Page 1 of 4 1234 LastLast
Results 1 to 10 of 38

Thread: Some SmartDefense Advisor "Auto" settings kind of freak me out.

  1. #1
    ah_ha Guest

    Default Some SmartDefense Advisor "Auto" settings kind of freak me out.

    I'm afraid that, in some cases, the SmartDefense Advisor "Auto" & "System" settings I'm seeing are just a little bit too... umh?... 'exciting' for me to handle. I'm not sure I'm ready for such 'interesting' Program Control setting.

    Here's a list of what I mean by that:

    Mozilla Firefox (firefox.exe) Given both Trusted & Internet Server permission?
    Mozilla Thunderbird (thunderbird.exe) Given both Trusted & Internet Server permission?
    Run a DLL as an App (rundll32.exe) Given Trusted & Internet Server, and Send Mail rights?
    Windows Explorer (explorer.exe) Given Send Mail permission?
    System Information (msinfo32.exe) Given Send Mail permission?
    Application Layer Gateway Service (alg.exe) Given Internet Server permission?

    Are there some sort of SmartDefense Advisor tech support documents that contain listings of programs for which the SmartDefense team has determined "Auto"/"System" access advice, and which contains reasonable justifications, for how and/or why that particular program's access advice was chosen?

    Exactly what I'm thinking about, in asking this question, is the way Uniblue (formerly LIUtilities (or, Sysinfo.org and other helpful folks, to numerous to list completely) have created extremely useful informational web pages, for Windows XP processes. In the case of Uniblue the info. listing is called "WinTasks Process Library."

    [http://www.liutilities.com/products/...ocesslibrary/]
    [http://www.sysinfo.org/startuplist.php?filter=&letter=]

    If something like the above exists, for SmartDefense Advisor programs access permissions settings, please give me a hint where to find it. If it doesn't exist... well, why not? IMO, for those of use who want/need to take some responsibility for figuring out safe but functional security settings, for ZA firewalls and such, the task at hand isn't likely to get easier any time soon.

    Anyway, for now, I couldn't handle the excitement so I've changed the above listed programs to the "Custom" setting "?" as in "Ask".

    If anyone has some idea about what the SmartDefense Advisor team may have been thinking, in granting the program permission I've noted in the above list, I'm all ears... ) in a manner of speaking. Socket to me... I mean, sock it to me... help me understand why the SmartDefense Advisor "Auto" and/or "System" settings for the above listed programs may be safe to accept.

    Cheers,
    Ah-hA

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro
    Software Version:6.0

  2. #2
    ah_ha Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.

    Humh,

    That's strange. No comments, suggestions, or flames?

    Cheers,
    Ah-hA

  3. #3
    zaswing Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.

    I think the gurus here are vary busy. Give'm time.I'm interested in this one as well.In addition to your items, I have seen them change, for instance, just the other day Outlook got permission to do everything. I posted a msg in the Mail section, but see no answers as yet.Several weeks back, ALL my programs had green checkmarks all across the board, even though many were already customized by me to X or ? Theyyjust changed, all by themselves. Multiple scans by various products showed no viruses, worms, or any other such trash.This is puzzling.Most programs do NOT need server permission. There are 2-3 exceptions. That's all.

  4. #4
    slickrick Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.

    I am waiting to hear the answers to this post as well. I haven't had any success in finding information on line as to why some of these programs and processes are given rights either.In fact , until I do I'm staying with ZAP ver 5.5.094! At least I can control this one.

  5. #5
    ah_ha Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.

    Oh! Ok... Thanks zasuiteuser! Ha! I had to look at your 'name' twice to make sure I wasn't seeing things. Honestly, I was grumbling to myself about having to type such a 'name.' Cool! It's easy.

    As a forum newbie I'm not familiar with the dynamics & undercurrents (if there are any) so I thought may be I had managed to post a hot-button topic that no one wanted to touch.

    < Several weeks back, ALL my programs had green checkmarks... ...puzzling.

    Yikes! That happened to me, too! On my Dad's desktop computer and my Mom's laptop computer... both on the same day. It was freaky! I'm their reluctant system administrator if you know what I mean, because for one reason it's a 3 hour drive to their house.

