Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Settings for Windows programs

  1. #1

    Default Settings for Windows programs

    Using Vista Ultimate with Zone Alarm Security Suite:ZoneAlarm Security Suite version:8.0.400.020
    TrueVector version:8.0.400.020
    Driver version:8.0.400.020
    Anti-virus engine version:6.0.2.678
    Anti-virus signature DAT file version:987462740
    Anti-spyware engine version:5.0.209.0
    Anti-spyware signature DAT file version:01.200906.6165
    AntiSpam version:6.0.0.1429
    Fax - your settings for C:\Windows\System32\svchost.exe must be different from mine (see your post: http://forum.zonelabs.org/zonelabs/b...ssage.id=10302) because you used AutoLearn for 21 days. I did not use AutoLearn so my settings for svchost.exe are just ZASS defaults. I did not use AutoLearn as this seemed to create a 21 day vulnerability.
    I have 3 other Windows programs:C:\Windows\System32\lsass.exe [Local Security Authority Process]C:\Windows\System32\services.exe [Services and Controller app]C:\Windows\System32\spoolsv.exe [Spooler Subsystem App]
    that keep asking permission to "act as a server".
    The default ZASS permissions for these programs are:
    C:\Windows\System32\lsass.exeDefenseAdvisor = SystemTrust Level
    = |||Access Trusted = yes ; Access Internet = yesServer Trusted = ? ; Server Internet = ?Send Mail = ?
    C:\Windows\System32\services.exeDefenseAdvisor = SystemTrust Level
    = |||Access Trusted = yes ; Access Internet = yesServer Trusted =
    yes ; Server Internet = ?Send Mail = yes
    C:\Windows\System32\spoolsv.exeDefenseAdvisor = SystemTrust Level
    = |||Access Trusted = yes ; Access Internet = yesServer Trusted =
    yes ; Server Internet = ?Send Mail = no
    I would be grateful if you could advise your program permissions for these 3 programs. Also do you use Vista??
    Many thanks for your help.


  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Settings for Windows programs

    Hi!Are you on SP2 or still on SP1? --------------------------------------File name C:\Windows\System32\services.exe
    Version 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Trust level =?All green checkmarks except mail.File name C:\Windows\System32\lsass.exe
    Last policy update Not applicable
    Version 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Trust level=SuperAll green checkmarks except mail.File name C:\Windows\System32\spoolsv.exe
    Version 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Trust level=Super All green checkmarks except mail.-----------------------------------<BLOCKQUOTE><HR>dogdog wrote:
    I did not use AutoLearn as this seemed to create a 21 day vulnerability. <HR></BLOCKQUOTE>Free not to use it. If you have installed the system on a trusted/clean PC then the risk is minimal since antivirus/antispyware are active and known malware blocked. It is a very useful way to adapt ZA to your PC like a dress made just for your size.
    <BLOCKQUOTE><HR>that keep asking permission to "act as a server". <HR></BLOCKQUOTE>

    Are younot ticking on "remember this settings"? Otherwise it is not normal.Cheers,Fax

    Message Edited by fax on 06-27-2009 07:00 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3

    Default Re: Settings for Windows programs

    I am Vista Ultimate SP2 - are you the same??
    My file names and versions are the same as yours. My automatic settings for services.exe are Trusted=Super. Interesting that there should be this difference. The ticks under Server Trusted/Internet must be because you have used AutoLearn.
    Are your settings for mail - Block or Ask??
    AutoLearn means that if a program that does not have a permission but requires it during the 21 day AutoLearn period then ZASS grants (and remembers) the permission required. Hence I thought it better not to have AutoLearn but choose specifically whether to remember or not when ZASS asks for permission. My understanding is that if I &quot;remembered&quot; all requests in first 21 days this would be equivalent to AutoLearn - do you agree??

    When ZASS asks for permission I choose not to rember hence ZASS will ask again on the next occasion.
    Thanks for your help.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Settings for Windows programs


    <BLOCKQUOTE><HR>dogdog wrote:
    I am Vista Ultimate SP2 - are you the same??<HR></BLOCKQUOTE>Yes, but a different version of ZA.
    <BLOCKQUOTE><HR>dogdog wrote:
    IAre your settings for mail - Block or Ask??<HR></BLOCKQUOTE>Block for Spooler the others with '?'
    <BLOCKQUOTE><HR>dogdog wrote:
    if I "remembered" all requests in first 21 days this would be equivalent to AutoLearn - do you agree??<HR></BLOCKQUOTE>If you 'allow' (and remember) all requests thanit is more or less the same as autolearn.Different settings may be due to different local conditions, to ensure smooth operations you should allow trusted elements. Typically trusted elements are the ones constituting your OS (core MS files). Please remember that if one trusted element is modified by untrusted element ZA will notify you, the same applies if an untrusted element is using a trusted one. If you never remember the actions you will keep getting prompted and it will be far less easy to distinguish a legitimate action (windows updates, running an installer, running an application) from a non legitimate action (malware, etc).Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5

    Default Re: Settings for Windows programs

    What version of ZA are you using??
    Did not really understand your comment: &quot;If you never remember the actions you will keep getting prompted and it will be far less easy to distinguish a legitimate action (windows updates, running an installer, running an application) from a non legitimate action (malware, etc).&quot;
    As long as I trust the program requesting the permission I cannot see any difficulty. Am I missing something??
    The aspect that worries me about AutoLearn is that a permission is granted based on usage rather than the ZA database and that this permission is granted without checking with the user. Though clearly this is not something that you feel cocerned about??

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Settings for Windows programs


    <BLOCKQUOTE><HR>dogdog wrote:
    What version of ZA are you using??<HR></BLOCKQUOTE>The version I reported was ZA Extreme
    <BLOCKQUOTE><HR>dogdog wrote:
    Though clearly this is not something that you feel cocerned about??<HR></BLOCKQUOTE>Personally, no.Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7

    Default Re: Settings for Windows programs

    Did not really understand your comment: &quot;If you never remember the actions you will keep getting prompted and it will be far less easy to distinguish a legitimate action (windows updates, running an installer, running an application) from a non legitimate action (malware, etc).&quot;
    As long as I trust the program requesting the permission I cannot see any difficulty. Am I missing something??

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Settings for Windows programs


    <BLOCKQUOTE><HR>dogdog wrote:
    Did not really understand your comment
    <HR></BLOCKQUOTE>Hi!No problem, nothing relevant. Its OK Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    hanging Guest

    Default Re: Settings for Windows programs

    Fax, sorry to bother you again, but I may have found the problem with the &quot;no connectivity&quot; issue where my IP number is being deleted.

    Is the following program SAFE to allow Internet access. In other words all &quot;green&quot; except for e-mail?? The name of the program is Spooler Subsystem App.

    I am not certain that this is the problem, but I did allow it Internet access and so far have not had a &quot;block&quot;. What is your opinion on this one? I need to find a permanent resolution for the issue.

    Thank you again, for all of your help.

    Hanging

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Settings for Windows programs


    <BLOCKQUOTE><HR>Hanging wrote:
    Is the following program SAFE to allow Internet access. In other words all "green" except for e-mail?? The name of the program is Spooler Subsystem App.
    <HR>Yes sounds OK, even better if you resolved the connectivity issue.If you are not sure what you do, better leave ZA to decide the best settings otherwise you end up blocking yourself.If a trusted program requires permission please give it and "remember".Cheers,Fax</BLOCKQUOTE>

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •