This is not so much a problem … just something I'm puzzled about.
Last week, I was asked by a friend to set up a wireless home network for her.
She has a newish Windows XP Pro desktop computer that she exclusively used, plus 2 older, unused desktop computers with XP Home that were well out-of-date and also had a variety of malware on both of them.
I cleaned her 2 older PCs (2 & 3) and installed SP3 plus all the Windows Updates, .NET Frameworks, upgrades to IE8, Firefox and various other programs.
I updated her AVG Free antivirus and installed the latest version of ZoneAlarm Pro
I also installed ZoneAlarm Pro on PC1
All 3 desktop computers and a Laptop, are now operating very well (and fast) on the network, and are now all free of malware
I've also set up the facility for sharing files, folders and various printers on the network
I installed the network using a Netgear router plus 2 USB wireless adapters for PC2 and PC3.
The external modem was supplied by Virgin Media via cable.
PC1 … adjacent to the router, and hard wired from the router to an internal Ethernet card … Avast Free plus ZA Pro
PCs 2 and 3 … fitted with USB wireless adapters…. AVG Free 8.5 plus ZA Pro.
When only PC1 is switched on and no programs running, the ZoneAlarm icon in the Notification Area shows continuous activity, except for very brief occasions when the letter Z flashes on and off.
This doesn't happen on any other PC on the network.
Task Manager >> System Idle Process at 99 and all others at 00.
Other than Avast, AVG & ZA, the only "real time" programs used on all PCs are SpywareBlaster and WinPatrol.
This flashing ZA icon on PC1 has only showed continuous activity since I installed the wireless network.
Any theories about this ? My ungrateful friend is complaining that the continuous flashing icon is irritating her. When you hover on it, it says "Traffic".
Re: Continuous Traffic
I suspect it's just the adapters talking to one another.
Each is likely asking "who is out there, please talk to me" to the others, and they all respond, or don't if not powered on.
Probably at 12 or 20 sec. intervals.
You could set alerts and logging to show everything for a while, then read the logs and read off what IPs are involved and what ports. Most likely just a whole mess of broadcasts (last 3 digits of IP being .255) within your LAN range, but could be others, external to watch out for.
With file and printer sharing, there is NetBIOS broadcasts, Browser announcements and other such going on - these are on ports 135, 137,138 and possibly 445. 135 and 445 are used by System, the others just sharing. These should be only allowed within your LAN, never internet.
No programs running is your impression. But services run background programs all the time.
I'm not familiar with the USB adapters, so it could still be something else.
SpywareBlaster isn't running. Ever. It sets killbits in the registry for malicious ActiveX and then is quiet.
Not familiar with WinPatrol - if it's a firewall or runs all the time for spyware, you shouldn't run it since ZA already is a firewall+spyware watch.
Re: Continuous Traffic
Thanks zaswing for your very informative reply.
It makes sense to me, and your additional info is also appreciated.
I'll check out your advice re alerts and logs.
It's only PC1 (ethernet hard-wired) that has the constant traffic showing in ZA.
The other PCs, 2 & 3 (USB wireless adapters) don't have this constant (uninterrupted except for very occasional brief flashes of the Z) traffic in ZA, and behave normally.
BTW, Winpatrol is not a firewall, but a very handy little program.
If you're interested, you can read a review here .........