Results 1 to 6 of 6

Thread: "Unknown Incoming/Download Access"

Hybrid View

  1. #1
    mykelturn Guest

    Default "Unknown Incoming/Download Access"

    I am using ZASS v8.0.289.000 and Windows XP Home w/SP2. Sometimes I see incoming data (ZASS activity window/icon active) while on the Internet and I did not manually start anything. I believe that I think don't have any applications and such set to "automatic" for (for example) checking for updates and the like; with the exception of SiteAdvisor and Internet Download Manager. There may be one or two others. But at any rate, how can I find out who and/or what is accessing my computer that ZASS is (as currently configured) not blocking; or at least, notifying me ofan "unsolicited" access to my computer? If ZASS does not, or cannot, do this, is there any software that will accomplish this? If the accessing is do to an installed piece of software automatically checking for updates, I can deal with that. But, I want to BLOCK, if necessary, access from the meanies! Thanks for the assist.

    Operating System:Windows XP Home Edition
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: "Unknown Incoming/Download Access"

    <blockquote><hr>mykelturn wrote:
    I am using ZASS v8.0.289.000 and Windows XP Home w/SP2. Sometimes I see incoming data (ZASS activity window/icon active) while on the Internet and I did not manually start anything. I believe that I think don't have any applications and such set to "automatic" for (for example) checking for updates and the like; with the exception of SiteAdvisor and Internet Download Manager. There may be one or two others. But at any rate, how can I find out who and/or what is accessing my computer that ZASS is (as currently configured) not blocking; or at least, notifying me ofan "unsolicited" access to my computer? If ZASS does not, or cannot, do this, is there any software that will accomplish this? If the accessing is do to an installed piece of software automatically checking for updates, I can deal with that. But, I want to BLOCK, if necessary, access from the meanies! Thanks for the assist.

    Operating System:
    Windows XP Home Edition
    Software Version:
    8.0
    Product Name:
    ZoneAlarm Internet Security Suite

    <hr></blockquote>


    Probably there are no access attempts to the computer happening (especially if using a hardware firewall in front of the computer).

    More than likely the ZA is showing the localhost traffic on the windows.
    Probably nothing nefarious is happening.

    Use the netstat -anob command to see the listening and localhost traffic occuring at that precise moment.
    Usually the svchost.exe, some security programs and a few window files are running all on the localhost and these will be shown in the netstat results.

    As for when this happens when using the internet such as when browsing- connections to the dhcp and dns server are outgoing, BUT these same connections are also incoming. (it is the way the dhcp and dns servers work - they need to send incoming connections to the windows).
    Both the dhcp and dns servers should be set as trusted into the Zones of the Firewall of the Zone Alarm.

    Oldsod.

    Message Edited by Oldsod on 03-07-2009 05:19 PM
    Best regards.
    oldsod

  3. #3
    mykelturn Guest

    Default Re: "Unknown Incoming/Download Access"

    Thanks for the reply.
    So, B-) if I understand you correctly, if I run IPCONFIG /ALL, all I basically need to do is copy the DHCP and DNS server addresses and then place these IPs in the Trusted Zone of my copy of ZASS. There is one DHCP and four DNS IPs. I did the
    &quot;netstat -anob&quot;
    but everything is quiet right now. What bothers me is when
    I see activity incoming that resembles a download and I didn't initiate anything. Most often I will stop all activity for a few seconds and then resume. Oh well. I will go ahead and add these IPs and see what happens. So again, thanks.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: "Unknown Incoming/Download Access"


    <blockquote><hr>mykelturn wrote:
    Thanks for the reply.
    So, B-) if I understand you correctly, if I run IPCONFIG /ALL, all I basically need to do is copy the DHCP and DNS server addresses and then place these IPs in the Trusted Zone of my copy of ZASS. There is one DHCP and four DNS IPs. I did the
    "netstat -anob"
    but everything is quiet right now. What bothers me is when
    I see activity incoming that resembles a download and I didn't initiate anything. Most often I will stop all activity for a few seconds and then resume. Oh well. I will go ahead and add these IPs and see what happens. So again, thanks.
    <hr></blockquote>


    Yes please use the ipconfig command to determine the dhcp and dns servers to be placed into the Zones as Trusted.
    Like this way:

    1. Go to Run and type in command and hit 'ok', and in the command then type in ipconfig /all then press the enter key. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side. Make sure there is a space between the ipconfig and the /all, and the font is the same (no capitals).
    2. In ZA on your machine on the Firewall, open the Zones tab, click Add and then select IP Address. Make sure the Zone is set to Trusted. Add the DNS IP(s) .
    3. Click OK and Apply. Then do the same for the DHCP server.
    4. The localhost (127.0.0.1) must be listed as Trusted.
    5. The Generic Host Process (svchost.exe) as seen in the Zone Alarm's Program's list must have server rights for the Trusted Zone.
    Plus it must have both Trusted and Internet Access.

    Extra help is found at Guru Hoov site for the DNS/DHCP.

    Those incoming are not neccessarily downloads - just packets which could be happening inside your own computer and not from the internet.
    (also just connections from the dhcp and dns servers to the computer).

    Make sure the Logs and Alerts are set to show and at the maximum in the Alerts and Logs.
    Then the ZA should warn you in the Alerts of any unwanted or suspicious incoming connections and it should log these connection events.

    Another approach is have your router (if you have one) to log all the connections and chek these router firewall logs every few days or weekly.
    Any suspicious or unusual connections will be seen in the router's logs (which is probably the very best method of tracking the computer's connections as the router is seperate from the computer and is independant from any rootkit, nasty malware, etc types of infections).

    Oldsod.
    Best regards.
    oldsod

  5. #5
    mykelturn Guest

    Default Re: "Unknown Incoming/Download Access"

    :8} Okay, thanks. Just did the set-up. I wish the user's guide/manual would explain a lot of this stuff!!! The guide does not give enough information to the un-initiated end-user; one who is not IT/computer savvy. The guide needs to provide information with some examples of ... if I do this, etc. Just stating what a particular topic's function
    is without some form of &quot;in depth&quot; information is almost useless; especially for the non-IT, non-Techie, &quot;I just only use email&quot; end-user! X-(
    Again, thanks.

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: "Unknown Incoming/Download Access"


    <blockquote><hr>mykelturn wrote:
    :8} Okay, thanks. Just did the set-up. I wish the user's guide/manual would explain a lot of this stuff!!! The guide does not give enough information to the un-initiated end-user; one who is not IT/computer savvy. The guide needs to provide information with some examples of ... if I do this, etc. Just stating what a particular topic's function
    is without some form of "in depth" information is almost useless; especially for the non-IT, non-Techie, "I just only use email" end-user! X-(
    Again, thanks.
    <hr></blockquote>


    I agree with you whole hearted.
    The guide is very easy if you have firewall or some techie experience.
    Other wise often not helpful for the ABCs steps that are often needed.

    To many users it makes as much sense as a particle astrophysics discussion about the 17th dimension of the fourth universe in the fifth plane of existense. Written in Ionic Greek.
    Personal experience evolved over the years at the forum with other ZA users.

    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •