Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 38

Thread: Some SmartDefense Advisor "Auto" settings kind of freak me out.

  1. #11
    jarvis Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.

    OT: Yes that's right, we use Beckman it's still around. We've got 9.1b which is the penultimate version and then their going to kill it off I believe. It's now owned by Thermo Labsystems and we're considering changing to one of their products.

    LIL is a PITA! WE all complain about it almost daily, the way it initialises variables with whatever happens to be in the memory at the time. Or the way database calls don't work sometimes but as soon as you display them to the screen, they start working. So you comment out your debug lines and they stop working again!

  2. #12
    zaswing Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.

    Still off topic
    We've trashed them in the early 90's. Just couldn't survive in a GMP/validated environment with the continuous bad patching of prehistoric, relics of the past, bad stuff in the first place. All problems in these forums combined cause less headache in my opinion X-(
    Back on topic, probably last long story, will try to be shorter next time
    (1) It's interesting that Ah-hA reports the same thing with EZ. They really are the same engines, I guess.
    (2) I have had my share of crashes in v6. And some in v5 as well but only recently and I no longer blame ZA (though still unsolved). Yes, I believe a crash can corrupt the important files open and in use. Yet there's something too neat about the alleged corruption. The settings come up, it's not like some message saying 'the file is shot, can't read it'. The settings just change. I made it a habit that every time I crash, I do the safe mode restart and start over with the files deleted. Still, few days later something may change without any prior crashing. (The change of ALL files occured on 12/4 in case some important event happened then that I know not of. That was still in v6.1). With all due respect to every wonderful Guru on this site, I think the solution is not really related to the problem. I use it only because I can't think of anything else to do.
    (3) One reason I use Auto and tweak the settings is the learning curve. When I messed something up early on in 6.013-the-terrible, tech support said to just let the Auto ride. I'm learning from it, reading very carefully the SmartDefense advisories, but without other sites such as the one Ah-hA mentioned, or answersthatwork.com task list, for instance, the going is rough.
    (4) Re your note to ZL: I'm glad you included RunDLL32.DLL. It is what caused panic on my part. And the SmartAdvisor says 'if you trust it...' as if I had a good basis to trust/distrust - what is it running????? - they, ZA, should be reporting the whole thread of events for me to be able to make such decisions.
    (5) I'm just a home computer user. Hardly understand what's going on which is why I'm here seeking advice, and therefore am very thankful to the Gurus for any wise thoughts I can get :8}

  3. #13
    zaswing Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.

    Slickrick - actually you can control v6 as well as v5. It's just that in v6 the list of programs is much, much longer because ZA includes every instance of every program including stupid installers and uninstallers sitting in the \temp directories (think about it - isn't it dumb to put uninstaller in windows\temp?), so you spend a lot of time deleting such trash. Many of them aren't even clearly named 'installer' but often some weird combination of characters. From my 2-3 months experience with v6, I felt that the control is actually better in v6 ... except when it changed everything

  4. #14
    slickrick Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.


    <BLOCKQUOTE><HR>zasuiteuser wrote:
    control is actually better in v6 ... except when it changed everything
    <HR></BLOCKQUOTE>

    The except is a big problem for me. When ZAP decides to ignore my settings, I do nothave control.

    I set v6 to block servers inbothzones in Advanced Settings, ignored.

    When I reset access and/or Serverto Ask rights, ZAP should ask.

    Explorer.exe; csrss.exe; rundll32.exe and spoolsv.exe given access to name a few.

    Services and Controller app; LSA Shell and Client Server Runtime Processgiven internet access and Trust default is Super. Why?

    Ah-ha's original post on 1-28-06 stated things very clearly.

    I have been using ZA since2000 starting with the Free Version, the longer Iuse it...the more disappointed I become.

    Some times doing one thing very well is enough. My need was for a very good software firewall....nothing else.



    <HR>



    ZoneAlarm Pro v5/v6/v5



    OS WinXP Pro Version 2002 SP2- Build 2600- Cable connection/ no Network

    AVG- Spyware Guard- Pest Patrol- AdAware- a squared- MRU Blaster- Spyware Blaster- Spybot-Stinger- (obsessive, you think?)


  5. #15
    ah_ha Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.

