Check this thread
Thanks In Advance
Looks like a Network Application Monitoring message.
Check if -
Clients > Policies > Location-independant Policies and Settings: Network Application Monitoring > Enable network application monitoring
is turned on.
If yes, turn it off or change "When an application change is detected" to "Allow and log".
But you should only do that if you are sure that the alert was really a false positive.
In SEPM goto "Clients" and click on any of your groups. Then open the "Policies" tab. Click on the third option "Network Application Monitoring". You can switch it off or add an execption for NTOSKRNL.EXE.
Check these Threads, if these helps:
Hope that helps!!
Associate Security Architect
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3
Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.
Setting up network application monitoring
Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.
sorry. but all the information that you are providing. meeting on forums and firewall blacklist. I served as the firewall is down and the only thing I try to do is I do not see the message again