Re: how to enable stealth?
Which ZA product are you using? I don't know much about the Free version, so I'm assuming you are using one of the paid products, and the discussion that follows is geared that way.
Originally Posted by phyl
I'm a fellow user, not a ZA tech. Without being able to see them, I can't specifically comment much on your firewall settings. I believe that Medium setting for the Trusted Zone(default I believe) does not block the NetBIOS ports 135, 137-139, 445 presumably so that in some cases network peripherals--your other PCs/printers--can access them. These are supposed to be blocked to the Internet Zone, however, by default so I'm not sure why you are getting open ports result from your port test. It may be due to the fact that in your Program Control programs list, you have checkmarks in the Internet Server column for some programs, which is a no-no; this is explained further below.
I can say this, however, you need to get a new router quickly in my opinion. For about $40, it will provide a major enhancement to a security system and an addition layer of security.
If I had this problem, I'd start all over with a reset of all your security settings, similar to a new install without the hassle. This should start you off with a clean slate. First of all I would unplug from the Internet while I do all this. To do a reset you CTRL-SHIFT and simultaneously Right-Click the ZA icon in the taskbar; then choose "reset" from the popup menu. You will have to reconfigure all your security settings, program permissions, etc.
If you choose to do that, here are a few important things. After the reset, I would then reboot. Then, before plugging back into the Internet, you should walk through all pages of the ZA Control Panel and be sure all the options are configured like you want them. Here are some important ones to check after you do a reset:
1) In the Firewall section, most people want Internet Zone set to HIGH, and Trusted zone set to MEDIUM. I believe those are the defaults. Click the ADVANCED button at the bottom right to be sure the additional security settings are like you need them.
2) In the Program Control section, start off with Program Control at Medium level, and this allows ZA to "learn" how you use some of your programs and you will get fewer popups. After you have used your main programs a few times, you can then set Program Control level to HIGH. You can further customize Program Control by using the CUSTOM button, but it is best to wait until after the initial learning to change any of those. You can look at the Custom settings, however, to see that OS Firewall is enabled.
NOTE: If you find that Windows and Microsoft programs are getting a lot of permissions automatically, it is because in the Program Control/Custom section there is a checkmark in "Enable Microsoft Catalog Utilization". While this may be OK for beginners as a default, having used this product for years, I remove it since I like to customize those programs, too. I consider it to be a little too "loose" with permissions that are not needed. However, it sounds like you are new to Zonealarm, so you might see how it serves you, but check the programs list occasionally to see how ZA is configuring them, especially in regard to server permissions, which in my case, are not needed.
3) SmartDefense Advisor can be Auto or Manual, depending on what you desire.
4) At the bottom of that main Program Control page, you will see an ADVANCED button. Click to open. On the tab called "Access Permissions" make sure all 4 choices are set to "always ask". i.e., both for Connection Attempts and Server Attempts. This will serve as defaults, and may already be set that way. Then you will always be notified when any program tries to either connect or be a server for the first time. (another option would be to checkmark "always deny connection" in the Internet Server category, but I like to know when it tries.) Then, when you answer any popup, you can choose whether to "always allow" or "always deny" which will customize that one program. (during the initial use after reset, ZA will already allow permissions for a few common programs, system programs, etc. You can see how ZA selected them by occasionally checking the Program List window and looking at the checkmarks.)
5)There are very, very few instances in which any program will EVER need Internet Server permission. If you have checkmarks in any of the Internet Server column, you should remove them if they are not needed by an unusual program like a certain game or if you are hosting a server, etc.--even most games don't require it since ZA has a "Game Mode" to automatically allow access for certain games. Most people have nothing checked at all in the Internet server column. I don't. You can leave that column all question marks, and in the rare instance a program tried to act as an Internet Server you would be notified. Placing a checkmark in the Internet Server column will open ports. (This could be your problem.)
As a default, ZA will place a checkmark in the Trusted Server column for Generic Host Process, since some people need that permission. I removed it since I didn't need it for my system to work. Other people may require it in order to get a connection. But in any case, do NOT allow Generic Host a checkmark in the Internet Server column; ZA may even put a red X in that column by default. Most other programs will not even need Trusted Server permission, even if ZA puts it in by default. I removed those checkmarks that ZA placed in that column without problem. If you leave a ?, the worst thing that could happen is that you get a popup in the future. So that's why I usually leave ?'s instead of red X's in most cases.
6) After I have gone through all the additional control panel settings and am satisfied they are like I want them, then I would reboot. Once again check the Program Control list to see how ZA has defaulted any new-found programs. If all is in order, plug back into the Internet.
Well, this has gotten kind of long, so I'll shut up now. This has not been all-inclusive, but will give you some places to start to tighten up your security. I would suggest you spend the money and get the router in addition to all the above. The router acts as an additional firewall and provides an additional way to "stealth" your PC. Be sure it does NAT, SPI, etc. as the most common ones do.
If you have mistakenly had Internet Server checkmarks and open ports, it might be a good time to do full antimalware/antivirus scans of your complete system with your own products, and people often add second layer by occasionally doing an on-demand scan with free versions of Malwarebytes Antimalware, Superantispyware, online scans (at well-known trusted sites), etc. Just don't have two antivirus products running in realtime at the same time.
Hopefully some of this helps. Good luck!