    Yo, Jarvis,

    < I'm sorry that this thread has lain un-noticed for so long... >

    No sweat! I thought the forum looked like it had a lot of traffic, so I was just a little surprised not to see at least one reply when I checked back the next day. You know... "Is this microphone on!" ;o)

    < It seems that the settings the SmartDefense gives out are to suit not only the majority >
    < but also some fringe users who don't want to be bothered by extra alerts... >

    Exactly! Except when the program settings all go green across the board and then you know there's just got to be something wrong... database corruption or something.

    Along those lines, I had a thought while I was reading other forum boards, that there may be some relationship between these vsmon/zlclient crashes some folks are experiencing, from time to time, and what is apparently a rash of database corruptions going around. But, that's another topic and it was just a thought. I don't have any kind of evidence to support that idea.

    < E.g. Firefox getting Internet Server permission: the reasoning behind this could be that if >
    < the user browses to a site that runs a plug-in media player, and the media player connects >
    < to a stream that uses broadcast or multicast, then server rights would be needed... >

    I hadn't thought of that, and your reasoning makes sense to me. Unfortunatey, I wouldn't be the best judge of whether or not that's the case. I think I understand enough about what you're saying that I may try some experimenting and see what happens.

    But, it seems to me that the very last time ZAP alerted me to a Firefox request, to accept a connection from the Internet, I was reading this forum. I didn't, as I recall, have any other tabs open in Firefox, but I might have. So, IMO, that kind of Firefox behavior is just freaky.

    < I have sent the following to Zonelabs and I'll paste back any reply I get:... >

    Cool. Thank you, Jarvis! I'll just wait along with the rest, and see what turns up.

    Is my question about finding some sort of direct support, from the SmartDefense Advisor team, unanswerable, at this time?

    My impression, after doing some looking around, is that Check Point Software Technologies LTD.//Zone Labs may very well consider the whole SmartDefense thing to be double-hush top secret proprietary stuff, because Check Point sells it as a service.

    http://www.checkpoint.com/defense/ad...2005/0106.html

    Cheers,
    Ah-hA

  6. #16
    ah_ha Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.

    Ooooh... good information.

    Thanks, Jarvis.

    Cheers,
    Ah-hA

  7. #17
    jarvis Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.

    For those who are seeing SmartDefense set things like Firefox to have Internet Server rights

    Please do the following:

    1. In ZA, go to Overview --> Preferences --> Backup, and save your database as an .XML file.

    2. Open the .XML file in Notepad or your favourite text editor and run a search for c:\Program Files\Firefox\mozilla.exe or whatever the program name you're concerned about. I've deliberately had you search for the full path to the program, because otherwise you will find other entries that represent auto-settings for other versions of the program and these have different checksums.

    E.g. I've searched for Opera and found this:
    <BLOCKQUOTE>[program path="C:\PROGRAM FILES\Opera\Opera.exe"
    action="add" checksum="0eb06379-545c1a39-ae1bc0d7-d9ba87d7" allowTrusted="allow"
    allowTrustedServer="disallow" allowInternet="allow"
    allowInternetServer="disallow" pathNameOnly="false" passLock="false" moduleCheck="true" privacy="true"
    ctflt="true" trustedParent="ask" enableOpenProcess="ask"
    skimpChecksum="fc94ab77-465f1267-52803013-3fb7c7fd"
    sendMailPermission="allow" omp="true"
    hideBeforeUse="false" isSystemFile="false"
    alertOnBlock="true" permSource="manual"
    desiredSource="manual" netAccessed="true" TTL="21600"
    appsec="AllowSD" programObservation="2147483648"]</BLOCKQUOTE>

    3. Copy and paste the skimpChecksum value as shown in bold above, and post it here along with the filename and version.

    E.g.
    Opera 8.51: skimpChecksum="fc94ab77-465f1267-52803013-3fb7c7fd"

    Personally I've not had problems with Opera, but I've just used it as an example as I don't have firefox to hand.

    I will email the guy I've contacted with these values and he will investigate why those programs were given the SmartDefense Auto settings that they were given.

    Thanks for your co-operation.

  8. #18
    zaswing Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.

    I just reread the instructions, having already run thru few files, so I'm not sure any of this is of any value - please delete it it is not. I have no idea what I'm looking at. All those multiple occurences and slightly varying paths seem odd to me. And transfers between xml, excel and then here don't make it look too pretty. I don't have utilities to extract such data, any suggestions?Current settings, v5 still, backed up today per instruction from Jarvis
    program path="C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE": skimpChecksum="859b0863-a6abd4d3-3588962e-83f63b30"
    program path="C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE": skimpChecksum="98a44f14-5fad1799-eb1b034a-346b0e97"
    program path="C:\WINDOWS\system32\rundll32.exe": skimpChecksum="e1c1e355-d40df048-81732902-a4a45093"
    program path="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" : skimpChecksum="849e85bc-64a95f5d-86be4451-e1972cb0"
    program path="C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE": skimpChecksum="59527f6c-8b2ae078-5d82a503-0be72cc6"
    While previously running under v6 - all in this list on and off would get server rights - I only have 2-3 setting files saved, this is from one file. I selected only the hits where UNTrusted server rights are in the XML file
    program path="C:\WINDOWS\system32\rundll32.exe": skimpChecksum="e1c1e355-d40df048-81732902-a4a45093"
    program path="C:\WINDOWS\system32\logonui.exe": skimpChecksum="dc2e0951-86822ca4-38fcd333-0fc7aaf1"
    program path="C:\WINDOWS\system32\alg.exe": skimpChecksum="10ec586e-10d2c2db-6444a8d9-0dfef16a"
    program path="C:\PROGRAM FILES\MESSENGER\msmsgs.exe": skimpChecksum="18b3ba28-c4c4f223-50c7c776-50bc5f1d"
    program path="C:\WINDOWS\system32\mshta.exe": skimpChecksum="4ed91ddb-c4608882-1a982551-0e2a95ba"
    program path="C:\WINDOWS\system32\rundll32.exe": skimpChecksum="e1c1e355-d40df048-81732902-a4a45093"
    program path="C:\WINDOWS\system32\logonui.exe": skimpChecksum="dc2e0951-86822ca4-38fcd333-0fc7aaf1"
    program path="C:\WINDOWS\system32\alg.exe": skimpChecksum="10ec586e-10d2c2db-6444a8d9-0dfef16a"
    program path="C:\PROGRAM FILES\MESSENGER\msmsgs.exe": skimpChecksum="18b3ba28-c4c4f223-50c7c776-50bc5f1d"
    program path="C:\WINDOWS\system32\mshta.exe": skimpChecksum="4ed91ddb-c4608882-1a982551-0e2a95ba"


    Message Edited by zasuiteuser on 01-31-2006 11:05 PM

    Edited 2/1 - I just deleted all lines where there was no path. Sorry. Jarvis &amp; Ah-hA, please realize that I'm learning as we go along - I didn't understand themeaning ofpath/no path.

    Message Edited by zasuiteuser on 02-01-2006 09:41 AM

  9. #19
    zaswing Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.


    <BLOCKQUOTE><HR>Slickrick wrote:


    AVG- Spyware Guard- Pest Patrol- AdAware- a squared- MRU Blaster- Spyware Blaster- Spybot-Stinger- (obsessive, you think?)


    <HR></BLOCKQUOTE>

    First of all, I agree with what you summarised. Regarding the checkers:

    Obsessive? yes an no. Scumware writers are doing everything to defeat us busy people. It's like an irrational arms race. But I don't run this sort of thing everyday. Every product misses some, so others can catch it. When I see WEIRD things occuring, that's when I do more scans. Otherwise, I think, ZA + PestPatrol is keeping things quite clean. Unless what we're seeing in this thread is an indicator of trouble ...

  10. #20
    slickrick Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.


    <BLOCKQUOTE>

    <HR>



    zasuiteuser wrote:

    First of all, I agree with what you summarised. Regarding the checkers:

    Obsessive? yes an no. Scumware writers are doing everything to defeat us busy people. It's like an irrational arms race. But I don't run this sort of thing everyday. Every product misses some, so others can catch it. When I see WEIRD things occuring, that's when I do more scans. Otherwise, I think, ZA + PestPatrol is keeping things quite clean. Unless what we're seeing in this thread is an indicator of trouble ...

    <HR></BLOCKQUOTE>

    I don't run them all everyday either. ZAP-Spyware Guard- AVG+ PestPatrol are always running.

    AdAware- a squared- - Spyware Blaster + Spybot are run when they are updated or as youput it"I see WEIRD things occuring".

    Stinger + MRU Blaster as need....along with a couple of others just to be sure.

Page 2 of 4 FirstFirst 1234 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •