Endpoint Protection

 View Only

  • 1.  traffic has been blocked from this application nt kernel & system (ntoskrnl.exe)

    Posted Mar 08, 2019 06:21 AM

    I have received this message several times. Even though I know that this topic has been discussed before, in my case the log indicates that the Symantec is blocking access to an online printer from my organization:

    3/8/2019 5:46:26 AM    Blocked    3    Incoming    TCP    msisxerox.mgnt.stevens-tech.edu [155.246.119.27]    00-11-22-33-44-55    39334    155.246.152.178    00-05-9A-3C-7A-00    5357    C:\WINDOWS\system32\NTOSKRNL.EXE    gcrea    gcrea    Default    6    3/8/2019 5:43:51 AM    3/8/2019 5:45:24 AM    Block Web Service requests part A    
     

    What can I do about this? 



  • 2.  RE: traffic has been blocked from this application nt kernel & system (ntoskrnl.exe)
    Best Answer

    Posted Mar 08, 2019 11:42 AM

    Create a firewall rule to allow it.

    https://www.symantec.com/docs/HOWTO81156



  • 3.  RE: traffic has been blocked from this application nt kernel & system (ntoskrnl.exe)
    Best Answer

    Posted Mar 26, 2019 07:58 AM

    Hi Gcre,

    Thanks for the post.  "Block Web Service requests part A" does not sound like one of our IPS signatures.  Is that a custom IPS signature created for your environment-?  You may want to get in touch with your security admin or whoever configured the policies in the SEPM.