Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: ZAP false positive security warnings

  1. #11
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZAP false positive security warnings

    bohemian_one

    I am curious. Is there a router with logs of internet traffic?

    I had thought low level formats still allowed rootkits to survive. The Gutmann wipe is one of the best, followed by the complete power loss (pull the plug) to kill any residuals. I have a Disk Scrubber 2 and the wipe takes several nights and days. Free eraser...

    http://www.heidi.ie/eraser/

    Oldsod
    Best regards.
    oldsod

  2. #12
    bohemian_one Guest

    Default Re: ZAP false positive security warnings

    Oldsod,

    My router only logs incoming traffic, my local malware is trying to phone home. I used Micro$oft s Port Reporter to verify the blocked outgoing connections.

    I browsed the link you posted and the Gutmann wipe, do they work when reformatting a drive? I used the Maxtor utility to low format my drive.

    Can you tell me how to write ZAP expert rules that would alert and provide more information (as much as possible) when a specific blocked event occurs? Smart Defense Advisor is not available when ZAP blocks the connections I m interested in. Can an expert rule be written to trigger another software package?

    Dylan

  3. #13
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZAP false positive security warnings

    Hi

    After the wipe is finished, there is no format option. I use the Disk Scrubber 2- the Gutmann erase exceeds military standards. I just use the Windows Disk to format the drive after. The boot sector can be cleaned as well.

    I suppose the Alerts are set at High.All options enabled in the Alert Events found in the Advanced of the Main of the Alerts and LOgs section of the Zone Alarm..

    "Alert and Log" option, in the Expert Rules, is found in the dropdown labeled Track. "Blocking" is found in the Action dropdown.

    Guru Hoov has a very nice and detailed tutorial of the Expert Rules at his web site

    http://www.donhoover.net/alltherules.html

    Actually I seldom use the ZA firewall logs to review the outbound traffic. Using the ProtoWall tool in real time and I just refer to it's logs instead. No application is listed, but it is easy to scan through.I do not do any P2P, but instead use it for antimalware and adblocking as well as keeping out complete networks and other nasty sites. 7.4 billion sites are blocked and it's still increasing.

    I usually netstat and use the Process Explorer (mentioned by Guru Hoov) to check the status of the PC.

    Plus I use KAV6 antivirus with it's Proactive (HIPS) enabled and the free System Safety Monitor (HIPS)(& install the SSM only on a "clean" or brand new machine). Nothing can move or activate unless I allowed it first or the they can be limited as to how and what they can actually do or the way they act upon other applications.

    Oldsod
    Best regards.
    oldsod

  4. #14
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: ZAP false positive security warnings

    Sorry, I was going to address the expert rule, but got sidetracked. Unfortunately an expert rule will not help at all. All it will tell you is your computer tried connecting to the net. It won't tell you what program. But, and I don't know if this will do you any good, is to reset the settings Database and then connect to the internet, and don't do anything to the net, but only approve programs to have access to the net. This will generate a PE entry in the log, and then you could look there. But you would have to monitor the TCP/IP traffic until it tries to go to the site you mention (I think you said its using a couple different IP address's or that its changing). Does that make sense?
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •