Page 3 of 3 FirstFirst 123
Results 21 to 27 of 27

Thread: Program Control Problem

  1. #21
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Program Control Problem

    The alerts are to found in the ZA logs of the Log Viewer, if you do not remember the exact alerts. The deatils are in the lower pane.

    Trust levels is well described in the ZA Help (open the ZA and press the F1 key).
    Look for "Trust Levels" in the Index and select Display.

    Fax is correct and the Advanced Program Control & Application Interaction Control should not be confused with the previous statements of...

    ""This program may use other programs to access the Internet"

    Allows the selected program to use other programs to access the Internet.
    I would imaging this simplies a lot of "user"control for the inter-process realtionshoips needed for internet control (such as ping.exe for example).

    "Allow Application Interaction"

    Allows the selected program to use OpenProcess and CreateProcess functions on your computer. I generally apply this myself to the individual antivirus scanner applications (for less restrictions) and for certain window application (ctfmon.exe for example) and for the main browser ( I let my browser use certain other applications such the wmp, adobe reader, irfanview, window components, etc).

    Nor with the fact that I myself is disuse the Defense Advisor and prefer my own custom configurations.

    Oldsod.
    Best regards.
    oldsod

  2. #22

    Default Re: Program Control Problem


    <blockquote><hr>Oldsod wrote:
    The alerts are to found in the ZA logs of the Log Viewer, if you do not remember the exact alerts. The deatils are in the lower pane.

    <hr></blockquote>Where do I find the Log Viewer??

    <blockquote><hr>Oldsod wrote:

    Trust levels is well described in the ZA Help (open the ZA and press the F1 key).
    Look for &quot;Trust Levels&quot; in the Index and select Display.

    <hr></blockquote>Still confused!!! For example:
    2 bars= Trusted Access:<div class="pCellBody">Trusted access. Trusted Programs can perform suspicious actions without seeking permission, but unknown programs must ask for permission.
    How can a trusted program be an unknown program??
    <blockquote><hr>Oldsod wrote:
    If the ZA was finisihed with it's self configuration (after the training period was completed) and the Program Control slider was set to High and the all of the Program Control options were enabled, then yes the ping.exe would be prevented from making the outbound connection.
    But if the ping.exe was allowed during the training period of the ZA, then no. it would not be stopped. The ZA was allowing the ping.exe in it's training period, by the ZA alert and user app[roved, then it will allow the ping.exe access even after the training period.

    <hr></blockquote>When you say &quot;all the Program Control options were enabled&quot; which do you mean?? Do you include Advanced Program Control &amp; Application Interaction Control?? I thought that Fax had advised that the default ZA settings meant that a rogue progeam could not misuse a trusted program ie even if Advanced Program Control &amp; Application Interaction Control were not enabled??
    Again, thanks for your help.


  3. #23
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Program Control Problem

    Look in the Alerts and Logs of the ZA.

    They aren't. Unknown porgram is one not yet seen or not found in the ZA databas eand a trusted program is one that has been seen and set accordingly.

    Oldsod.
    Best regards.
    oldsod

  4. #24

    Default Re: Program Control Problem

    The words I quoted are from the ZA Help files, viz:
    <div class="pCellBody">&quot;Trusted access. Trusted Programs can perform suspicious actions without seeking permission, but unknown programs must ask for permission.&quot;<div class="pCellBody">
    <div class="pCellBody">I do not understand what this means. Can you translate??<div class="pCellBody">
    <div class="pCellBody"><blockquote><hr>Oldsod wrote:
    If the ZA was finisihed with it's self configuration (after the training period was completed) and the Program Control slider was set to High and the all of the Program Control options were enabled, then yes the ping.exe would be prevented from making the outbound connection.
    But if the ping.exe was allowed during the training period of the ZA, then no. it would not be stopped. The ZA was allowing the ping.exe in it's training period, by the ZA alert and user app[roved, then it will allow the ping.exe access even after the training period.

    <hr></blockquote>When you say &quot;all the Program Control options were enabled&quot; which do you mean?? Do you include Advanced Program Control &amp; Application Interaction Control?? I thought that Fax had advised that the default ZA settings meant that a rogue progeam could not misuse a trusted program ie even if Advanced Program Control &amp; Application Interaction Control were not enabled??
    Again, thanks for your help.

  5. #25
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Program Control Problem

    Which part? the suspicious activity or the unknown program?

    Oldsod.
    Best regards.
    oldsod

  6. #26

    Default Re: Program Control Problem

    The words I quoted are from the ZA Help files, viz:
    <div class="pCellBody">&quot;Trusted access. Trusted Programs can perform suspicious actions without seeking permission, but unknown programs must ask for permission.&quot;<div class="pCellBody">
    <div class="pCellBody">I do not understand what this means. Can you translate??<div class="pCellBody">
    <div class="pCellBody">This implies (to me) that somehow an unknown program is given trusted status which seems a contradiction in terms!! What does this description of Trusted mean, in particular as it applies to unknown programs????<div class="pCellBody">
    <div class="pCellBody"><blockquote><hr>Oldsod wrote:
    If the ZA was finisihed with it's self configuration (after the training period was completed) and the Program Control slider was set to High and the all of the Program Control options were enabled, then yes the ping.exe would be prevented from making the outbound connection.
    But if the ping.exe was allowed during the training period of the ZA, then no. it would not be stopped. The ZA was allowing the ping.exe in it's training period, by the ZA alert and user app[roved, then it will allow the ping.exe access even after the training period.

    <hr></blockquote>When you say &quot;all the Program Control options were enabled&quot; which do you mean?? Do you include Advanced Program Control &amp; Application Interaction Control?? I thought that Fax had advised that the default ZA settings meant that a rogue progeam could not misuse a trusted program ie even if Advanced Program Control &amp; Application Interaction Control were not enabled??
    Again, thanks for your help.05-26-2008 09:34 AM


  7. #27
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Program Control Problem

    No where was it said unknown program are given trusted status.
    How this conclusion is reached, is impossible to understand.

    Without the advanced features the cannot misuse a trusted application.

    Even in the example given, in the ZA "fresh installed" and basic default settings, the unwanted application is prevented from network access.

    http://forum.zonelabs.org/zonelabs/b...ssage.id=18592

    this has no "Advanced Program Control & Application Interaction Control" enabled and the ZA is still in the learning mode.

    Oldsod.
    Best regards.
    oldsod

Page 3 of 3 FirstFirst 123

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •