Results 1 to 4 of 4

Thread: Should I block Trusted and Internet servers?

  1. #1
    webdaddy Guest

    Default Should I block Trusted and Internet servers?

    In the following location of ZAFree v.6.1 there are a couple of server settings that can be used: Firewall > Main tab > Advanced button. Those two settings are:
    Block Trusted Zone serversBlock Internet Zone servers
    At present, I've got these as not checked but I'm wondering whether I'd be more secure if I had them checked. Can anyone comment? Looking in ZA's Help section, it simply says for these: "Prevents all programs on your computer from acting as servers to the <relevant> Zone. This overrides permissions granted in the Program panel". [relevant = Trusted or Internet].
    My PC is being used only in standard mode and therefore not specifically as a server. However, certain online updating operations could, I think, be regarded as the PC acting temporarily as a server. So, would it be better to check these two settings or not? Or would that then mess up Windows Update operations and suchlike?
    In that same configuration panel, I've got "Allow Outgoing DNS/DHCP in <relevant> Zone on High setting" both checked.

    Operating System:Windows XP Home Edition
    Software Version:6.1
    Product Name:ZoneAlarm (Free)

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Should I block Trusted and Internet servers?

    Block Trusted Zone servers
    Block Internet Zone servers

    I would comment that this is useful if it is a laptop in a strange, untrusted public LAN where there is a factor of the other unknown users or devices. If it is a desktop behind a router at home, then there is no need (although things should be okay anyways with these checked).

    Oops there is more. Missed that. I came back to finish the reply.

    "In that same configuration panel, I've got "Allow Outgoing DNS/DHCP in <relevant> Zone on High setting" both checked."

    Yes use this only and only if the correct the DNS/DHCP are entered as Trusted in the Zones and there is still trouble getting an assigned IP or getting host name addresses. If it works okay to begin with, then use this feature of the ZA. Only then and no other time.


    Cheers, Oldsod

    Message Edited by Oldsod on 12-05-2007 08:08 AM
    Best regards.
    oldsod

  3. #3
    webdaddy Guest

    Default Re: Should I block Trusted and Internet servers?

    Ok, I'll leave Block Trusted Zone Servers and Block Internet Zone servers unchecked, then.
    For the two DNS/DHCP settings, yes I've got those two checked and, as you say, I've configured ZA so as to put a number of trusted IPs/websites
    specifically into the firewall's Trusted Zone.
    BTW, do you know if there have ever been any issues reported with ZA of the Windows Defender file MpCmdRun.exe (WD Command Line Utility) constantly attempting to make a connection with URLs/websites visited by the user? I'm getting many entries of that in ZA's Alerts &amp; Logs and have not found any way of stopping them, albeit that, because of the way I've configured ZA,
    the attempted connections are blocked. According to a Microsoft man on one of the Windows Defender newsgroup forums, MpCmdRun.exe should never try to connect with websites. Instead, it's supposed to just work in the background and only ever make contact with Microsoft's
    spyware-reporting URL if it finds spyware on the user's machine. With my machine,
    WD has never found anything. But. on my machine, MpCmdRun regularly attempts to connect with websites I've just visited (many of which are trusted, genuine sites). I'm wondering if these alerts are getting logged by ZA because I've not set up the Program Control settings for WD Command Line Utility
    properly. I've got all access and server connections for it in Program Control disabled, whereas perhaps I'm meant to initially question-mark the settings and then use the Deny and Remember this Setting, when a pop-up occurs.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Should I block Trusted and Internet servers?

    webdaddy

    You seem to be good to go, regarding the network configuring.

    My guess would be the command line do not need any internet.
    My guess would be either the Defender is corrupted (uninstall and reinstall to fix) or the ZA databse is corrupted.

    To fix this, delete the ZA database. It will mean starting over from fresh, but it may solve the problems.

    Do this:

    Boot your computer into the Safe Mode

    Navigate to the c:\windows\internet logs folder

    Delete the backup.rdb and iamdb.rdb files in the folder

    Clean the Recycle Bin

    Reboot into the normal mode

    ZA will be just like new with no previous settings or data


    (How to get into the safe mode)

    Then set the correct DNS and DHCP IP as before in the Zones.

    You may consider making a Backup for future purposes, after the ZA is settled in and all the items are back in place. You can do it this way:
    Boot your computer into the Safe Mode
    Navigate to the c:\windows\internet logs folder
    Copy the backup.rdb and iamdb.rdb files in the folder
    Move the copied backup.rdb and iamdb.rdb files to a safe folder elsewhere or rename them and return the renamed files back to the c:\windows\internet logs folder.
    If the ZA gets a corrupted database again, then do the deletion of the main files in the safe mode and just un-rename the saved files and reboot. The settings that were preserved in the old files will take effect and it will appear as little or no change has happened.

    The paid versions of the ZA has a BackUp feature, which saves the ZA settings in a XML file. But this feature is not available in the free versions.


    Cheers, Oldsod

    Message Edited by Oldsod on 12-05-2007 10:36 AM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •