Results 1 to 7 of 7

Thread: Repeated "Blocked Access" messages - but computers blocked are in the trusted zone!

  1. #1
    rootertooter Guest

    Default Repeated "Blocked Access" messages - but computers blocked are in the trusted zone!

    Hello,
    I have been using ZoneAlarm for years and had no problems, but over the last few weeks I have been getting repeated "Blocked Access" messages. In every single case the IP addresses quoted belong to computers in the LAN, which is set as a trusted zone.
    Trusted zone security is set to "Medium" (although the same problem occurs when it is sent to "Off&quot. On one occasion ZoneAlarm claimed to have blocked an access attempt "from your computer to 192.168.3.1" - i.e. it blocked me accessing my own router!
    Many of the access attempts (though not all) are due to a proprietary time management program, which is installed on one computer in the LAN (it uses a single central database).The program pops up every15 minutes on each computer
    to ask the employee what job they are working on. Up until a few weeks ago this arrangement worked smoothly, but now ZoneAlarm's constant
    interference is making this program practically unuseable, as every time the access attempt is blocked the program crashes and has to be restarted. Other access attempts from other computers on the LAN I cannot explain although I suspect they are things like directory list updates, as all our working files are stored on a single network drive.
    Has an update to ZoneAlarm been issued recently which might have caused this problem? How can I change the settings to prevent further alerts when the whole LAN is already defined as "trusted"? Getting so irritated I feel like switching it off and going back to Windows Firewall (yuck)!

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm (Free)
    Software Version:6.5

  2. #2
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Repeated "Blocked Access" messages - but computers blocked are in the trusted zone!

    Is the program itself blocking the trusted zone?
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  3. #3
    rootertooter Guest

    Default Re: Repeated "Blocked Access" messages - but computers blocked are in the trusted zone!

    You mean the time management program? I don't think so because:

    - The time management program has not had any changes or updates within the last few months, and the problem started within the last few months - it was fine before
    - It is a simple time management program, with no firewall aspect to it
    - I have had some of the same issues on my computer at home, with ZoneAlarm putting up alerts when I contact the router, and my home computer does not have the time management program. Oddly, these alerts tend to come up irregularly but always when I have just clicked a link or requested a particular URL in the browser - but the requested site does appear, so obviously the access between the computer and the router has not been truly blocked. At home there is no LAN, only one computer and one router!

    I have never yet received an alert saying there has been an access attempt from the router to the computer, only from the computer to the router, or from computer to computer within the office LAN.

  4. #4
    rootertooter Guest

    Default Re: Repeated "Blocked Access" messages - but computers blocked are in the trusted zone!

    Just to add that none of the 26-odd access attempts which the ZoneAlarm on my computer in the office says it has blocked within the past few weeks have been from an internet IP address, they are all local, and all within the trusted zone.

  5. #5
    socalreviews Guest

    Default Re: Repeated "Blocked Access" messages - but computers blocked are in the trusted zone!

    Are these pop-up alerts or Alerts recorded in the ZoneAlarm program under Alerts & Logs > Log Viewer? If you have recorded alerts in your log viewer coming from within your LAN from other computers or devices attached to the LAN then what very likely is happening is that those other computers or devices are sending out data packets to get a response from the router (the DHCP server). I usually see these kinds of non-malicious alerts originating from the LAN side of my router when I am using my wireless notebook (after turning it on) to access the internet through my wireless access point which is connected to my router. Make a note of the source IP address in the ZoneAlarm Log Viewer that has triggered the alert and see if you can trace it to the device connected on your network. As long as the alert is not triggered from an infected computer, a hacker's computer who has gained unauthorized access to your network, or some other malicious reason then you do not need to worry too much about it. If these are pop-up alerts they could be non-malicious for similar reasons as above and you can select to always ignore or allow those alerts in the future. I have seen harmless pop-up alerts of this type when using Windows computers with multiple network protocals enabled such as NetBEUI along with TCP/IP. If you continue to have issues with these alerts there might be some more ZA configuration options you can adjust to quiet them down. Please post back with your results or if you have any more questions.

    Message Edited by SoCalReviews on 12-15-2006 04:30 AM

  6. #6
    rootertooter Guest

    Default Re: Repeated "Blocked Access" messages - but computers blocked are in the trusted zone!

    Yes, the alerts are logged in the Log Viewer, and looking at them, the alerts from the last couple of days are all from one computer
    - the one that acts as file server for the projects that I am working on. Most are blocked access attempts from that computer, but there are one or two in the opposite direction. A typical alert is below:
    Description




    Packet sent from 192.168.1.4 (TCP Port 4739) to 192.168.1.3 (TCP Port 445) was blocked
    Rating












    Medium
    Date / Time




    2006/12/20 10:51:14-0:00 GMT
    Type











    Firewall
    Protocol







    TCP (flags:S)
    Program









    Source IP






    192.168.1.4:4739
    Destination IP

    192.168.1.3:445
    Direction






    Outgoing
    Action Taken



    Blocked
    Count










    1
    Source DNS





    COMPUTER_B
    Destination DNS



    The whole subnet is in the Trusted Zone as 192.168.1.0/255.255.255.0 - would it help to enter each IP address separately? The reason I haven't done this is that the addresses are not static but depend on which computer is switched on first in the morning (the router acts as a DHCP server) and can vary if laptops etc. are plugged into the router. I did it the way I did because it seemed tidier, but would it make a difference if I entered each IP address separately.

  7. #7
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Repeated "Blocked Access" messages - but computers blocked are in the trusted zone!

    Yes, adding the IP of every machine in the Zones should help. The router usually assigns the same IP to the same port ( of the machines that are wired) and can possibly be set to assign the same IP as per MAC of the wifi laptops or devices. MACing in the laptops can possible help too.

    Even just adding the entire range of 198.168.0.0-198.168.255.255 as Trusted can sometimes help.

    Port 445 is a BIOS port, so the Trusted Security Zone slider should be at Medium- this does allow for more connection to be made possible, by default.

    Spoolsv.exe should have server rights for the Trusted Zone, as well as the Office applications. The Generic Host Process or svchost.exe should have server rights for the Trusted Zone. Any printer software should have server rights for the Trusted Zone.

    Oldsod
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •