OK to block NTOSKRNL.EXE using firewall?

[Vance Roos]

For my firewall I use Sygate Pro 5.0. My PC is a home PC with
mutliple users but no network and only a cable connection.

Firstly, in Sygate I blocked communications with
C:\Windows\System32\drivers\NDISUIO
and found that, over time, my PC went very slow and would not connect
to the Net. So I have now unblocked this in Sygate.

Secondly, I also get attempts to communicate with NTOSKRNL.EXE. I
have blocked that too in Sygate but will this perhaps cause me
problems later?

 

[Jarmo P]

For my firewall I use Sygate Pro 5.0. My PC is a home PC with
mutliple users but no network and only a cable connection.

Firstly, in Sygate I blocked communications with
C:\Windows\System32\drivers\NDISUIO
and found that, over time, my PC went very slow and would not connect
to the Net. So I have now unblocked this in Sygate.

Secondly, I also get attempts to communicate with NTOSKRNL.EXE. I
have blocked that too in Sygate but will this perhaps cause me
problems later?

Propably no cumulative problems.
Still I think you should Allow it, cause otherwise you get unnecessary
blocking messages in the log. Maybe it is used for updating the clock, or
checking updates, among other things, being the NT kernel.
Also, click the applications, select NTOSKRNL, and click the advanced, and
uncheck the Act as Server, if getting too paranoid : )
Do the same to svchost.exe too, if not already, it closed the remaining open
ports in my puter.
Jarmo P

 

[Martin C.E.]

Propably no cumulative problems.
Still I think you should Allow it, cause otherwise you get
unnecessary blocking messages in the log. Maybe it is used for
updating the clock, or checking updates, among other things,
being the NT kernel. Also, click the applications, select
NTOSKRNL, and click the advanced, and uncheck the Act as Server,
if getting too paranoid : ) Do the same to svchost.exe too, if
not already, it closed the remaining open ports in my puter.
Jarmo P

Jarmo, thanks for the reply.

The weirdest thing is that I can't see either SVCHOST.EXE or
NTOSKRNL.EXE. I simply can't find either one of those! What do I
look for?

To try to find entries for SVCHOST.EXE or NTOSKRNL.EXE I changed
*all* of the entries for "block" to "Ask" in the Sygate list of
applications. So anything which tries to get out or into my PC pops
up a a message box. However I *still* get the occassional an
information message from Sygate saying it has blocked SVCHOST.EXE or
NTOSKRNL.EXE from accessing the Net.

It seems that these are being blocked by some setting elsewhere in
Sygate than in the Applications window. (I have got no "Advanced
Rules" set.)

Is SVCHOST.EXE or NTOSKRNL.EXE perhaps being blocked by me having
unchecked both of these in Options -> Network Neighborhood

(1) Allow To Browse My Network Neigborhood Files and Printers
(2) Allow Others To Share My Files And Printers.

To try and find where blocks for SVCHOST.EXE or NTOSKRNL.EXE are set
I have uncheck all of the entries on the Security tab.

However I still get popup information from Sygate saying it has
blocked SVCHOST.EXE.

Can you or anyone else advise please?