    They have RoadRunner broadband service and Dad already had the provided CA eTrust EZ Armor stuff installed on his desktop. He's learned a lot in the last few years... spends so much time with his Quicken program he had to buy Mom a laptop so she could shop! I was there installing the wireless networking and CA security stuff on my Mom's laptop. I had to check out the CA security stuff, to become familiar with it, because I don't have it. As far as I could tell the EZ Firewall is just ZAP, in disguise. I didn't agree with some of the "Auto" permissions I saw for some programs and changed them to what I thought they ought to be which changed those programs to "Custom."

    That done I moved on to the new laptop. I piddled around with various laptop configurations/settings, checked all her programs were working, and generally tryied to make it a little easier for Mom to learn and use the laptop. Along those line, I set up the EZ firewall to minimize pop-ups, so the program advisor was enabled. At the time, I wasn't using the "Auto" setting with the ZAP installation on my computer. But, I didn't want to get daily telephone calls from my parents. So, I didn't agree the "Auto" settings I was seeing on some programs and changed them to what I thought they ought to be which changed those programs to "Custom."

    The next morning I was re-checking my work on the laptop. I looked at the firewall Control Center programs list and every single program had big green checkmarks all across the board! Even my "Custom" settings had been changed! I was completely stunned. I ran into my Dad's office to look at his computer and it was the same way! Astonishing!

    To this day I still don't know (for sure) what happened. I took the easy way out... downloaded fresh versions of the security suite onto both computers, shut down broadband, disabled all security apps, uninstalled the suite, cleaned up the orphans, re-installed. EZ Armor hasn't been an issue or a problem since. Seems to me that EZ Firewall was a later version 5, at the time. I know for certain that at that time the CA EZ Firewall version releases where lagging behind the ZL ZAP version releases, because I compared the two. That was... let me see... April or May of 2005.

    Anyway, knowing what I've learned reading this forum for less than a week, I suspect I may have been able to more quickly fix the issue/problem, by using the database clearing procedure, on the files in the "Internet Logs" folder. At least, I think, that would have been a good, fast, first thing to try. Oh well, live and learn.

    Cheers,
    Ah-hA

  6. #6
    ah_ha Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.

    Well, welcome aboard Slickrick. We'll all just wait this out no matter how long it takes!

    You know, sticking with a version that's working for you (or, at least working better) is a good idea, IMO.

    Honestly, I've had to back up to previous versions of ZAP on more than one occassion. I always keep product downloads going several versions back. I don't delete one until I'm sure I won't need it.

    As I mentioned to zasuiteuser, using the "Auto" SmartDefense Advisor thing isn't new to me, but I've personally been using the "Manual" setting ever since this feature was added. Now, I've decided to give the "Auto" setting a try and having done so I can't help but think about what's going on.

    That's a double-edged sword, because thinking about it more raises more questions. Like y'all expressed... I've looked high and low over many hours and haven't found much. Joined this forum to see if I could get some help with that.

    Heck, I'm still trying to get the forum preferences setup with Firefox browser, so it doesn't drive me crazy. Stuff doesn't seem to work right. I may have to switch over to IE6 for this. Argh!

    I'm wishing us all some luck!

    Cheers,
    Ah-hA

  7. #7
    jarvis Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.

    Hi,

    I'm sorry that this thread has lain un-noticed for so long. I myself have seen the same behavior from SmartDefense Advisor in the past and have notified Zonelabs accordingly. It seems that the settings the SmartDefense gives out are to suit not only the majority but also some fringe users who don't want to be bothered by extra alerts. E.g. Firefox getting Internet Server permission: the reasoning behind this could be that if the user browses to a site that runs a plug-in media player, and the media player connects to a stream that uses broadcast or multicast, then server rights would be needed. An alternative would be to only grant Trusted zone server rights and then have the user enter the streaming site into their trusted zone. Or, the Internet server rights could be ASK by default.

    I have sent the following to Zonelabs and I'll paste back any reply I get:
    <blockquote>Hi

    There are some worried people on the user forum, because when they've left the SmartDefense Advisor on the Auto setting, it has given a few programs internet server rights:

    http://forum.zonelabs.org/zonelabs/b...7357&jump=true

    [quote]
    Mozilla Firefox (firefox.exe) Given both Trusted & Internet Server permission?
    Mozilla Thunderbird (thunderbird.exe) Given both Trusted & Internet Server permission?
    Run a DLL as an App (rundll32.exe) Given Trusted & Internet Server, and Send Mail rights?
    Windows Explorer (explorer.exe) Given Send Mail permission?
    System Information (msinfo32.exe) Given Send Mail permission?
    Application Layer Gateway Service (alg.exe) Given Internet Server permission?
    [unquote]

    I'm not too concerned about Firefox - it probably doesn't need internet server permission generally, but if a web-page plug-in is playing streaming media, it might be required.

