Results 1 to 8 of 8

Thread: Symantec says that ZoneAlarms' vsmon.exe is attempting "Unauthorized access"

  1. #1
    pastrami_dave Guest

    Default Symantec says that ZoneAlarms' vsmon.exe is attempting "Unauthorized access"

    I have ZoneAlarm (free version), Windows XP Pro SP2 and Symantec Norton SystemsWorks 2005 with Norton AntiVirus 11.

    Norton is giving me the following Alert in my Symantec Resource Protector:

    Event Details:
    Time: 1/5/2006 8:50:42 AM
    Actor: C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe (PID=1588)
    Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID=2216)
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    It appears that Norton thinks that ZoneLabs' vsmon.exe is attempting to modify Symantec's ccApp.exe.

    Anyone know if I should be concerned about this? Is vsmon.exe really trying to do something bad, or is Norton just being too sensitive and over-alerting me about vsmon.exe activities?

    Thanks!

    Additional info: Norton Help File says about the Resource Protector: Symantec Resource Protector Alerts - Selecting Symantec Resource Protector Alerts on the left side of the Log Viewer displays details about unauthorized attempts to modify Symantec processes and tasks that were blocked by your Symantec product. The log shows the time that the event occurred and the action taken. The bottom of the Log Viewer window shows the original location of the infected file on your computer and, if available, a link to the online Symantec Virus Encyclopedia for more information.

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm (Free)
    Software Version:6.0

  2. #2
    ad_hock Guest

    Default Re: Symantec says that ZoneAlarms' vsmon.exe is attempting "Unauthorized access"

    I think your version of NAV has a feature called worm protection,that is a mini and elementar firewall that conflicts with ZA. If that's the case and I think it is,disable the worm protection as ZA gives you much better protection and it avoids those software conflicts.
    Best regards

  3. #3
    arson Guest

    Default Re: Symantec says that ZoneAlarms' vsmon.exe is attempting "Unauthorized access"


    <BLOCKQUOTE><HR>Ad-Hock wrote:
    I think your version of NAV has a feature called worm protection,that is a mini and elementar firewall that conflicts with ZA. If that's the case and I think it is,disable the worm protection as ZA gives you much better protection and it avoids those software conflicts.
    Best regards
    <HR></BLOCKQUOTE>


    Hi pastrami_dave and Guru Ad (btw, belated congrats Ad ol' buddy on making Guru, it's long overdue and well deserved) ...

    To add to what Guru Ad-Hock has stated, yes NAV 2004, 5 and 6 has the Internet Worm Protection that should be disabled if you operate with any of ZA's Software Firewalls ... I also think Norton's 2003 has it, but I'm not sure, it's been awile ... but anyway ...

    On one of my systems I also have this combination of NAV 2005 and ZA6.1.737.000 and this bumping-of-heads between the two is a normal occurence and basically harmless in my opinion ... so let me try to explain this occurence without getting to technical ... bear with me, because this will probably will get long-winded and hopefully not confusing ...

    Norton's System Resource Protector usually flags ZA's VSMON during SRP's background Monitoring or boot scan using auto-protect, trying to prevent any modification or changes by VSMON's during it's monitoring of Programs or Apps, including Norton's by VSMON ... And ZA will also and usually alert you with one of it's OS alerts and also flag and try to prevent Norton's from trying to scan, modify and/or make changes to ZA's zlsreupd .zip folder ... Norton's will also (and usually) flag ZA's zlsreupd.zip folder and it's internal files during Manual or Automatic scans. Basically they're both trying to scan each other and monitor, verify, modify and/or change the checksum and/ or Hash values of each other and they're both trying to prevent this from happening .

    This is the inherent nature of Security Programs (or any Security App for that matter) to keep any Malicious events (Viruses, Trojans, Worms, Spy-ware, Hackers, remote systems, etc and sometimes even obviously Normal processes, programs or apps from changing or disabling them, because if it was that simple or easy to change, modify or shut them down, this would defeat the purpose of even having any Security Software on your Machine or System ... in other words they're doing their job. because they're both trying to scan each other and prevent any perceived changes or disabling.

    To recap and sum-up .... what Norton is doing, is trying to monitor, verify and/or modify or change the checksum values or attributes of ZA ... and ZA is trying to Monitor and/or modify or change the checksum values or attributes of Nortons for future reference to see to see if any of this behavior (as mentioned above) has occured ...

    Though these are basically harmless and normal Components of both these programs ... Nortons and it's SRP are relatively simple to keep from flagging VSMON by adding it to Nortons exception list in NAV Options Window (this should help, but results may vary) or turninngOFF Nortons SRP ...

