Ever since the newest update, 6.5.722.000, ZA pops up with an alert about suspicious behavior trying to change Windrvrdir... when running a scan.No matter what permissions I gave, ZA with the newest update would not let it past HOSTS without my clicking the Allow button. Manually allowing it is obviously very inconvinient when running a scheduled AVG AV scan. After reading through the forums I found a solution. In the post "Ever since the major upgrade this week, I keep on getting this alert!," http://forum.zonelabs.org/zonelabs/b...essage.id=7955, I found the solution and decided to post it in case another user did a search using AVG in the parameter.Below is the solutionJarvis posted for a different programin that thread:___________________________________________ _________________________________There are now global OS firewall controls for some program actions, including "modifying"* the HOSTS file.

Go to Program Control --> Main --> Custom and click on the OS Firewall Tab. Change the setting for hosts file to something other than ASK.

If you choose X, then no program can modify the file, including those with Super permission. THis may not be what you want if you use programs that update your HOSTS with known bad sites.

Choose the green tick, and any program can modify it.

Choose "--" (program setting) and any program with a trust level of "Super" can modify it. This is probably the best choice if you do use the HOSTS for blocking bad sites.

* Why does Ewido want to modify it? Well, ewido checks the HOSTS to make sure that the domain it uses to get updates from is NOT in there. If it is there, it is removed to make sure the update file it retrieves is the genuine file, not something that unknown malware redirected it to, via HOSTS.

As soon as Ewido opens the HOSTS file (it must open it for Read/Write) ZA pops up its alert. So you get the alert even if Ewido doesn't actually change HOSTS, but it acts as though it might be going to. Basically if a program is allowed to get a Read/Write handle on a file, it's already too late to stop modifications by that program.


Kind regards,
Andy aka. Jarvis
--
Jarvis
__________________________________________________ ___________________________

I chose Program Setting, -- and now AVG will Scan unhindered.

Operating System:Windows XP Pro
Product Name:ZoneAlarm Pro
Software Version:6.5


Message Edited by Frankenputer on 06-26-2006 08:39 AM