Results 1 to 10 of 20

Thread: Settings for Windows programs

Hybrid View

  1. #1

    Default Settings for Windows programs

    Using Vista Ultimate with Zone Alarm Security Suite:ZoneAlarm Security Suite version:8.0.400.020
    TrueVector version:8.0.400.020
    Driver version:8.0.400.020
    Anti-virus engine version:6.0.2.678
    Anti-virus signature DAT file version:987462740
    Anti-spyware engine version:5.0.209.0
    Anti-spyware signature DAT file version:01.200906.6165
    AntiSpam version:6.0.0.1429
    Fax - your settings for C:\Windows\System32\svchost.exe must be different from mine (see your post: http://forum.zonelabs.org/zonelabs/b...ssage.id=10302) because you used AutoLearn for 21 days. I did not use AutoLearn so my settings for svchost.exe are just ZASS defaults. I did not use AutoLearn as this seemed to create a 21 day vulnerability.
    I have 3 other Windows programs:C:\Windows\System32\lsass.exe [Local Security Authority Process]C:\Windows\System32\services.exe [Services and Controller app]C:\Windows\System32\spoolsv.exe [Spooler Subsystem App]
    that keep asking permission to "act as a server".
    The default ZASS permissions for these programs are:
    C:\Windows\System32\lsass.exeDefenseAdvisor = SystemTrust Level
    = |||Access Trusted = yes ; Access Internet = yesServer Trusted = ? ; Server Internet = ?Send Mail = ?
    C:\Windows\System32\services.exeDefenseAdvisor = SystemTrust Level
    = |||Access Trusted = yes ; Access Internet = yesServer Trusted =
    yes ; Server Internet = ?Send Mail = yes
    C:\Windows\System32\spoolsv.exeDefenseAdvisor = SystemTrust Level
    = |||Access Trusted = yes ; Access Internet = yesServer Trusted =
    yes ; Server Internet = ?Send Mail = no
    I would be grateful if you could advise your program permissions for these 3 programs. Also do you use Vista??
    Many thanks for your help.


  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Settings for Windows programs

    Hi!Are you on SP2 or still on SP1? --------------------------------------File name C:\Windows\System32\services.exe
    Version 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Trust level =?All green checkmarks except mail.File name C:\Windows\System32\lsass.exe
    Last policy update Not applicable
    Version 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Trust level=SuperAll green checkmarks except mail.File name C:\Windows\System32\spoolsv.exe
    Version 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Trust level=Super All green checkmarks except mail.-----------------------------------<BLOCKQUOTE><HR>dogdog wrote:
    I did not use AutoLearn as this seemed to create a 21 day vulnerability. <HR></BLOCKQUOTE>Free not to use it. If you have installed the system on a trusted/clean PC then the risk is minimal since antivirus/antispyware are active and known malware blocked. It is a very useful way to adapt ZA to your PC like a dress made just for your size.
    <BLOCKQUOTE><HR>that keep asking permission to "act as a server". <HR></BLOCKQUOTE>

    Are younot ticking on "remember this settings"? Otherwise it is not normal.Cheers,Fax

    Message Edited by fax on 06-27-2009 07:00 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3

    Default Re: Settings for Windows programs

    I am Vista Ultimate SP2 - are you the same??
    My file names and versions are the same as yours. My automatic settings for services.exe are Trusted=Super. Interesting that there should be this difference. The ticks under Server Trusted/Internet must be because you have used AutoLearn.
    Are your settings for mail - Block or Ask??
    AutoLearn means that if a program that does not have a permission but requires it during the 21 day AutoLearn period then ZASS grants (and remembers) the permission required. Hence I thought it better not to have AutoLearn but choose specifically whether to remember or not when ZASS asks for permission. My understanding is that if I &quot;remembered&quot; all requests in first 21 days this would be equivalent to AutoLearn - do you agree??

    When ZASS asks for permission I choose not to rember hence ZASS will ask again on the next occasion.
    Thanks for your help.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Settings for Windows programs


    <BLOCKQUOTE><HR>dogdog wrote:
    I am Vista Ultimate SP2 - are you the same??<HR></BLOCKQUOTE>Yes, but a different version of ZA.
    <BLOCKQUOTE><HR>dogdog wrote:
    IAre your settings for mail - Block or Ask??<HR></BLOCKQUOTE>Block for Spooler the others with '?'
    <BLOCKQUOTE><HR>dogdog wrote:
    if I "remembered" all requests in first 21 days this would be equivalent to AutoLearn - do you agree??<HR></BLOCKQUOTE>If you 'allow' (and remember) all requests thanit is more or less the same as autolearn.Different settings may be due to different local conditions, to ensure smooth operations you should allow trusted elements. Typically trusted elements are the ones constituting your OS (core MS files). Please remember that if one trusted element is modified by untrusted element ZA will notify you, the same applies if an untrusted element is using a trusted one. If you never remember the actions you will keep getting prompted and it will be far less easy to distinguish a legitimate action (windows updates, running an installer, running an application) from a non legitimate action (malware, etc).Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5

    Default Re: Settings for Windows programs

    What version of ZA are you using??
    Did not really understand your comment: &quot;If you never remember the actions you will keep getting prompted and it will be far less easy to distinguish a legitimate action (windows updates, running an installer, running an application) from a non legitimate action (malware, etc).&quot;
    As long as I trust the program requesting the permission I cannot see any difficulty. Am I missing something??
    The aspect that worries me about AutoLearn is that a permission is granted based on usage rather than the ZA database and that this permission is granted without checking with the user. Though clearly this is not something that you feel cocerned about??

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Settings for Windows programs


    <BLOCKQUOTE><HR>dogdog wrote:
    What version of ZA are you using??<HR></BLOCKQUOTE>The version I reported was ZA Extreme
    <BLOCKQUOTE><HR>dogdog wrote:
    Though clearly this is not something that you feel cocerned about??<HR></BLOCKQUOTE>Personally, no.Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7

    Default Re: Settings for Windows programs

    Fax
    What are your settings information for C:\Windows\System32\svchost.exe??

    Just to complete the list.
    Many thanks.

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Settings for Windows programs

    Hi!set the svchost.exe to AUTO in program control (and the rest of the ZA settings to default) and you will get the standard designation from the ZA servers. It can vary from version to version and local conditions. No use to post it here. It will just confuse more the users creating panic Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9

    Default Re: Settings for Windows programs

    When I do that, the settings I get for C:\Windows\System32\svchost.exe

    are:
    SmartDefense = SystemTrust = ||| (&quot;super&quotAccess Trusted = yes ; Access Internet = yesServer Trusted = yes : Server Internet = ?Send Mail = no
    Program Control = Max and SmartDefense Advisor = Auto
    But ZASS seems to need to act as a server for PC to be able to access internet; therefore
    I get prompts from ZASS asking for this
    permission.
    For svchost.exe do you have Server Internet set to &quot;yes&quot; (ie green tick)??

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Settings for Windows programs

    Hi!you do not need to set the permission according to what the other have set into their system but according to your needs. In your specific case (your PC) svchost ask for permission to have server rights towards theinternet.Then you should allow and permit the communication. This will maximise compatibility with your current installed software. You have to take a different approach to security. First what is in your PC, once checked is from a trusted source (as this is the case --&gt; your update OS) should be trusted and remembered. Only when new actions will take place you will then be warned by ZA. Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •