Program(s) access level ?
I just read http://forum.zonelabs.org/zonelabs/b...essage.id=7556
and checked my programs list.
windows/system32/scvhost.exe Trust level is three bars. Access is trusted & internet. Server is trusted. Server internet is blocked
windows/system32/ctfmon.exe Trust level is three bars Acces-trusted & internet is blocked as is Server-trusted & internet but Send Email is checked.
windows/system32/cscss.exe Trust level is three bars Access is trusted & internet. Server-trusted & internet is blocked
windows/system32/isass.exe Trust level is three bars. Access is trusted & internet. Server is trusted.
programfiles/zonelabs/zonealarm/mailfrontier/mantispam trust level is three bars, Access is trusted & internet
windows/system32/userinit.exe Trust level is three bars. Access is trusted & internet, the rest are ask
windows/explorer.exe Trust level three bars. Access and Server are both trusted & internet. Send mail is ?
programfiles/internet exlporer/iexplorer.exe is Access-both trusted & internet.
windows/system32/winlogin.exe Trust level three bars. Access is trusted & internet.
windows/system32/smss.exe Trust level is three bars, everything else is blocked
programfiles/zonelabs/zonealarm/zlclient.exe Trust level is ask. Access is trusted & internet
If I try to change any of these to ask I get the Custome settings can cause serious problems message.
Everything is set to either ask or is blocked.
Does this all look alright?
Im curious about the windows/explorer.exe (not programfiles/internetexplorer/iexplorer).
Is it suppose to have trusted and internet server access?
Is it possible to go ahead and set things to ask without causing serious problems as the message implies?
Thank you in advance
Operating System:Windows XP Home Edition
Product Name:ZoneAlarm Internet Security Suite
Re: Program(s) access level ?
One thing to consider when setting program access levels is how many alerts you are willing to put up with balanced with what degree of program protection. I like a lot of protection, so I don't mind alerts, and they decrease after a while anyway. So I've set nearly all programs to "ask". This way I like to know if something is trying to access the internet, or if something was trying to send email out. I've found that very few things need actual permission (check marks). IMO for the vast majority of people nothing should ever require server permission in the Internet zone. That would be very dangerous. Some people say "generic host" should have permission in the TRUSTED server zone (in fact, I believe ZA automatically puts a checkmark there.) That may or may not be necessary. It can't hurt to try it both ways. If you are losing connections, or having troubles, and adding it back solves it, then so be it. The number of alerts also can go up with higher advanced program control and component control, but ZA "learns" after a while, so that calms down.
If you have permissions set on "auto", then ZA will configure it how it thinks is safe enough for most people (if you have smartdefense advisor also set to auto.) If smartdefense is set to manual, then you get to decide each time there is a permission decision to make. You can still customize it but it switches from "Auto" to "custom" when you do that (for that program). Yes, you may get a warning that it may affect how the system/ZA works. If you notice any problem, just put it back. Or if you have changed several settings on that program several times, and can't remember the defaults; you can remove the program from the ZA panel, and ZA will put it back the next time your PC accesses that program. For something like Windows Explorer, for instance, I have experimented with as few checkmarks as possible. For my Windows Explorer, no checkmarks at all are required; I have ? ? in all places. I have no reason for needing Windows Explorer to access the Internet or other PCs on my LAN. Likewise, I don't want any program but my email program allowed to send Email. Some people just block permissions they don't want, and that works, too. But I like to know if something is TRYING to access the internet, email, etc. so I leave most things to ? ?. You can always put a block "X" later if you want.
So, yes, you can change permission on those programs that ZA has a warning about. If you notice a problem with connectivity, etc., put it back. You probably won't have a need to change any of the "trust levels" ZA chose; but I've had no trouble experimenting with changing things to ? ?. If your database ever becomes corrupt, or you just want to reset it to start with your progams all back at the basic level, you can do a database reset as described in various postings in these forums. If you are going to experiment with some changes, you can also back up all your security setting using the "backup" feature in OVERVIEW | PREFERENCES, then you can later "restore" your ZA settings if necessary. Just be sure not to grant anything server permission in the Internet zone, and nothing, or virtually nothing (generic host possibly the exception) should need server permission in even the trusted zone. I hope this helps. I'm no expert, but this has all been my experience after using ZA for several years. Your mileage may vary :) Good luck!
Re: Program(s) access level ?
Hi - I agree with 'critterjoe' as a veteran ZA user to the point where it has made me religious in firewall protection and made antivirus (nearly) obsolete. However - I do have a serious problem with the latest ZA (zapSetup_93_014_000_en as of this post) regarding outgoing component control. Some (powerful) apps are able to 'be me' and answer for me - they can disable component control without warning and place there own green checks (enabling access) which is extremely disconcerting (exa steam_api.dll). Is there any way ZA can upgrade component control with block features ('X')??? I have recommended ZA to many for the simple reason that they give great 'hands on' control of your firewall as opposed to many other firewall products which are huge monster systems that do not protect nearly as well (or have been bought out by realplayer etc). Try running "netstat -ano" in a command window and see how compromised your system truly is - with internet enabled. (I'm in win7 now but in XP - with difficulty/research - netstat returned no entries with internet enabled [and usable]). But ZA needs to address apps overruling control both in program and component arenas. In response to your query - i believe you can ignore ZA warnings and change whatever you need - with words of caution - make changes 'one at a time' and remember your exact change to see if fixes your problems. If you encounter no issues - list it (remember it) - leave it - and pick another. I am truly siding with cjoe above and I 'X' off everything under server (with 1 exception for email client for email only) since 90% will not need this and those who do will know what and why. Hope this helps! + hope someone can respond with answers regarding component control issues plz....
Re: Program(s) access level ?
Would you mind posting more info on your setup? For example, all the active/inactive options in ZA program control? What you describe can happen under certain conditions. Otherwise its corrupted settings, or broken backup settings used or patched ZA.
Third party programs cannot change ZA settings on their own, not really possible :) . With all advance feature active and manual configurations its easy to get ZA corrupted or misconfigured. Enough a hang or crash of the system.
Btw, the real last version of the ZA retail line is 9.3.037.000
Re: Program(s) access level ?
I assume since you mentioned the latest version ZA 9.3.037.000 your question is directed at me... if not - sorry! (and will update shortly...) Regarding ZA setup - imagine the most bulletproof, non communicative setup and you'll have mine.. briefly however - the most important sections are outlined here: page 1 no update(manual -upgrade only when ZA fails - 'if it aint broke dont fix it etc') - no communication with ZA (sorry i don't trust ZA/anyone/no reason for comm which could be compromised) and i 'kill' zaclient in programs but that disappeared?... but it was nice that za allowed that.. and it worked! page 2 firewall - [high] advanced everything checked under medium and nothing checked under high - medium includes all udp/tcp inc out ports added 68, 135, 445, 49152-49156(win7) and advanced bottom 4 checked center bottom (enable arp, lock hosts, disable win firewall, filter 1394 + no ip6) page 3 prg cntrol - always high - custom everything checked *** but can not (and never have) used greyed enable timing or services control??? (win7 issue?) would really like to know how that is enabled... plz... progrsm page all internet server choices are 'X' except a few new ones which i leave to ask (experimental use)... with 'kills' wherever "update/reporting" word is used and ask/trust (rare super) - noticed in win7 restricted causes syswow64 launch failures so can not use this so often... and components... ALL ask except ntdll.dll... but apps change these settings so always check this on comp startup. thats it ... i do not use toolbar (tried it - it worked for a week then 'something' knocked it out and reinstalled ZA - never used again - never use identity - neither email (just adds overhead/never worked or client/web caught before sec engaged)... logs are very useful for the ultra paranoid for expert rule blocking mean ips across the world... and pop ups are actually ZA's finest point since it verifies that the wall is doing its job! BTW I have 20 services active (win7) but winxp needed only 6 services to fly like a rocket with full internet access.. really miss that.. hope this might help someone 'bulletproof' some/part of their system - i have quite a few friends/family who i've helped lock down their systems. made good business for ZA... wish i could get a discount!
Re: Program(s) access level ?
Yes, it was directed to you (the update). Well, if you could use some spaces between the paragraphs it would really help the reading... This way I am sure I lost some information. LOL.
So, you mention almost all but not the key ones. The only reasons why your components can get a green check instead of a '?' (default with all manual) is first the smartdefense advisor and secondly the ("Microsoft catalog use"). The latter will override all settings whatever they are for all communication originating from certified MS components (and programs).
Not sure I follow what you do on ZA (blocking communication, kill zlclient, etc). This could also be the origin of the problem. ZA is very sensitive to blockage. It is designed and tested to block third party software not to block itself. I have seen all sort of weird behavior on ZA setup with blocked ZA server, license key blockage, etc. If you do not trust ZA then you should immediately look for another security, one you are comfortable with. Its your primary line of defense and needs to be fully trusted and given free movements.
Finally, service control is grayed out because is embedded already in windows 7 and time attack is grayed out because you are using a 64bit version of windows 7 with patchguard. That OS is not vulnerable to time attack (better Know as khobe). Both are relevant for XP but not Win7 64bit. Time attack is functional with win7 32bit (that has no patchguard).
You basically have all the information needed to troubleshoot and fix the issue. If you will have still problems then better you direct yourself to ZA technical support so that logs and forensic work can be performed and escalated to development if something is found. Of course, you need to excluded all the above mentioned causes before contacting ZA official support.
Hope this helps