Results 1 to 13 of 13
  1. #1
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Sygate Beginner Followup

    Since <!post=this thread,382126>this thread<!/post> started out as an update notice, I won't continue there with THIS newbie question - new to SPF, that is. As with most new firewall installations, I've allowed all apps known by me and not had to disallow anything so far. When I look at the list of "Applications" in the SPF main screen, there are also quite a number that have been assigned an "Ask" category. Among those is the NT Kernel - NTOSKRNL.EXE which is the topic of this question. Each morning I reboot my computer and shortly thereafter I see a small popup window, just above the system tray where the SPF icon resides. The window flies away so fast that I have a tough time memorizing what it says, except that the NT Kernel has been blocked, something or other. I've been Googling around on this topic and boy, is there a lot out there, including this in the Sygate forums. I'm in the process now of looking at installed applications that I may not have used yet to see if one of 'em is possibly causing this flyup message, without my being aware of what's going on.

    There are no "attack" warnings or anything else suspicious going on, so does anyone have any Sygate (or other) experience with this kind of thing? BTW, the NT Kernel per se does not show up anywhere in Task Manager's list of Processes.

  2. #2
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Sygate Beginner Followup

    Al, what you are seeing is probably due to the network that you have. I seem to recall that you have more than one PC on a home network. This is a broadcast packet from your machine to determine what other Windows systems are on the network.

    If memory serves I stopped this in my case by allowing the specific IP address of the machine that it was trying to communicate with. In other words, I added that PC to the trusted list (and vice-versa) so that the firewall knew it was part of the internal network.
    -Mark

  3. #3
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Sygate Beginner Followup

    Thanks for stopping by, Mark. Yes, I do have a peer LAN using the standard 192.168.1.x addresses. What has been confusing to me is that Sygate's Traffic log has beaucoup entries every day with incoming and outgoing entries on the LAN but nothing "blocked," per se. This darn little flyout message seems to only appear shortly after each morning's reboot, which I do on a regular basis. There'll be nothing in any of the logs about it. Following your lead, I looked in the Sygate Help screens for "trusted" and see where I should allow the RANGE of IP addresses, so I've tried to do that, I hope in the correct place. In the Help, there's mention of a few applications in XP, not the least of which is the NT Kernel, which should be marked as "Allow" and the default was set to "Ask." I've changed the three shown in this screenshot to "Allow" and that has removed the question-mark that was there previously. Lemme see how the next boot goes. If you think I'm still off base, come on back, will ya?

  4. #4
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Sygate Beginner Followup

    I don't think you're off base, Al, but how are things working out so far?
    -Mark

  5. #5
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Sygate Beginner Followup

    I waited to make this post for I had several reboots planned for yesterday. I did my normal morning boot, one after running my weekly chkdsk and another after doing my weekly system backup image. Shortly after bootup the little blue flyout message still appears. I don't know where I'm off base. I went in to Applications, Advanced and made the attached entry for NTOSKRNL.EXE. I don't know if I need to specify one or more ports or not.

  6. #6
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Sygate Beginner Followup

    In checking, what I had done was to set up an Advanced Rule (Tools - Advanced Rules) for specific IP addresses behind my router. I allowed all ports and protocols by an IP address range.
    -Mark

  7. #7
    3 Star Lounger
    Join Date
    Nov 2001
    Location
    Santa Rosa, California, USA
    Posts
    275
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Sygate Beginner Followup

    Thanks for your discussion, Al and Mark. I just decided to try Sygate personal firewall after becoming frustrated with ZA. It took some time to find the place to enter the "Range" of IP Addresses for my network. It's always a challenge when you switch to a new application after using another one for a long time. You discussion helped me to determine where to look.

    So far, the Sygate seems to be behaving itself and I feel better with it there.

    Too bad about ZoneAlarm. That used to be a terrific product. As soon as they started trying to be all things to all people, they screwed it up. They should have remembered P. T. Barnam ( it was him, wasn't it: You can fool all of the people all of the time............)

    --Bob
    -Bob Harris
    "Seek Simplicity, Then Mistrust It!"


  8. #8
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Sygate Beginner Followup

    Bob

    PT Barnum? I thought the quotation was by Bill Gates!!

    John

    PS Your 'signature': "Seek simplicity. Then mistrust it" rather contradicts "Occam's Razor" (lots of philosophy in that reference!), one of whose forms is:
    "Entia non sunt multiplicanda praeter necessitatem".
    which you will immediately be able to translate as:
    "Don't unnecessarily complicate matters".

    (Read a brief biog of William of Occam)
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  9. #9
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Sygate Beginner Followup

    Sorry for not replying sooner, Mark. Yesterday's "problem" was a blown CD burner that I was working on, along with an IDE card that I still haven't figured out!

    I created an advanced rule as you recommended so will see if I still get the messages and let you know. Thanks!

  10. #10
    3 Star Lounger
    Join Date
    Nov 2001
    Location
    Santa Rosa, California, USA
    Posts
    275
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Sygate Beginner Followup

    Well, John...I had to look up "Occam Razor" and I must admit, we went a tad bit off of the topic of Sygate...ZoneAlarm, etc. It was a kick, I must say. Kind over my simple head!!

    You may be right about Bill Gates, however. I hadn't thought of it that way. Worth considering.

    Now, I'll go back to Occam's Razor! [img]/forums/images/smilies/smile.gif[/img]

    --Bob
    -Bob Harris
    "Seek Simplicity, Then Mistrust It!"


  11. #11
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Sygate Beginner Followup

    Continuing onward... It's sometimes hard to know if this thing worked or not, since I'm not always sitting at the machine. But yesterday afternoon, I was composing a letter in WordPerfect and during the time I was typing, there were at least two of the flyout messages from Sygate about the NT Kernel being blocked, in spite of my advanced rule. (BTW, I'm sure it had nothing to do with WP). When I finished, I went back to the Advanced Rule window and noticed the "Applications" tab that I hadn't opened when I created the rule. In that window, I checked all the applications, even though I know that only the NT Kernel is being impacted. I figured that all the listed apps are ones I have given permission so it can't hurt to allow them all "intranet" access. Did you do the same?

  12. #12
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Sygate Beginner Followup

    I had not done the same as you described Al, but there is something gnawing at me about this. I know I "corrected" it because it was driving me batty as well, but at the moment I am having some sort of mental block as to exactly how I worked it out. Back burner time, as soon as it comes to me I will share...
    -Mark

  13. #13
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Sygate Beginner Followup

    Hey Mark, just to keep in touch on this, I've not seen one of the flyout messages since I did that last modify to the Rules. I've checked my logs and haven't seen anything suspicious, so I don't think I have any worries. <img src=/S/crossfingers.gif border=0 alt=crossfingers width=17 height=16> I see frequent traffic in and between the network machines and the router, but I guess that's normal for Windows.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •