Why is symantec blocking ntoskrnl.exe

This accomplishes two things, it shows your CEO you're actively investigating security concerns - and second, it teaches this CEO because they do need to be taught that it is not acceptable to always go with the older version. You'll never get budgetary approval for new products if the CEO has the mindset that it's ok to stick with older software, especially security software.

Further, will future versions have to be investigated to ensure they don't contain annoying popups? If they do, what then? You can't base your product decisions on a CEO's inability to cope with popups, it has to be on the merits of the solution they provide and this has to be the primary impetus behind all decisions - everything else is secondary.

When the CEO stomps her feet in protest, you need to be prepared to deal with that without compromising your primary objective which is to stay on top of the security game. So you have to seek ways to get things done despite these secondary distractions.

If your CEO believes that it's a battle between a more effective product and just some popups, she'll hopefully be smart enough to realize security is more important. My advice is to approach her with confidence and firmness, but not brashness, and I think any CEO would agree on the merits of security vs.

Then, you can tell her you found a settings that disables the popups. Show it to her, and if it DOESN'T work, then you can play the blame game on Symantec and contact support and go through all the motions so your CEO is further impressed with your diligence.

Or, you can create a regular maintenance schedule, like monthly or quarterly, with her laptop and take that opportunity to sit down with it and get SEP back on there, then explain afterwards why you did it. But in my opinion, most CEO's will respect you more for the direct approach rather than powering on their laptop one day to find SEP back on there, without explanation.

And I tested turning off the notifications and that works fine as well. AGain though, XP here. My SEP version is Since she can't do anything useful about the IPS events anyway, might as well turn off the notification function. You can review the logs yourself during whatever opportunity you have to get ahold of her laptop without her hanging over your shoulder, unless she's hot of course. The sudden increase in size seems slightly suspicious but it very well could be an update from Microsoft.

If you feel more comfortable please submit the file to Symantec for testing. You can also use some popular online scanning tools that combine Symantec as well as other antivirus engines to scan a file. If you continue to have further trouble I would ask that you make a new thread on the subject since this one is very old and will most likely be ignored by most in the community. Cheers Grant. This is also a fairly good indicator of whether or not the process is malicious.

What I find unusual about this issue is that I can't perceive any actual prevention of anything from happening. Admittedly I have no idea what ntoskrnl does exactly, other than being the kernel of course, so I'm not sure what portion of system functionality is being blocked. Anybody know what's being blocked? With your subscription - you'll gain access to our exclusive IT community of thousands of IT pros. We can't always guarantee that the perfect solution to your specific problem will be waiting for you.

If you ask your own question - our Certified Experts will team up with you to help you get the answers you need. Who are the certified experts? How quickly will I get my solution? We can't guarantee quick solutions - Experts Exchange isn't a help desk.

My system completely slows to a crawl right after I receive a new virus definition and a file system scan is initiated. It takes 30 minutes to sometimes 2 hours for a scan to complete after having received the new defnition, in the meantime my laptop is unusable, clicking on anything either in the main OS or the hosted OS takes 1 to 2 minutes to respond. If VMWare is not running, I never see the issue, but I really need the image to be running most of the time.

I uninstalled SEP and had 2 weeks of pure enjoyment being able to work without any issues. Unfortunatelly, corporate policy requires that I run SEP all the time, I had re-install SEP today and I am back to the same issue, first definition push I received and my laptop is again unsusable.

We sometime get 2 or 3 new defnitions pushed out a day I am locked out of most of the preferences in SEP, thus I can't control when to receive the new defs. In the Symantec Endpoint Protection Management Console how do I create a report to show specific clients that have a particular risk detected? Intrusion Prevention detection.

I can see the total number of detections via one of the default reports however can't find any report that simply gives me the list of machines. I'm only interested in an Intrusion Prevention Detection - I can view the log of individual machine but can't seem to run a report that shows me all the machines that have that particular risk detected. In the application and device control policy, one of the policies is created to allow users to read and write to the removable storage devices, my configuration is to "continue processing with other rules on each of removable device listed, the policy works pretty well to give the users rights to write to the removable storage devices, however, from the log, it is difficult for me to figure out whether the users is just to read the file from device, or it is action that the user has copied or write the data to the removable storage device.

Any issues with SEP client Also would there be an issue if SEPM was to be upgraded to the lasest ver. How many Endpoint Protection Managers can you install per license? Operating System: Microsoft Windows 7 bit. Tags 2. I have the same question. Level Message 2 of 2. Shlomi Click the Yes button to reply that the response was helpful or to say thanks.

Was this reply helpful? Yes No. If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".