so you will not continue to display the user
 
thanks
Discussion Filed Under:
, ,

Comments 4 CommentsJump to latest comment

Ashish-Sharma's picture
Ashish-Sharma
that problem is this? - Comment:05 Oct 2012 : Link

HI,

Check this thread

https://www-secure.symantec.com/connect/forums/sep-blocking-traffic-ntoskrnl

https://www-secure.symantec.com/connect/forums/symantec-endpoint-protection-110420275-blocked-traffic-ntoskrnlexehelp

https://www-secure.symantec.com/connect/forums/nt-kernel-amp-system-ntoskrnlexe-blocking-message-repeatedly-appearing

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents  

 

-1
Login to vote
  • Actions
Mithun Sanghavi's picture
Mithun Sanghavi Symantec Employee Technical Support Accredited
that problem is this? - Comment:05 Oct 2012 : Link

Hello,

Looks like a Network Application Monitoring message.

Check if - 

Clients > Policies > Location-independant Policies and Settings: Network Application Monitoring > Enable network application monitoring

is turned on.

If yes, turn it off or change "When an application change is detected" to "Allow and log".

But you should only do that if you are sure that the alert was really a false positive.

OR

In SEPM goto "Clients" and click on any of your groups. Then open the "Policies" tab. Click on the third option "Network Application Monitoring". You can switch it off or add an execption for NTOSKRNL.EXE.

Check these Threads, if these helps:

https://www-secure.symantec.com/connect/forums/nt-kernel-amp-system-ntoskrnlexe-blocking-message-repeatedly-appearing

https://www-secure.symantec.com/connect/forums/network-threat-protection-ntoskrnlexe-new

https://www-secure.symantec.com/connect/forums/network-threat-protection-9

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

0
Login to vote
  • Actions
Brian81's picture
Brian81 Trusted Advisor
that problem is this? - Comment:05 Oct 2012 : Link

Setting up network application monitoring

http://www.symantec.com/business/support/index?page=content&id=HOWTO27062

SEP Knowledge Base

Endpoint SWAT

0
Login to vote
  • Actions
Marduk's picture
Marduk
that problem is this? - Comment:07 Oct 2012 : Link

sorry. but all the information that you are providing. meeting on forums and firewall blacklist. I served as the firewall is down and the only thing I try to do is I do not see the message again

0
Login to vote
  • Actions