    <HR>



    Technical Information:


    What is Symantec Resource Protector?

    Symantec Resource Protector (SymProtect) prevents modification or deletion of Symantec files, processes, and registry keys by unauthorized applications. Authorized applications have full access to Symantec files.

    Turning on or turning off Symantec Resource Protection

    Situation:

    This document describes how to turn on and turn off Symantec Resource Protection.

    Solution:
    To turn on Symantec Resource Protection

    Start your 2005 Norton program.

    Click Options.

    Click your Norton program.

    In the left pane, click Miscellaneous.

    In the right pane, check Enable protection for my Symantec product.

    Click OK.


    To turn off Symantec Resource Protection

    Start your 2005 Norton program.

    Click Options.

    Click your Norton program.

    In the left pane, click Miscellaneous.

    In the right pane, uncheck Enable protection for my Symantec product.

    Click OK.

    <HR>



    ... I'm still working on the flagging of ZA's zlsreupd.zip by Nortons and ZA's flagging of Norton trying to check zlsreupd.zip...Here'ssome posts with some info on this zlreupd.zip ...

    &gt;http://forum.zonelabs.org/zonelabs/b...d=14193#M14193

    ooOOwee, I hope this was enough and thanks for bearing with me pastrami_dave and Guru Ad... see ya' later alligators ...

    Arson D. Dragon

  4. #4
    ad_hock Guest

    Default Re: Symantec says that ZoneAlarms' vsmon.exe is attempting "Unauthorized access"

    Hi ARSON
    First thanks for your kind words. About Worm Protection it started with NAV 2005. I know this as I run NAV2004 in one of my computers and doesn't have that feature yet. I congratulate you about your nice explanation about both programs interact with each other and the way to avoid potential conflicts. I must say that in the computer with NAV 2004 I never had one but although with no experience I know of several people that had severe software conflicts with the worm protection that ,as you also agree, should definitly be disabled if using ZA.
    Nice post and good orientation for those who use this products and in a more general sense to understand how security problems coexist.
    My best regards

  5. #5
    arson Guest

    Default Re: Symantec says that ZoneAlarms' vsmon.exe is attempting "Unauthorized access"


    <BLOCKQUOTE><HR>Ad-Hock wrote:
    Hi ARSON
    First thanks for your kind words. About Worm Protection it started with NAV 2005. I know this as I run NAV2004 in one of my computers and doesn't have that feature yet. I congratulate you about your nice explanation about both programs interact with each other and the way to avoid potential conflicts. I must say that in the computer with NAV 2004 I never had one but although with no experience I know of several people that had severe software conflicts with the worm protection that ,as you also agree, should definitly be disabled if using ZA.
    Nice post and good orientation for those who use this products and in a more general sense to understand how security problems coexist.
    My best regards
    <HR></BLOCKQUOTE>


    Ok great, thank you for that clarification Guru Ad , I've also used NAV 2004 in the past, but it's been a while and I probably mixed up a little info about the IWPin NAV 2005... again thank youand your quite welcome ol' buddy...

    Arson D. Dragon

  6. #6
    pastrami_dave Guest

    Default Re: Symantec says that ZoneAlarms' vsmon.exe is attempting "Unauthorized access"

    Thanks, Ad-Hoc and Arson, for all your great info. Very thorough! :-)
    Imagine my surprise when I went to the Symantec site to post this same question there and they have no forums! Symantec seems to make it more difficult to communicate with users - not very impressive.

    Interesting-ly, there are additional EXEs showing up in my Symantec Resource Protector Alerts list:
    * C:\WINDOWS\System32\DSentry.exe - Dell application which stops the autorun application from executing on disc insertion.
    * C:\WINDOWS\system32\winlogon.exe - Windows NT login manager which handles the login and logout procedures on system.

    As far as I can tell, and per your posts, all these EXEs appear to be doing nothing malicious. Symantec just likes to complain. :-)

    Looks like you're right. The Resource Protector can be turned off in NAV2005 via Options > NAV > Other > Miscellaneous > "Enable Protection for Symantec Product". And EXEs can be added to the Exclusion List under (I assume) Options > NAV > Other > Threat Categories > Exclusions.

    Thanks again for your help!

  7. #7
    ad_hock Guest

    Default Re: Symantec says that ZoneAlarms' vsmon.exe is attempting "Unauthorized access"

    Hi ARSON
    Great, all the best to to you and kind regards.

  8. #8
    ad_hock Guest

    Default Re: Symantec says that ZoneAlarms' vsmon.exe is attempting "Unauthorized access"

    You're welcome
    Symantec is a very complicated company. Not easy to deal with them. I avoid them whenever I can.
    My best regards

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •