I have GlassWire installed on my PC to monitor network connections, and I regularly use a VPN. Lately, I’ve been noticing that the NT Kernel & System is uploading data to various local and non-local IP addresses, including my phone and my computer’s IP on my home LAN and VPN LAN. It’s also making connections to public IP addresses owned by Microsoft and Google, but what concerns me most is that it’s connecting to the IP addresses of VPN servers that I had connected to earlier in the same or previous day. Sometimes, it’s connecting to all 300 VPN servers my provider has.

I’m curious as to why this is happening. Does anyone know the actual purpose of the “NT Kernel & System”? Could this be some telemetry function, or less likely, malicious events? I’m worried that it’s logging all these IP addresses somewhere. If someone more knowledgeable than myself could inform me about the function of this program, I would be appreciative.

Askify Moderator Edited question April 23, 2023