I've been using the free version of ZoneAlarm for several years but have never tinkered with it much as it has worked so well. I am currently using 6.5.722.000. Google told me my question was asked in this thread back in July:
It didn't seem to be answered so I hope you don't mind my raising it again.
I noticed in the log that zlclient.exe is accessing various websites every few days. Some are ones I use regularly (one's my home page) but some I don't recognise. I'd understand if the program were contacting Zone Labs (which doesn't appear in the log) but why these other websites? What is it doing?
The log entries all say "Allowed (once)" as if I have given permission, but it has never asked me! It did have permission to access the Trusted and Internet zones but now I've set all four columns in Program Control to Ask. It doesn't seem to be a malware problem; I checked and there is only one zlclient.exe on my disk and it is in the program folder. Here's a sample entry from tonight:
[Rating] High [Date/Time] 2006/09/21 21:09:52+1.00 GMT [Type] Repeat Program [Program] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [Source IP] (blank) [Destination IP] 126.96.36.199:53 [Direction] Outgoing (connect)[Action taken] Allowed (once) [Count] 1 [Source DNS] (blank) [Destination DNS] sa.windows.com
I did a Whois lookup and that seems to be a Microsoft site. Some of the others are: news.zen.co.uk (my news server); a369.g.akamai; a802.g.akamai; www.crochetville.org (forum I regularly visit) and www.anniesattic.com (my home page). All the connections are on port 53. Someone in the other thread suggested zlclient might be checking sites in my trusted zone, but none of these are in there.
Has anyone any idea what might be happening, please?
Operating System:Windows XP Pro
Product Name:ZoneAlarm (Free)