I use ZA Security Suite with Vista Ultimate on Dell desktop PC. My ZASS is:
ZoneAlarm Security Suite version:7.1.248.000
Anti-virus engine version:3
Anti-virus signature DAT file version:951606287
Anti-spyware engine version:188.8.131.52
Anti-spyware signature DAT file version:01.200805.3945
For Program Control I have:Program Control=MaximumSmartDefense Advisor=ManualAutomatic Lock=Off
I have only a small number of programs configured to automatically allow internet access and only "Host Process for Windows Services" and one of the ZA ForceField programs (ISWLDR.dat) configured to
automatically allow server access to the internet.
I have recently noticed (there is a green dot against the program) that some programs that are configured to ask for permission to access the internet are accessing the internet without having asked for permission (examples would be Microsoft Windows Search Filter Host & Microsoft Windows Search Protocol Host). Presumably they are doing this by using a program that does have automatic permission - perhaps they are using Host Process for Windows Services?. If this is the mechanism I do not understand how ZA protects against this mechanism being misused by rogue program.
Is there some built in ZA protection that I have missed regarding the misuse of trusted programs by untrusted programs??
I do note that there is a setting "enable Advanced Program control" that would seem to overcome this issue but it is perplexing that the default ZA setting is without this facility enabled. Is there some built in ZA protection that I have missed regarding the misuse of trusted programs by untrusted programs??
activating "enable Advanced Program Control". However
generated a large number of alerts which
was very tiresome and
annoying. Also the DefenseAdvisor information for these alerts (labelled as part of the advanced settings)
was clearly questionable eg it recommended "Deny" for various ZA ForceField programs!!. Because of this I have reverted to the default setting of not enabling Advanced Program Control.
I am now left with the worrying issue of the misuse of trusted programs by untrusted programs to gain unauthorised access to the internet.
Any advice around this topic would be much appreciated.