Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

that problem is this?

Created: 05 Oct 2012 | 4 comments

 

I wonder what this message is and where I can get information. or if you can help me solve this notice so you will not continue to display the user
 
thanks

Comments 4 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

Looks like a Network Application Monitoring message.

Check if - 

Clients > Policies > Location-independant Policies and Settings: Network Application Monitoring > Enable network application monitoring

is turned on.

If yes, turn it off or change "When an application change is detected" to "Allow and log".

But you should only do that if you are sure that the alert was really a false positive.

OR

In SEPM goto "Clients" and click on any of your groups. Then open the "Policies" tab. Click on the third option "Network Application Monitoring". You can switch it off or add an execption for NTOSKRNL.EXE.

Check these Threads, if these helps:

https://www-secure.symantec.com/connect/forums/nt-kernel-amp-system-ntoskrnlexe-blocking-message-repeatedly-appearing

https://www-secure.symantec.com/connect/forums/network-threat-protection-ntoskrnlexe-new

https://www-secure.symantec.com/connect/forums/network-threat-protection-9

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

.Brian's picture

Setting up network application monitoring

http://www.symantec.com/business/support/index?page=content&id=HOWTO27062

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Marduk's picture

sorry. but all the information that you are providing. meeting on forums and firewall blacklist. I served as the firewall is down and the only thing I try to do is I do not see the message again