Check this thread
Thanks In Advance
SEPM Knowledgebase Documents
Looks like a Network Application Monitoring message.
Check if -
Clients > Policies > Location-independant Policies and Settings: Network Application Monitoring > Enable network application monitoring
is turned on.
If yes, turn it off or change "When an application change is detected" to "Allow and log".
But you should only do that if you are sure that the alert was really a false positive.
In SEPM goto "Clients" and click on any of your groups. Then open the "Policies" tab. Click on the third option "Network Application Monitoring". You can switch it off or add an execption for NTOSKRNL.EXE.
Check these Threads, if these helps:
Hope that helps!!
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Setting up network application monitoring
SEP Knowledge Base
sorry. but all the information that you are providing. meeting on forums and firewall blacklist. I served as the firewall is down and the only thing I try to do is I do not see the message again