    However, I would strongly suggest setting Internet Server permission to ASK or DENY for firefox.

    Surely Thunderbird would not need any server rights, being an email client?

    Now onto the things that concern me more: RunDLL32.exe tends to be running constantly on many systems and you never know exactly which DLL it is running. It could surely be used by malware to get through the firewall, so I would strongly suggest that Internet Server permission be on ASK or DENY for RunDLL32.exe

    Please could you consider using more conservative settings for SmartDefense Advisor.

    Thanks

    Andy a.k.a. Jarvis

    Team Z Member</blockquote>

  8. #8
    zaswing Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.

    Guru Jarvis, thanks a lot. I don't think the first message languished all that long, really And what is team Z?I see two issues,
    (1) Auto permissions too lenient, and you covered it well, thanks.
    (2) Surprise changes are more disturbing to me because then ZA requires constant babysitting. In chronological sequence, the major ones I've seen
    &gt;&gt; under v6 - the latest one (6.1...) - RunDLL, IE, Word, Outlook, some Remote access DLL, few others got server rights. Some of them were already Custom (deny), some Auto or System where it said 'don't change, it's system file'
    &gt;&gt; under v6 - one day ALL programs (100+) got ALL green checks. I reverted to v5.5.094 where nothing like that ever happened before
    &gt;&gt; under v5 - ouch!! just the other day Outlook got green checks all across the board.Recently I saw a file I don't recall seeing before. Filename is something like programPermissions.XML dated Oct/2005. Considering how many times I installed and reinstalled ZA, this file seems out of date, but is next to impossible to wade through.Tossing, in safe mode, those RDB and MDB (I'm at work, don't recall exact names) is not a permanent solution.
    Numerous clean installs (including beta), safe mode cleanup of temp drives and registry are not a permanent solution.My worry is that something mean, some pest, is defeating ZoneAlarm, laughing about it, and hasn't been detected by anything.Ido not access my computer from another computer.
    I do not do peer-to-peer, instant messaging
    I do not open mail or click on links inside ANY mail that I don't recognize the sender.System is XP-home SP2, Office 2003 Professional, ZAsuite v5/v6/v5, heading back to v6 soon. Linksys router. DSL connection.
    PestPatrol(corporate) running all the time when ZA v5 runs, otherwise no PP, since v6 has a pest scan.
    On demand: Lavasoft Ad-aware, Spybot S&amp;D, A-square, ewido, Stinger - all in safe mode and/or normal mode. Rarely anything comes up, MRU list and few tracking cookies is about it.

    Message Edited by zasuiteuser on 01-30-2006 11:03 AM

  9. #9
    jarvis Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.

    For the "surprise changes" it sounds like corruption of the database, but the question of course is how/why did it occur?

    There is a safeprograms.xml file and also OSFirewallRules.xml residing in C:\Windows\System32\Zonelabs I believe.

    The purpose of these is to allow Zonealarm to configure programs before internet access is available. E.g. Generic Host Process would need to be given access rights before ZA would be able to contact the smartdefense server. And explorer.exe would have to have "Trusted" to be able to launch other programs - ZA sees these programs launch at bootup and needs to know to allow them these actions.

    While ZA is running, it is not possible for another program to modify these files. But if it is not running, the possibility exists. Also, if the SmartDefense recommended setup for one of these programs is changed, ZA will update the settings in Program Control, but not in the .XML file (I think). So, if SmartDefense fails, the XML file is used and the setup contained in there may not reflect the current recommended setup.

    I have not experimented myself, but I would hope that if you did manage to edit one of the .XML files (with ZA not running) it would detect that the checksum of the file had changed and not trust it. If that is not the case, then it should be!

  10. #10
    zaswing Guest

    Default Re: Some SmartDefense Advisor "Auto" settings kind of freak me out.

    Ok. Please don't abandon this thread too soon. You gave lots of food for thought and looking. I'll do some checks as well. If you learn/discover anything new, please update us :8}Off topic
    re LIL in profile - old Beckman LIMS still around, eh?

Page 1 of 4 1234 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •