Hi I’m a new user to GlassWire and a learner in networking. I’m looking at my firewall on different devices and seeing different host coming through the NT Kernel & System. I was hoping someone could explain to me if this is normal and also perhaps recommend software for blocking host coming through the Kernel?
We have found blocking the Windows Kernel causes more problems than it solves, including major instability from Windows.
It’s normal for Windows to have some NT Kernel System network activity and it helps Microsoft protect your PC from threats by giving you software updates, etc…
If you are against all Microsoft Telemetry then it’s possible to disable most of it in most cases.
https://blog.glasswire.com/2015/09/15/165/
You can also use GlassWire to block apps like Microsoft’s “Yourphone.exe” or “Video.ui.exe” with no issues. Most of those types of things don’t go through the Kernel.
If your data is extremely limited and that’s why you want to do this then Howtogeek has a great guide to help you make Windows 10 use very limited data.
Or you can also put GlassWire in “Ask to connect” mode, then keep it in our “Block all” mode when you aren’t at your PC. https://www.glasswire.com/userguide/#Firewall_Tab
Not only are you NOT allowing to block the kernel. Your also hiding the ip address traffic. Saying it causes instability is not a solution. It is just as easy to unblock the kernel as it was to block it. But I am mostly interested to know what ip address’s are passing to/from it. but your hiding it. Please re-enable viewing the traffic at least.
1 Like
We don’t block viewing of any IP address traffic information anywhere in our application and we never have. Sorry if I wrote something to make it sound that way.
The best way to view IP address traffic for any app is to go to usage/apps. You can see any host activity with any app on the “usage” tab the fastest.
2 Likes
You show the IP traffic in the details for NT Kernal and System, but what you don’t do is scan all that traffic with VirusTotal like you do with all the other apps. Major security gap. And judging by the time stamps on these others posts, it looks like you guys aren’t interested in making adjustments here to improve security and visibility and user control.
GlassWire doesn’t actually “scan the traffic”. It just uses the file hash of an executable accessing the network from your device for the first time, and sends it to VirusTotal to see if that is a “clean” executable.
As for your NT Kernal and System, if you don’t trust them and/or think that your PC may be compromised, there’s not much else that can be done except to nuke your system and clean install from a trusted source for the Windows installer ISO.
Cool, that really doesn’t change anything about the arguments being made here.
But I guess thanks for providing everyone with reasons not to upgrade?
Hey guys, he says that if you think your computer is compromised or could become compromised in the future, no reason to do scans of any kind - you just need to wipe it and start fresh. Problem solved. In fact, probably safest to just do a fresh wipe and clean install daily.
Blocking the kernel and svchost stopped blue screens and internet cut offs when I began posting about Windows being core coded in Israel as well as Intel chips being core r&d in Israel. I presume you all have google.
I’d post the 300 links on the subject I have but I cannot.
Google Christopher Domas and God Mode Unlocked for the hardware backdoors in x86 infrastructure.
Once you understand how much CORE sensitive code is done in Israel - then you will understand where all the backdoor’s and hacking is coming from.
In 1992, Vasili Mitrokhin, a KGB archivist, defected to the West with a trove of top secret documents from the Soviet intelligence agency, which helped expose many Russian agents and assets in Israel and elsewhere. This series of articles explores these documents and brings to light the secrets they revealed. Part 1 of 5
I cant put links in posts. as Ken is a proud American I presume he will want to contact me on the extensive work and lobbying we have done on this issue.
All Microsoft Products are CORE CODED in Israel. I hope I answered your question and I hope Ken allows thisa discussion because we speak to high level people. Shame I cant post links.
I’m about to try Glasswire after using Enterprise level with export restrictions which Broadcaomm has now cut off from ordinary users.
I just hope Ken has no Unit 8200 and Talpiot graduates writing his code and backdooring his network.
I didn’t say that, and you have obviously misquoted me! You have added “or could be compromised” and “no reason to do scans of any kind”.
I was only pointing out that GlassWire does not “scan traffic”. i.e., traffic meaning the data that your programs send/receive. That is the job of an anti-malware program, which is highly recommended to have running in addition to a firewall.
The VirusTotal lookup only verifies that the executable program accessing your network is virus free, not that the traffic it sends/receives is. For example, you could download a malicious file using a VirusTotal certified “clean” program, but it would still be up to your anti-malware software to identify that downloaded file as malicious. None of that “traffic” gets “scanned” by GlassWire, and they never claimed that it would be.
My comment regarding Windows was meant to be tongue-in-cheek in that you have no choice but to trust your OS. The same goes for your anti-malware applications. Some folks do not trust it. I suppose that is why Linux is popular with that group.
I do understand that NT Kernel blocking is not available in GlassWire, but that is a choice they have made. I was not attempting to address that. I was just trying to clarify how the GlassWire → VirusTotal feature worked.
1 Like