Results 1 to 2 of 2

Thread: i have a query regarding Zone alarm program settings? Pls...

  1. #1
    babanath Guest

    Default i have a query regarding Zone alarm program settings? Pls...

    i have a query regarding Zone alarm program settings?
    Pls suggest program settings[trusted level markings ,trusted & internet access
    , trusted & internet server check marks] for
    msswchx.exe, imapi.exe, Lsass.exe, MPM.exe, services.exe, spoolsv.exe, userinit.exe, winlogon.exe,osk.exe, explorer.exe,iexplorer.exe, smss.exe, svchost.exe .
    As im facing problems while using internet explorer, at first it asked my permission for windows explorer i selected allowed, the same i selected for internet explorer. When zone alarm is shudown internet explorer works fine & when its ON it doesnt load the pages. One more thing i always see a green round active button beside generic host proces svchost.exe why is it showing always?
    Quick help will b very much appreciated.

    Operating System:Windows XP Pro
    Software Version:8.0
    Product Name:ZoneAlarm Pro

  2. #2
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,466

    Default Re: i have a query regarding Zone alarm program settings? Pls...

    1.) NOTE: Make sure all of the following Programs have Trusted and Internet access (2 Green Check Marks):a.) All Microsoft and Windows Programs have Green Check marks for Trusted and Internet Access..b.) Generic Host Process for win32 Services (svchost.exe) also allow Trusted Server Rights c.) IE Crash Detectiond.) Internet Explorer or FireFoxe.) Malicious Software Removal Toolf.) True Vector Service (If it is listed)g.) Zone Alarm Clienth.) Zone Alarm Updating Clienti.) Your Email Client needs Trusted, Internet accessand Send Mail all need Green check Marks..
    --------------------------------------------------------
    2.) svchost.exe question..Here is an Excelent explanation by Guru Oldsod;Normally the minimum connections made by svchost.exe is basically for outgoing/receiving incoming connections from and to the correct DHCP and DNS servers.
    These DHCP and DNS connections demand that the DHCP and DNS server IPs should be placed as Trusted in the Zones of the Firewall and only the Trusted Server rights (allows an open port to the Trusted IPs) should be given to the svchost.exe (never the Internet Server, unless something very special is being done).
    These connections will be seen as any local port to/from the remote port 53 by UDP of the DNS server(s, ) and using local port 68 to/from the remote port 67 of the DHCP server by UDP.
    Thus the svchsot.exe needs not just Trusted Access to the DHCP and DNS, but also the Trusted Server rights.

    The svchost.exe performs various connections of the loopback (127.0.0.1) and the non routeable (0.0.0.0) both outgoing (Access) and incoming (Server). The loopback address is normally set to be in the Trusted Zone, thus the Trusted access and Trusted server is required for the svchost.exe.
    There will be a specific ZA alert for the svchost.exe requiring server rights to the 0.0.0.0 port 135, specificing this is internet and this should be allowed; however this is not a specific internet connection, but actually a simple local area network connection although conducted only internally within the windows.
    Most people have certain services/daemons snabled in windows which warrant this needed connection for windows; disabling certain services/daemons will cease the connection (and thus the following ZA alert).
    The 0.0.0.0 connections is used internally for the windows operations and for connecting to the DHCP server and various other Local Area Networked devices. The 0.0.0.0 is generally required in VPN arrangements and I suppose this is why the ZA "sees" any 0.0.0.0 connections/servers as Internet not instead as Trusted.
    (also certain dls and dialup connections which involve no hardware firewall could be setting the single computer up as a node of the provider's subnet and consequently becoming part of the network with other unknown clients of that subnet of the provider. This is something not wanted or required, and any connection to servers/IP other than the correct dhcp and dns of the provider can be safely blocked or denied).

    The svchost.exe is the main component required for the windows time updating and these will be seen as UDP connections to/from the remote port 123 of the Time servers.

    The svchost.exe is often doing many various local area network connections using netBIOS, MS dcom, UPnP, SSDP, etc.

    And for the window files such as explorer, internet explorer, etc the svchost.exe will be seen as performing http (port 80) and https (port 443) connections along with these window's internet/networking capable components.

    Oldsod.
    ====================--------------------------------------------------------
    ZoneAlarm Security Suite version:8.0.059.000
    TrueVector version:8.0.059.000
    Driver version:8.0.059.000
    Anti-virus engine version:6.0.2.678
    Anti-virus signature DAT file version:975985973
    Anti-spyware engine version:5.0.202.0
    Anti-spyware signature DAT file version:01.200901.5135
    AntiSpam version:5.0.61.9957
    -------------------------------------------------
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •