What does this firewall warning mean?

[grrl]

I just got a warning from my firewall that c:\winnt\system32\ntoskrnl.exe tried to connect to an IP address.

The security log says "Windows Winsock binary change detected"

What does this all mean, if anything?

 

[BurnItDwn]

I know ntoskrnl.exe is the Windows NT kernal ... it isn't a worm or virus or something

 

[xcript]

Yeah, nothing to worry about I'm sure.

Later.. :beer:

 

[Doomer]

What ip address ? Did you run a whosit on it ?

 

[Barnaby W. Füi]

The first means your kernel is trying to connect to something. I'm not sure if that's normal or not. The kernel is the very core of the operating system - the first thing that loads when your computer boots, and manages getting everything else going.

Your winsock binary changing could be normal or abnormal, did you do a windows update or install any software or anything? If not, I would perhaps be suspicious. I have limited knowledge of windows, but afaik, winsock is the windows socket library, responsible for all socket communication, including pretty much all network communication.

 

[grrl]

After I loaded the Win 2000 SP4 is when I started getting these warnings. I assume they are related, but I wanted to be sure. I got the warning a second time yesterday. The message said the file had changed since the last time the program was started and asked if I wanted it to access the network.