XP SP2 issue?

GTM

Resistance IS Futile !
Joined
Jun 19, 2003
Messages
389
Reaction score
0
Location
UK
Ever since I installed SP2 for XP my firewall is reporting that ntoskrnl.exe is

a) changed ( no surprise there)

b) attempting to access the network (ie internet) sending out a packet on port 445 (https IIRC) to IP addresses in the BY network. It happens seemingly randomly about once every 1-2 hours.


Anyone know what might be going on. I'm loath to grant it access as I can see no valid reason for the NT kernel to be trying to send HTTPS packets to other computers in the BY network.


I've run a virus scan, (both on the whole computer and on ntoskrnl.exe itself). Also, checked for adware etc. Nothing on either. The file itself is the one in /system32 folder and has a seemingly valid version.

File version is : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)


Given this is the only ntoskrnl file in the system32 folder and that the compatibility tab on the properties of the file says it can't be run in compatibility mode because it is a XP operating system file, it would seem that it is definitely the official NT kernel file. Which leaves me confused.


Any ideas?

GTM
 
My firewall log tells me that ntoskrnl gets some incoming which it blocks but never tries to send anything out.
 
I had another look at the details that my firewall is throwing up. I've just noticed that it is in fact incoming packets from clients on the BY network, not outgoing as I originaly thought. The warning is actually being triggered by these packets coming from the network as its only when this happens that the firewall notices the file has been modified. As the firewall is already blocking these incoming packets anyway, and since I have recently installed SP2 I am now confident that nothing untoward is going on so have accepted the application change as normal so my firewall won't continue to throw up security warnings.


GTM
 

Latest posts

Back
Top