Results 1 to 10 of 13

Thread: Tweeking (still) Programs Settings

Hybrid View

  1. #1
    kathym Guest

    Default Tweeking (still) Programs Settings

    Hello again Oldsod and forum,
    I am still tweeking my Programs permissions and have a few more questions. I have just used some programs and 'new' browsers since my new install of ZoneAlarm Pro.. but it wasn't until today that I noticed Netscape, Opera and Firefox had established themselves automatically with Full Server permission (trusted and internet server). Are these Zone Alarm's defaults for "Auto" settings?
    I have set these to disallow any server rights, but am curious to know if this should be a red flag - or a typical experience as Zone Alarm user.
    Additionally, MSN and Windows Messenger had Server access... Windows Messenger had green checks across the board. I can't imagine this is the automatic that Zone Alarm recommends. I have disabled server access. I never use Windows messenger. I only used the afore mentioned browsers to view a web project in different browsers.
    My PC is running fine,
    I mostly ask as I am trying to determine if from my recent experience with exploit-byte.verify if my PC is really rid of any malware, and if any of what I mention should cause me concern.
    One more... my Mouse Control Center is listed in Programs... it currently displays a row of question marks across the board. What are the recommended settings for this (em_exec.exe)?
    Thank you very much,Kathy

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Tweeking (still) Programs Settings

    Hi Kathy

    Once you get more accustomed to the networking and internet and the ways of the ZA, then the Smart Defense Advisor and the Automatic settings of the ZA/ZL is not so important.

    Okay if the browsers have Server for the Internet - this only needed if uploading files to servers or navigating into the router. Other than that, the Internet server is not needed. The Trusted Server is very much needed for browsers - to allow the server on the localhost (both 127.0.0.1 and 0.0.0.0) and to the dns servers (which are in the trusted zone).

    The IMs such as MSN and Windows Messengers will need not only the Trusted server (same as the browsers described above) but also the Internet Server. To allow incoming connections from the messenger servers. The Internet Server can be set to Ask (blue question mark) instead of the Allow (green check) for the messengers, thus giving you a little more control as to when and where these inbound connections are established.

    The exploit-byte.verify should be cleaned if the antivirus has no detections in it's scans.
    I would suggest to do an online scan for a second opinion (or third for that matter). Use the Internet Explorer (these will need and install activeX), allow all in the Privacy and set the ActiveX install in the OSFirewall tab to Ask.

    Then try something like:

    http://www.b i t d e f e n d e r.com/scan8/ie.html

    [sorry for the spacing, but the forum filters cause interferance. just copy and paste in the address bar and removes spaces before entering]

    and

    http://www.ewido.net/en/onlinescan/

    Mouse control (em_exec.exe) hmm....
    Ok. The ZA does control not only the application directly involved in the network/internet accesses, but also the parent processes that cause the child processes to connect to the network/internet. Thus if opening a browser, the winlogon.exe, explorer.exe and the userinit.exe and probably the svchost.exe are all considered to be processes acting as a "parent" to be the cause of the individual browser to attempt connections.
    Since the browser is acted upon by the those other external processes, the browser is considered to be a child (not the process in control).

    [Further explaination....You clicked the browser icon or the entry in the menu for example, thus it is explorer.exe (explorer shell) acting as a parent process; the browser is started up, thus it is winlogon.exe acting as a parent process; and it is done through the user account/gui, thus it is userinit.exe acting as a parent process. All three processes will be in the Logs accessing the site(s) the browser itself accessed.

    This is done this way in the ZA to provide the layer of protection required from malware from attempting to act as a parent to open child processes such as IM. browsers, email clients, updaters, or even individual windows processes to connect to the network/internet.

    Some typical examples of malware attempts would be (when you are not installing or updating) a file in some Temp folder is trying to use the explore.exe or iexplore.exe to access the internet. Or maybe access the internet itself.
    Or in the exploit-byte.verify situation, some file in the java cache is trying to access the internet or act as a parent to some windows process/application to access the internet or the iexplore.exe is suddenly attempting internet access.

    Bear with me I getting closer to the point!]

    Okay the point is ...the mouse may well be seen as a parent process by the ZA and if the mouse, for example opened a browser by clicking an
    browser icon, then it's network/connection attempts would have to be allowed and it will be logged. Exactly the very same as the browser itslef would be logged or have it's alerts.
    I have the same issue with the MS keyboard - the itype.exe is seen as a parent process when I use the browser's shortcut key of the keyboard. The ZA logs the connections and the itype.exe does need to have the correct accesses and servers as for the browser. I actually set the expert rules up not to log the itype.exe or do alerts, just to reduce the noise and keep my sanity (well what is left of it, anyways).



    Netscape browser - still using it? It is phased out and will no longer be updated.

    Cheers, Oldsod.

