Vidéos d'aide de Screencast

NT Kernal System Has Changed Message

Created: 09 Janv. 2013 • Updated: 10 Fév. 2013 | 3 comments
Ce problème a été résolu. Voir la solution.

I recently updated my Windows 7 Enterprise . I now get this message

NT Kernal System has changed since the last time you used it


I select no to not allow it. This is being detected by Symantic Software

I use Symantic Endpoint Protection Small Business Edition version

After reading some posts on the internet it appears that this is common issue after updating Windows.

Is there any solution to this or should I just select yes and allow the change or continue to select no?

I went into the Network Threat Protection logs and did find this block. I have no idea what it means and shows up many times

1/9/2013 10:14:23 PM    Blocked    3    Outgoing    IPv6 [type=0x86DD]    33-33-00-01-00-02    0    00-1F-D0-81-4C-F2    0    C:\Windows\system32\DRIVERS\rspndr.sys    Tony    Tony-PC    Default    1    1/9/2013 10:13:22 PM    1/9/2013 10:13:22 PM    GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102    

I also find this in the same log a number of times:

1/9/2013 10:22:33 PM    Allowed    10    Outgoing    UDP    FF-FF-FF-FF-FF-FF    138    00-1F-D0-81-4C-F2    138    C:\Windows\system32\DRIVERS\rspndr.sys    Tony    Tony-PC    Default    1    1/9/2013 10:22:16 PM    1/9/2013 10:22:16 PM    GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP    
1/9/2013 10:22:33 PM    Allowed    10    Incoming    UDP    00-19-21-EF-5E-13    138    FF-FF-FF-FF-FF-FF    138    C:\Windows\system32\ntoskrnl.exe    Tony    Tony-PC    Default    1    1/9/2013 10:21:32 PM    1/9/2013 10:21:32 PM    GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP    

Any help would be appreciated

Commentaires CommentairesAccéder au dernier commentaire

l'image des Ashish-Sharma


Are you using unmanaged sep client ?

Thanks In Advance

Ashish Sharma

l'image des Brɨan

It looks to be IPv6 rule which is blocked by default in 12.1. You can allow this if you want. Otherwise you can just turn off IPv6 in Windows 7. It's really up to you but this should not be malicious.

How to disable IP version 6 or its specific components in Windows

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

l'image des Mithun Sanghavi


Check this Thread with similar Issue -

Looks like a Network Application Monitoring message.

Check if - 

Clients > Policies > Location-independant Policies and Settings: Network Application Monitoring > Enable network application monitoring

is turned on. If yes, turn it off or change "When an application change is detected" to "Allow and log".

But you should only do that if you are sure that the alert was really a false positive.

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.