AkA-NeMo
12-28-2008, 01:30 PM
Hey I use Symantec Enpoint Protection and I just got a Network Threat Protection warning saying that NT Kernel System has changed since the last time I used it and it is asking me whether or not I want to allow it access to the network. Was wondering if anyone can help me. Here are the details about the warning:
The executable has changed since the last time you used C:\WINDOWS\system32\ntoskrnl.exe
File Version: 5.1.2600.5657
File Description: NT Kernel & System
File Path: C:\WINDOWS\system32\ntoskrnl.exe
Digital Signature:
Process ID: 0x4 (Hexadecimal) 4 (Decimal)
Connection origin: remote initiated
Protocol: UDP
Local Address: 192.168.2.255
Local Port: 137 (NETBIOS-NS - Browsing requests of NetBIOS over TCP/IP)
Remote Name:
Remote Address: 192.168.2.103
Remote Port: 137
Ethernet packet details:
Ethernet II (Packet Length: 110)
Destination: ff-ff-ff-ff-ff-ff
Source: 00-0a-eb-a6-be-3f
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 128
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0xd5b3 (Correct)
Source: 192.168.2.103
Destination: 192.168.2.255
User Datagram Protocol
Source port: 21924096
Destination port: 35072
Length: 8
Checksum: 0xe4fd (Correct)
Data (76 Bytes)
Binary dump of the packet:
0000: FF FF FF FF FF FF 00 0A : EB A6 BE 3F 08 00 45 00 | ...........?..E.
0010: 00 60 00 01 00 00 80 11 : B3 D5 C0 A8 02 67 C0 A8 | .`...........g..
0020: 02 FF 00 89 00 89 00 4C : FD E4 80 00 29 10 00 01 | .......L....)...
0030: 00 00 00 00 00 01 20 45 : 44 45 50 45 4D 45 50 46 | ...... EDEPEMEPF
0040: 44 46 45 45 50 45 4E 43 : 4E 44 49 45 44 44 4A 45 | DFEEPENCNDIEDDJE
0050: 47 44 47 44 49 41 41 00 : 00 20 00 01 C0 0C 00 20 | GDGDIAA.. .....
0060: 00 01 00 04 93 E0 00 06 : 00 00 C0 A8 02 67 | .............g
Thanks in advance.
The executable has changed since the last time you used C:\WINDOWS\system32\ntoskrnl.exe
File Version: 5.1.2600.5657
File Description: NT Kernel & System
File Path: C:\WINDOWS\system32\ntoskrnl.exe
Digital Signature:
Process ID: 0x4 (Hexadecimal) 4 (Decimal)
Connection origin: remote initiated
Protocol: UDP
Local Address: 192.168.2.255
Local Port: 137 (NETBIOS-NS - Browsing requests of NetBIOS over TCP/IP)
Remote Name:
Remote Address: 192.168.2.103
Remote Port: 137
Ethernet packet details:
Ethernet II (Packet Length: 110)
Destination: ff-ff-ff-ff-ff-ff
Source: 00-0a-eb-a6-be-3f
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 128
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0xd5b3 (Correct)
Source: 192.168.2.103
Destination: 192.168.2.255
User Datagram Protocol
Source port: 21924096
Destination port: 35072
Length: 8
Checksum: 0xe4fd (Correct)
Data (76 Bytes)
Binary dump of the packet:
0000: FF FF FF FF FF FF 00 0A : EB A6 BE 3F 08 00 45 00 | ...........?..E.
0010: 00 60 00 01 00 00 80 11 : B3 D5 C0 A8 02 67 C0 A8 | .`...........g..
0020: 02 FF 00 89 00 89 00 4C : FD E4 80 00 29 10 00 01 | .......L....)...
0030: 00 00 00 00 00 01 20 45 : 44 45 50 45 4D 45 50 46 | ...... EDEPEMEPF
0040: 44 46 45 45 50 45 4E 43 : 4E 44 49 45 44 44 4A 45 | DFEEPENCNDIEDDJE
0050: 47 44 47 44 49 41 41 00 : 00 20 00 01 C0 0C 00 20 | GDGDIAA.. .....
0060: 00 01 00 04 93 E0 00 06 : 00 00 C0 A8 02 67 | .............g
Thanks in advance.