# NT Kernel_System has changed since the last time you used it.



## josh48315

I have Symantec AntiVirus corporate edition v11, and the Network Threat Protection has been popping up lately with this message:



here is what i copied from the text it shows:

The executable has changed since the last time you used C:\WINDOWS\system32\ntoskrnl.exe
File Version: 5.1.2600.5657
File Description: NT Kernel & System
File Path: C:\WINDOWS\system32\ntoskrnl.exe
Digital Signature: 
Process ID: 0x4 (Hexadecimal) 4 (Decimal)

Connection origin: remote initiated
Protocol: UDP
Local Address: 192.168.1.255
Local Port: 137 (NETBIOS-NS - Browsing requests of NetBIOS over TCP/IP)
Remote Name: 
Remote Address: 192.168.1.104
Remote Port: 137

Ethernet packet details:
Ethernet II (Packet Length: 110)
Destination: ff-ff-ff-ff-ff-ff
Source: 00-13-ce-d6-97-9e
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 128
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0x30f6 (Correct)
Source: 192.168.1.104
Destination: 192.168.1.255
User Datagram Protocol
Source port: 26118400
Destination port: 35072
Length: 8
Checksum: 0x21bf (Correct)
Data (76 Bytes)

Binary dump of the packet:
0000: FF FF FF FF FF FF 00 13 : CE D6 97 9E 08 00 45 00 | ..............E.
0010: 00 60 BF A4 00 00 80 11 : F6 30 C0 A8 01 68 C0 A8 | .`.......0...h..
0020: 01 FF 00 89 00 89 00 4C : BF 21 81 BD 29 10 00 01 | .......L.!..)...
0030: 00 00 00 00 00 01 20 45 : 4B 45 50 46 44 45 49 46 | ...... EKEPFDEIF
0040: 48 45 49 45 4A 46 45 45 : 46 46 44 45 46 45 4D 45 | HEIEJFEEFFDEFEME
0050: 4D 43 41 43 41 41 41 00 : 00 20 00 01 C0 0C 00 20 | MCACAAA.. .....
0060: 00 01 00 04 93 E0 00 06 : 60 00 C0 A8 01 68 | ........`....h 


it asks me if i want to allow it to access the network, and i click No because i have no idea what it is or why it wants to access the network.

it seems like it randomly pops up, or whenever i turn my computer on.

any help as to what this is and how i should go about dealing with it?

thanks everyone.


----------



## josh48315

help! somebody...anybody...please.


----------



## amateur

*ntoskrnl.exe* is a critical process in the boot-up cycle of the computer, that's why the warning pops up whenever you turn your computer on. The change can be due to a recent update. If you want to put your mind at ease, you can have it scanned here or here. 

On top of the page there is a field to add the filepath, copy and paste this filepath: 

*C:\WINDOWS\system32\ntoskrnl.exe*

Then hit Submit 
The scan will take a while before the result comes up.


----------



## josh48315

ok, so i did the scan at both websites, and they both found nothing.
so the next time i get this message popping up, should i click Yes to allow it to access the network?


----------



## amateur

Yes, you can.


----------



## josh48315

thanks for the help.


----------

