Good day, I searched the threads and only saw older references to the ntoskrnl.exe.. I am just looking into if one the the latest from patch Tuesday changed the krnl?
SEP 11.0.5.. after the client installs the patches from WSUS it reboots.. then we get two to the "your machine is owned by hackers" type alerts and the users have to click yes.. then it reboots.
I have 1,300 pc's in SEPM.. its going to be a long day of phone calls. Anyone else getting this?
The executable has changed since the last time you used C:\WINDOWS\system32\ntoskrnl.exe
File Version: 5.1.2600.5857
File Description: NT Kernel & System
File Path: C:\WINDOWS\system32\ntoskrnl.exe
Digital Signature:
Process ID: 0x4 (Hexadecimal) 4 (Decimal)
Connection origin: remote initiated
Protocol: UDP
Local Address: 172.19.255.255
Local Port: 137 (NETBIOS-NS - Browsing requests of NetBIOS over TCP/IP)
Remote Name:
Remote Address: 172.x.x.x
Remote Port: 137
Ethernet packet details:
Ethernet II (Packet Length: 92)
Destination: ff-ff-ff-ff-ff-ff
Source: xx-xx-xx-xx-xx-xx
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 128
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0x149e (Correct)
Source: 172.xx.xx.xx
Destination: 172.xx.xx.xx
User Datagram Protocol
Source port: 23300352
Destination port: 35072
Length: 8
Checksum: 0xa8c1 (Correct)
Data (58 Bytes)
Binary dump of the packet:
0000: FF FF FF FF FF FF 00 1C : 25 20 BA 2B 08 00 45 00 | ........% .+..E.
0010: 00 4E 80 40 00 00 80 11 : 9E 14 AC 13 C4 23 AC 13 | .N.@.........#..
0020: FF FF 00 89 00 89 00 3A : C1 A8 86 F2 01 10 00 01 | .......:........
0030: 00 00 00 00 00 00 20 46 : 44 45 46 46 43 46 47 45 | ...... FDEFFCFGE
0040: 46 46 43 43 4F 45 4C 45 : 46 46 4A 43 4F 45 50 46 | FFCCOELEFFJCOEPF
0050: 43 45 48 43 41 41 41 00 : 00 20 00 01
| CEHCAAA.. ..