Yesterday morning when I booted my machine, the ZoneAlarm tray icon appeared for about thirty seconds, then disappeared. I restarted ZoneAlarm manually and it came up apparently normally, but then I got two alerts that maintispm was trying to access the trusted zone and then the Internet. I hurriedly unplugged the Ethernet jack and looked at the file. It apparently had just been modified. I saved the copy of mantispm.exe, reinstalled the latest and greatest official update from April 1, and did a binary compare on the mantispm file old and new. They are identical and are the same revision.
The issue is, what caused the change to the modification date on the file, and why did I get the program alerts?
The only scenario that makes sense to me is that mantispm.exe was patched by another program before or during the boot, allowed to run once, and then unpatched to make detection more difficult. I can't believe this wasn't a hostile act.
A deep scan shows no viruses.
I posted this on the AntiVirus/AntiSpam forum yesterday, but thought it more properly belongs here.
Operating System:Windows XP Home Edition
Product Name:ZoneAlarm Internet Security Suite