Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Keep on getting (red) security allerts

  1. #1
    jeroenvdb Guest

    Default Keep on getting (red) security allerts

    I keep on getting the red coloured security alerts when I install a new program, open programs and even when Windows was updating today. There were 6 updates and for 5 of them I got a red warning giving messages like the installer wanted to have priviledged rights to certain processes.
    When I installed Acrobat I got a message saying "Suspicious behaviour - Acrotray is trying to install a new driver of service: Flexnet Licensing Service".

    Can anyone help me and tell me how to stop these (annoying) allerts? Is it part of the OS Firelwall or program access?
    I want to determine manually for each program to allow internet access and appreciate warnings if new start-up entries are installed. I just want to get rid of all mesages when I install programs myself.
    Does anyone know what settings to use for this?

    thanks a lot in advance!

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:6.5

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Keep on getting (red) security allerts

    "Suspicious behaviour - Acrotray is trying to install a new driver of service: Flexnet Licensing Service"

    Ok This is from the OS Firewall. Have you tried it with the Program Control slider set at Medium? In the Alerts and Logs, is the Medium selected for the Alert Events Shown? Is just the logging button selected in the OS alerts/logging of the Alerts Events found in the Advanced of the Main of the Alerts and Logs?

    Oldsod
    Best regards.
    oldsod

  3. #3
    jeroenvdb Guest

    Default Re: Keep on getting (red) security allerts

    Dear Oldsod,

    Thanks for your reply!
    All settings are as you mention:
    Program Control slider is set at medium
    In Laerts&Logs Medium is selected for the Alert Events and
    Only logging is selected for OS firewall in the Advanced tab.

    Do I understand it corrdctly that the OS firewall warnings should not be displayed as I did not select that in the Advanced tab of Alerts&Logs?
    For the specific alert of Acrotray there was no SmartDefense advisor available, so I guess it does not make any difference as to whether the SmartDefense is set to auto or manual.

    Based on a thread of BillC (http://forum.zonelabs.org/zonelabs/b...ssage.id=14554) I reset the database yesterday, but it does not make a difference.


    Thanks!

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Keep on getting (red) security allerts

    Quote

    "Do I understand it correctly that the OS firewall warnings should not be displayed as I did not select that in the Advanced tab of Alerts&Logs?
    For the specific alert of Acrotray there was no SmartDefense advisor available, so I guess it does not make any difference as to whether the SmartDefense is set to auto or manual."

    Yes the alerts are gone, so just check the logs from time to time and see what was happening.

    Smart Defense will do a lot of settings for you and the manual setting means that you will personally oversee the way the settings are set and applied. If you get the hang of things the manual setting is preferred, because you the user is in complete control of the PC activity.

    Oldsod
    Best regards.
    oldsod

  5. #5
    jeroenvdb Guest

    Default Re: Keep on getting (red) security allerts

    The alerts SHOULD be gone, but they are not! The checkbox for displaying alerts for the OS firwall is unchecked, but the alert still pop up...

    Would it make sense just to switch off the OS firewall?

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Keep on getting (red) security allerts

    "Would it make sense just to switch off the OS firewall?"

    No don't do that.

    Please bear in mind that the OS firewall is a major security feature. It is a form of HIPS (Host Intrusion Protection Sytem). This does seem to be part of the future for a part of the PC security. It is spreading to other security applications and other suites. BTW I have an antivirus with it's own HIPS and a pure dedicated HIPS software being used at the same time as the ZA.

    It is natural to have Alerts when installing new software or getting Window updates. It is when you are doing nothing out of the ordinary and you get an Alert, then at least you got the warning that some malware is getting in the PC. The Program list in the Program Control has a KILL feature- use it to kill that malware from going internet and from taking over the PC and destroying your privacy, security and OS.

    The trouble is when the alerts happen and you are doing nothing out of the ordinary and then they are just pesky annoyances. See what it is. Open the ZA and give it three green bars under the Trust Level. Open the Options in the right click of the component and give it more rights.

    Ok so you do a Windows update. The IE is using ctfmon and rundll32 and wants to access the memory. This is normal. but if that exact same thing happened while reading the web page on some site, then you know something is wrong. That is why it is there.

    If you want, then turn the Alert events to off. The program Alerts will still be shown. In the Custom of the Main of the Program Control, leave the OS and deselect the Advanced and Applicaton controls. This will help cut down on the Alerts and will reduce your security all at the same time.

    Oldsod
    Best regards.
    oldsod

  7. #7
    jeroenvdb Guest

    Default Re: Keep on getting (red) security allerts

    Thanks!

    One of the things that makes this so annoying is that settings are not remembered, although I check the 'remember' check box when allowing or denying actions.

    I use TuneUp utilities to modify start up entries and get a warning when modifying those. Even when I allow it and check the remember box, sometimes the same pops up again the enxt time I use it.

    I also foudn today that the settings for the auto antivirus and spyware scan are not kept.
    I set to automatically scan every Saturday en today this suddenly chenged to Sunday. I set it back to Saturday, but after a system restart it was back to Sunday again and started scanning.

    I hope this will solve, as it is not very pleasant to use ZA as it is right now...

  8. #8
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Keep on getting (red) security allerts

    I wish you had told me in the first post and then we could have done some setting adjustments. Or maybe I missed that.

    OK. The database in the ZA has become corrupted. This is why the settings are not remembered. The database has to be removed and the ZA will start fresh and create a new database.

    To do this>

    Boot your computer into the Safe Mode

    Navigate to the c:\windows\internet logs folder

    Delete the backup.rdb and iamdb.rdb files in the folder

    Clean the Recycle Bin

    Reboot into the normal mode

    ZA will be just like new with no previous settings or data


    Make sure that the correct information is in the Zones of the Firewallof the ZA>

    Make sure your DNS and DHCP server IP's are in your Firewall's Trusted zone. Finding DNS and DCHP servers, etc

    1. Go to Run type in command , hit 'ok', and type ipconfig /all then press enter. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side.
    2. In ZA on your machine on the Firewall>Zones tab click Add and then select IP Address. Make sure the Zone is set to Trusted.
    3. Click OK and then Apply and see if that works to fix it.
    4. The loopback (127.0.0.1) has to be listed and must be shown as Trusted.

    The ZA will be clean and fresh after this.

    Oldsod
    Best regards.
    oldsod

  9. #9
    jeroenvdb Guest

    Default Re: Keep on getting (red) security allerts

    Dear Oldsod,

    In my post of 11-18 (3:26) I mentioned that I already reset my database. This gave many allerts in the beginning of course, but the settings were not remembered, even when I checked the remember this box. The messages came back all the time.

    I enabled to let all networks automatically get into the trusted zone, but I did not manually add the DNS and DHCP server to this zone.
    It is rather strange that this has to be done manually, right? You have to be an expert when using ZA.
    I saw there will be a version 7 out soon (in beta). I hope that will be much better than 6.5.

    In anticipation of this, I uninstalled ZA completely (using instructions found soemwhere else in this forum) and will wait for this beta to come out.

    thanks!

  10. #10
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Keep on getting (red) security allerts


    <blockquote><hr>jeroenvdb wrote:
    Dear Oldsod,

    In my post of 11-18 (3:26) I mentioned that I already reset my database. This gave many allerts in the beginning of course, but the settings were not remembered, even when I checked the remember this box. The messages came back all the time.

    I enabled to let all networks automatically get into the trusted zone, but I did not manually add the DNS and DHCP server to this zone.
    It is rather strange that this has to be done manually, right? You have to be an expert when using ZA.
    I saw there will be a version 7 out soon (in beta). I hope that will be much better than 6.5.

    In anticipation of this, I uninstalled ZA completely (using instructions found soemwhere else in this forum) and will wait for this beta to come out.

    thanks!
    <hr></blockquote>


    I forgot that you did the advice from Guru BillC.

    Some firewalls will find the DNS and DHCP, and some will find them and then ask the user if this is correct and some need the user to set things up.

    Before installing the ZA beta (pleae remember that it is a beta and not the final version), please do the "/clean" uninstall instead of the usual uninstall and then use a reg/file cleaner. if you don' have one, then try the CCleaner>

    http://www.majorgeeks.com/CCleaner_S...ish_d4191.html

    Infor for the "/clean" uninstall procedure


    - Click on Start -> Programs -> Zone Labs
    - RIGHT-click on Uninstall ZoneAlarm, then select Properties
    - Under Target you will see the following line (the actual drive may
    be different on your system):

    "C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe"

    Change it to:

    "C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe" /clean

    (add a space and then the /clean)

    Open the Zone Alarm and disable the "Load Zone Alarm .. at startup" in the Preferences of the Overview. Then reboot.

    -Return to the Uninstall ZoneAlarm in the Zone Labs of the All Programs
    - Click OK to run the uninstaller, and OK any security alerts that
    pop up.
    - say "Yes when being prompted for the removal of all files.
    - Reboot

    or use this>

    http://www.nohold.net/noHoldCust25/P...n_install.html


    And then use this to check for remmants>

    http://forum.zonelabs.org/zonelabs/b...message.id=103

    or>

    http://www.nohold.net/noHoldCust25/P...ninstalNT.html


    The ZA beta will have, besides a differnet antivirus engine, some new features in the OS firewall. The changes maybe to different and so the " /clean" uninstall is recommended.

    Oldsod
    Best regards.
    oldsod

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •