Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sygate Keeps blocking NT Kernel & System


  • Please log in to reply
4 replies to this topic

#1 rtw6579

rtw6579

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 17 March 2009 - 11:56 PM

Hello to everyone. This site has helped in the past get rid of spyware and malware and I am returning for more assistance. One of the programs that was recommended as part of the last visit is causing problems. My Sygate Personal Firewall is blocking NT Kernel & System; C:Windows\System 32\ntoskrnl.exe. This only seems to happen when I am connected to a Wireless Network and not a hard wired network or internet access point. I have set the firewall to Allow and I get the warnings popping up in the corner telling me it was blocked. I can click the check box to not warn me and they still pop up. I can change the setting to Block, and I still get the pop ups. This is happening on three seperate computers. All are running Windows XP Pro with Sygate Personal Firewall ver 5.6 build 2808. Like I said, as long as Wi-Fi if not connected I don't get these pop ups.

Thank you in advance for the help.
Russell

BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 PM

Posted 18 March 2009 - 09:34 PM

Hi rtw6579,

Unfortunately you may just have to give up on using Sygate. It is a real shame that Symantec effectively killed it by buying it out. It is my all time favorite firewall and I continued to use it for a year or so after it ceased to be supported/developed. But it is bad security policy to use outdated software, even for firewalls that don't depend on current definitions, so I reluctantly stopped using it. And I don't recommend it to others exactly because of situations like yours. No more bug fixes and even if there is a known workaround, the old Sygate forums are now shut down and the number of Sygate users is steadily diminishing, so if someone does know the solution to your issue it is less likely they will see your post here.

It seems pretty obvious from your description, but I suggest you confirm Sygate is the problem. Disable Sygate, turn on the Windows firewall and then try your wireless connection again. If you can get it to work without Sygate running then I would suggest that you find another firewall. You may have to go into Task Manager and end the spf.exe process to get Sygate fully disabled--I had to do this before uninstalling. It seems like there may have been another process but my memory is bad.

The following site will show you which firewalls did the best at passing leak tests (outbound packets). It doesn't rate by a firewall's main job--blocking incoming packets and stealthing your system.
http://www.matousec.com/projects/firewall-...nge/results.php

The site does have a nice list of all firewall products, both freeware and commercial--when you choose one, test it yourself at Shields Up for quality of blocking incoming packets.
http://www.matousec.com/projects/firewall-...roduct-list.php

The thing about people

is they change

when they walk away.--Mipso


#3 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:07:49 PM

Posted 18 March 2009 - 10:07 PM

From the Sygate Help file which I just rescued from backup :thumbsup:

Defaults: A Summary of Rules and Settings
This table provides a summary of rules and settings for the Personal Firewall.

Default Rules and Settings for the Personal Firewall

The following rules and settings apply:

VPNs enabled—VPNs are enabled
IDS is enabled—IDS is enabled immediately, and a new IDS library
Ask before application use—Ask for user permission before permitting an application to use the network and log that decision
Security: Normal—The menu shows File, then Security, with the choices of Normal/Allow all/Block All. Normal is the default choice
Popup messages enabled
Allow ping reply
Allow traceroute
Browse Network Neighborhood enabled
Disable Network Neighborhood sharing—Block access to any files on the end user's computer
Screensaver—Ignore status
Windows Kernel—Ask before permitting access
Block broadcast traffic—Block all multicast and broadcast traffic and do not log it
Block all other traffic—Block all remaining network traffic and log it. This is the final rule to be implemented and catches everything that has not otherwise been covered


I've used Sygate just a little bit, liked it a lot, and don't recall much. I recall that ntoskernl.exe deals with NetBIOS and various broadcasts, such as DHCP. So the problem might be an attempt at file sharing perhaps?
If these are defaults that can be overwritten with some rules for NetBIOS, to permit ports 137-139, as well as 135 and 445 for the system listening, maybe the alerts could be defeated. Or just on one of the non-rule, setup pages, permit local filesharing if that's what you do. But it could be that if connected to another LAN, Sygate will block regardless (I just don't remember).

There was an application permission settings in Sygate - are they correct for your network?
Sygate has superb logs. What do they say - list local and remote IP, local and remote ports and what rule they block.

I agree with papakid to move on to something else, especially that Sygate is not very good at watching localhost which is important especially that many recent anti-malware solutions use local proxy through localhost. The old Kerio 2.1.5 does a better job if you want a packet filtering firewall.

Edited by tos226, 18 March 2009 - 10:12 PM.


#4 rtw6579

rtw6579
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 20 March 2009 - 10:35 PM

Thanks guys. With the recommendations to upgrade to a newer firewall that is still supported and bug fixes available, what is a good one to use? I use my pc for programming lighting control systems, so I need to be able to allow connections from various proprietary software to system devices. I am somewhat new to the whole being my own IT for my computer and have no idea where to even start looking for a good firewall. Any suggestions would be appreciated. Or if a list is already available on this site, where might I find it?

Thanks again.
Russell

#5 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:07:49 PM

Posted 21 March 2009 - 10:11 PM

What sort of devices? Networked? What system devices does it have to control?
Just for your own use or are you running some kind of a website?
I would think a rule-based firewall such as Sygate :thumbsup: or Kerio or Outpost can be detailed enough to do the job since the specific protocol and port control is their strength.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users