I have GlassWire installed on my PC to monitor network connections, and I regularly use a VPN. Lately, I’ve been noticing that the NT Kernel & System is uploading data to various local and non-local IP addresses, including my phone and my computer’s IP on my home LAN and VPN LAN. It’s also making connections to public IP addresses owned by Microsoft and Google, but what concerns me most is that it’s connecting to the IP addresses of VPN servers that I had connected to earlier in the same or previous day. Sometimes, it’s connecting to all 300 VPN servers my provider has.
I’m curious as to why this is happening. Does anyone know the actual purpose of the “NT Kernel & System”? Could this be some telemetry function, or less likely, malicious events? I’m worried that it’s logging all these IP addresses somewhere. If someone more knowledgeable than myself could inform me about the function of this program, I would be appreciative.
3 Answers
Introduction
Windows is one of the most popular operating systems in the world, used by millions of people around the globe. It is known for its user-friendly interface and powerful features. However, some users have reported that the NT Kernel & System is uploading data to various local and non-local IP addresses, which has raised concerns about the purpose of this program. In this blog post, we will explore the function of the NT Kernel & System and why it makes connections to local and distant IP addresses.
What is the NT Kernel & System?
The NT Kernel & System is a core component of the Windows operating system. It is responsible for managing system resources, such as memory and processes. It also provides support for device drivers and system services. The NT Kernel & System is a critical component of the operating system, and without it, Windows would not function.
Why does the NT Kernel & System make connections to local IP addresses?
The NT Kernel & System makes connections to local IP addresses for a variety of reasons. One of the most common reasons is to communicate with other devices on the same network. For example, if you have a printer connected to your home network, the NT Kernel & System may need to communicate with it to print a document.
Another reason why the NT Kernel & System may make connections to local IP addresses is to communicate with other programs running on your computer. For example, if you are running a web server on your computer, the NT Kernel & System may need to communicate with it to serve web pages.
Why does the NT Kernel & System make connections to distant IP addresses?
The NT Kernel & System makes connections to distant IP addresses for a variety of reasons as well. One reason is to communicate with remote servers on the internet. For example, if you are using a web browser to access a website, the NT Kernel & System may need to communicate with the website’s server to retrieve the web page.
Another reason why the NT Kernel & System may make connections to distant IP addresses is for telemetry purposes. Telemetry is the collection of data about a system’s performance and usage. Microsoft uses telemetry to improve the performance and reliability of Windows. The NT Kernel & System may upload telemetry data to Microsoft servers to help improve the operating system.
Why does the NT Kernel & System connect to VPN servers?
The NT Kernel & System may connect to VPN servers for a variety of reasons. One reason is to establish a secure connection to the internet. When you connect to a VPN server, all of your internet traffic is routed through the server, which encrypts the data to protect it from prying eyes.
Another reason why the NT Kernel & System may connect to VPN servers is for telemetry purposes. VPN providers may collect data about the performance and usage of their servers to improve their service. The NT Kernel & System may upload this telemetry data to the VPN provider’s servers.
Is the NT Kernel & System logging IP addresses?
The NT Kernel & System may log IP addresses for diagnostic and troubleshooting purposes. However, it is unlikely that it is logging all of the IP addresses that it connects to. If you are concerned about the NT Kernel & System logging IP addresses, you can use a firewall to block outgoing connections to specific IP addresses.
Conclusion
The NT Kernel & System is a critical component of the Windows operating system. It is responsible for managing system resources and providing support for device drivers and system services. It makes connections to local and distant IP addresses for a variety of reasons, including communication with other devices on the same network, communication with remote servers on the internet, and telemetry purposes. If you are concerned about the NT Kernel & System uploading data to IP addresses, you can use a firewall to block outgoing connections to specific IP addresses.
The NT Kernel & System is a system process that is a part of the Windows operating system. It is responsible for various system-level functions, such as managing memory and processor resources, and interacting with hardware devices.
It is normal for the NT Kernel & System process to make network connections, as it is responsible for managing network communication on the system. This includes communication with other devices on the local network, as well as communication with external servers.
The connections that the NT Kernel & System process is making to the VPN servers that you have connected to may be related to the management of the VPN connection itself. The process may be checking the status of the VPN connection, or communicating with the VPN server to establish or maintain the connection.
It is also possible that the NT Kernel & System process is making connections to these servers for other purposes, such as to download updates or to send system telemetry data to Microsoft.
Overall, it is normal for the NT Kernel & System process to make a wide variety of network connections, and it is not necessarily a cause for concern. However, if you are concerned about the specific connections that the process is making, you may want to consider using a firewall or other security software to monitor and control network activity on your system.
In summary, the NT Kernel & System process is a system process that is responsible for various system-level functions in the Windows operating system, including managing network communication. It is normal for the process to make a wide variety of network connections, including connections to VPN servers and other external servers. If you are concerned about the specific connections that the NT Kernel & System process is making, you may want to consider using a firewall or other security software to monitor and control network activity on your system. However, it is generally not a cause for concern if the process is making these types of connections.
The behavior you are observing is a normal occurrence during network discovery, specifically through the Simple Service Discovery Protocol (SSDP), as indicated in the full name. In the case of a VPN, a network is created that acts much like a local network, prompting Windows to periodically send out discovery messages to verify the status of known computers, as well as locate new devices, computers, and services.
The IP address displayed as "224.0.0.252"
is used for Link-Local Multicast Name Resolution (LLMNR), which enables network discovery.