    Message Edited by Oldsod on 03-17-2008 07:41 PM
    Best regards.
    oldsod

  3. #3
    kathym Guest

    Default Re: Tweeking (still) Programs Settings

    Hi again Oldsod,
    I am still chewing on your previous informative posts and haven't done all of my learning/homework.
    I realize that you put
    your time into these replies. For me there are certain
    mental firewalls (ha)
    that time perhaps has worked against me on.
    I think it is likely that as I go along - I may do another clean install of Zone Alarm - to get off to a better start with my Programs list. And then I am going to take advantage of some features that you mentioned... like backing up settings.
    Here is one of those mental-block questions. You explained just prior about IMs/Windows Messenger. I know different folks out there use their computers in different ways. So, I'll just mention here - I never ever use Messaging, Instant Messaging, Chatrooms etc. Does Windows Messenger/IMs have another functional reason (tied to Windows needing it) that I am oblivious to? Otherwise, I would 'kill' it... as no messaging should be coming from this PC
    (except email and forums).
    If I set my OSF firewall to disallow changes, as noted in your earlier screen capture... such as changes to StartUp Programs, how does this affect my initiating those changes, or trusted McAfee, Windows Updates
    or my wishing to remove a program from the StartUp menu? Do I need to change OSF back to allow to make or allow desired modifications/updates?
    Oldsod, I'm going to have more questions... but I will try to do my homework first.
    Re: Netscape... I don't really use it, I just was trying to make sure that a website displayed properly in Netscape, Opera, Firefox... as well as IE.
    (I didn't know it was being phased out) My background is print design... and I now do some web work... but it is a love/hate relationship and learning curve with the technology, browsers, and things like... How is it going to look/function with Javascript off? etc.
    I find various tips, tutorials, gizmos, tools, converters, related to what I do and try to be careful out there
    Thank you,Kathy

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Tweeking (still) Programs Settings

    Mental firewall? Nah. No real reason to have messenger on the PC, other than the oblivious reasons LOL (spam, phone home, security threat, etc).

    How to disable windows messenger (do first):

    http://www.pchell.com/support/removemessenger.shtml

    skip the instructions at the pchell for removing the windows messenger. Instead use this, the better way:

    http://www.computerlynx.net/remove_messenger.htm

    Note: the sysco.inf method can be used to unstall/install other things such as fax or smtp. Just leave the others alone and do the windows messenger removal.

    The OSFirewall tab concerning startups. The previous startups should be allowed and just any new startups will be stopped (if red X'ed) or it will Ask (if blue question mark is used). But personal experience says this is not so and occasionally something previously allowed can be stopped from starting up with windows. So the best choice is still the Ask and the security is intact and remains high. I would use this in the event something stopped working properly (McAfee resident scanner, etc), but it should not affect window updates (updates do not run with window's startups).

    BUT if doing some immensely intense windows update like updating the internet explore or such, I would recommend to turn off the ZA, then do the "intricate" windows update and do the reboot. With the ZA starting with the windows startup. You would not believe how many users had diffculties with the Internet Explorer upgrade to version 7 just because the ZA clamped down on some of the upgrade processes involved during the update/installation.

    BTW, the startups are controlled in the ZA by controlling certain Run keys in the registry and the Startup folder itself. If is it set to the Red X and some new event happens (new installation or you have activiated a previously dormant application to start with windows), then it would be better to have the Program Control slider set to Medium for "learning" the newer routine or perhaps just set the OSFirewall's Startup entry to Ask.

    Checking sites/graphics with browsers....lets see Internet Explorer is Trident based, Opera is Presto based (will change to a new engine with the finalization of the present beta Kestrel), Firefox is Gecko (this will change with the finalization of the present beta, something called Gran Paradiso), Safari is KHTML based (I think, maybe that is wrong). Must be at least 100 different browsers out there now and yet more will come. How do you manage to keep up????

    Oldsod.

    Message Edited by Oldsod on 03-17-2008 09:32 PM
    Best regards.
    oldsod

  5. #5
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Tweeking (still) Programs Settings

    " I think it is likely that as I go along - I may do another clean install of Zone Alarm - to get off to a better start with my Programs list. And then I am going to take advantage of some features that you mentioned... like backing up settings."

    No need to go through the uninstall and re-install procedure to clean up the ZA. Just do this instead:
    [*]Boot your computer into the Safe Mode[*]Navigate to the c:\windows\internet logs folder[*]Delete the backup.rdb, iamdb.rdb, *.ldb and the tvDebug files in the folder[*]Clean the Recycle Bin[*]Reboot into the normal mode[*]ZA will be just like new with no previous settings or data

    Or you are if in a hurry or a in panic, then do this with the ZA latest release:

    1.) Hold down the Ctrl and Shift keys together
    2.) Right click on the ZA icon near your clock in the system tray lower right corner
    3.) Choose 'Reset' from the box that comes up
    4.) Choose Yes on the Reset Settings dialog box
    5.) When prompted, choose OK to restart your system
    6.) Follow the on screen configuration prompts after reboot

    This second method will delete only the iamdb.rdb and the backup.rdb files (the files will be recreated by the ZA on the windows bootup or restart, but empty).

    Note: If the ZA is messed up and has developed bugs, then do not use a recent backup for restoration after cleaning the ZA database (or else the most recent backup could contain the same bugs and the problem(s) will still exist).

    Oldsod
    Best regards.
    oldsod

  6. #6
    kathym Guest

    Default Re: Tweeking (still) Programs Settings

    Hi Oldsod,
    I just noticed an item I want to ask you about.As of the past hour or so, Java is showing up as an icon in the upper right corner of my Programs panel. Upon first over-reacting I started to change the permissions for all the Java entries, and then I realized it's icon is the same as Java Scheduler... so I assumed it was checking for updates, even though it didn't ask me. However when I checked out the Java control panel, it is set to check for updates on Sundays at 12 am.Meanwhile - as I downgraded Java's permissions - it still displays its icon in the top right tray. I wasn't visiting any sites, etc that called for it.Then I opened up Task Manager to see what was running and under Applications tab was something I have never seen... a little folder with "si" and application next to it.
    I have no idea what this could be. I selected "end task".I don't typically keep Task Manager open - but reopened it awhile later to see another folder displayed under applications this folder was labeled "application data" - status "running".Currently I'm doing a full system virus scan. My PC is running fine. It is just the unknown that I is alarming me.
    Do you have any explanation for the above?
    Thanks,Kathy

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •