Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Receiving strange message in Events viewer, and AV seems only to run I make it run

  1. #1
    mistress Guest

    Default Receiving strange message in Events viewer, and AV seems only to run I make it run

    Hi Hi!
    I just installed the new version of ZAISS, and it was almost too good ..
    I wasn't seeing any errors, and it was soooo quiet. LOL
    Reason being I guess might be cause of these problems:
    I have to manually start the AV and AS. It seems not to want to start on it's timer.
    Also when I boot up I get this message in the Events viewer:

    Event Type: Error
    Event Source: SecurityCenter
    Event Category: None
    Event ID: 1802
    Date: 9/21/2007
    Time: 3:31:00 PM
    User: N/A
    Computer: MYMACHINE
    Description:
    The Windows Security Center Service was unable to establish event queries with WMI to
    monitor third party AntiVirus and Firewall.


    ZoneAlarm Security Suite version:7.0.408.000
    TrueVector version:7.0.408.000
    Driver version:7.0.408.000
    Anti-virus engine version:3
    Anti-virus signature DAT file version:20070921135000
    Anti-spyware engine version:5.0.176.0
    Anti-spyware signature DAT file version:01.200709.2465
    AntiSpam version:5.0.6.8903
    --
    thank you!

    Operating System:Windows XP Home Edition

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Receiving strange message in Events viewer, and AV seems only to run I make it run

    Hi Mistress

    This is a windows issue. checking with eventid for 1802 shows this.

    You could try this to fix windows:

    Right click My Computer and select Manage.
    Select Services under the Services and Applications tree in the left panel
    and open the Services
    In the right panel, right click the WMI Performance Adapter</a > and the <a href="http://www.blackviper.com/WinXP/Services/Windows_Management_Instrumentation.htm" target=_blank>Windows Management Instrumentation and use the Stop in the Service Status and change the Startup to Disabled. Apply and OK. Close the windows.
    Now start the PC in the safe mode.
    Open the C:\WINDOWS\system 32\wbem and delete the files in the Repository folder and clean the Recycle Bin.
    Restart the PC in the Normal Mode.
    Return to the WMI Servicc and change it to Automatic and Start as it was before.
    Reboot once again.
    The Windows OS should see the ZA as the correct firewall and antivirus.

    Another solution... uninstall the Zone Alarm and re-install. Often if windows missed it the first time, the new install will make sure windows sees it's presence. Sort of like hitting it hard to get it's attention.

    Cheers, Oldsod

    Message Edited by Oldsod on 09-21-2007 08:07 PM
    Best regards.
    oldsod

  3. #3
    mistress Guest

    Default Re: Receiving strange message in Events viewer, and AV seems only to run I make it run

    Hi U!
    I tried the re-install, as it seemed the lesser of 2 evils, but it did NOT work!
    I am still getting the error...so back to the drawing board.
    I will post back after I try the other method.
    BBL

  4. #4
    mistress Guest

    Default Re: Receiving strange message in Events viewer, and AV seems only to run I make it run

    ACK! It didn't work either
    I also tried clicking on the WMI/Dependencies and it gives me the error:
    &lt;NULL&gt;: No such interface supported.

    I HATE COMPUTERS! (sometimes)

  5. #5
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Receiving strange message in Events viewer, and AV seems only to run I make it run

    OK The only other trick I know, the last trick, is the toggle method. Turn the windows firewall on. before the next shutdiwn. After the next startup turn windows firewall off. On the next startup, the windows security center may actually "see" the Zone Alarm. Sometimes alternating the ZA on and off with a series of startups and shutdowns can make windows see the firewall/antivirus. Other than that, I am stumped.

    My own approach is disable the security center and the windows firewall in the Services. I usually disable the alerts in the security center first and then disable the whole thing. I never have any issues and it saves a couple of cpu cycles. I monitor the windows updates, firewall and the antvirus manually.

    Oldsod
    Best regards.
    oldsod

  6. #6
    mistress Guest

    Default Re: Receiving strange message in Events viewer, and AV seems only to run I make it run

    I will try the new method. If that doesn't work,
    I will send a message to support and see if they can come up with something.
    Also, during my windows updates, even before July, this year, some how the net framework,
    iis asp and some other things got on my machine. I have NO idea what they are,
    or how to remove them. They came with the security updates
    That may be why the NULL is showing up in the WMI.
    Who knows at this point.

  7. #7
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Receiving strange message in Events viewer, and AV seems only to run I make it run

    Generally the .NET Runtime Optimization Service and the ASP.NET State Service can be set at manual.If windows needs them, it turn it on during the next startup. The iis is a what?
    You can probably safely delete any other unusual ccounts in the User Accounts of the Control Panel - any type of asp or net accounts. These accounts are really for advancing netwroking abd getting the pc connected to the ms networks (something by the sounds of it, you do not need). Just keep your own accounts and the administrator accounts.


    You can check with the blackviper site for the services section to get a better idea for these services. Or the theeldergeek.

    Does the right click of the Windows Management Instrumentation in the Services and then opening the properties open properly(?) - allowing the disable and stopped? That is the service that is needed to do the changes. The other one is just secondary.

    Maybe something is wrong with the OS... files missing? Have you done a recent system file check? Basically type in sfc /scannow into the command prompt and enter- and have the windows OS media disk handy to insert into the media drive (it will often want the original disk to check with the OS itself).This may ix the wmi issue.

    Oldsod
    Best regards.
    oldsod

  8. #8
    mistress Guest

    Default Re: Receiving strange message in Events viewer, and AV seems only to run I make it run

    I might have found a solution.
    Please check:
    <a href="http://www.tech-archive.net/Archive/WinXP/microsoft.public.windowsxp.general/2004-09/7758.html" target="_blank">
    Possible Fix for Security Center/Firewall Event ID Error 1802 </a>
    Oh...btw... This problem seems not to only be MY problem.
    I have NOT done anything with this yet!
    ====
    Also, while I am here, I have a config question about the new version of ZAISS.
    Normally, I have never really had to change or add any system programs, in the 'PROGRAM'
    area, but I noticed that many items have either all XX's or ?? all the way across.
    So I looked at the WMI, and it was one that was not automatically configured.
    I changed it to: Super - and under access, I added check marks - trusted/internet,
    under server, I have ??? - trusted/internet.
    For the 1st time, the little 'dot' acknowledging that it was actually there came on.
    I am not sure if that is the correct setting, but I might know more when I reboot.

    Is there anyplace where a person can actually see the correct settings for programs,
    as not to over or under 'allow' them. I think that surely would help!
    Not only users with experience, but especially newbies, or even ppl like me, that
    have this kind of problem.
    TY!

    PS:: Oldsod, would you please add me to your 'friends' list. TY!
    --

    Message Edited by Mistress on 09-23-2007 01:51 PM

  9. #9
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Receiving strange message in Events viewer, and AV seems only to run I make it run

    Every user has different supported software or additional security or has their own personal ideas or has different networking situations or different needs and setups or different levels of experience/knowledge. Hence there is no real hard and fast rules for the Zone Alarm. But....

    If in doubt use Ask.

    But as a general rule any Trusted server will allow opened ports to the Trusted Zone (router, lan or allow as a server to the localhost). Not a real security risk, unless there are other unsafe or risky PCs on the home LAN.

    Any Internet server will allow open ports directly to the internet zone or Internet itself. This allows the application to be a server or allow incoming connections without it's own independant actions. This can be a security risk and should be used carefully.

    The Smart Defense does have built in rules, some of these rules, in many users opinions as being too relaxed. Perhaps the latest version has tightened up the deaults.

    In the basic needs for windows, the following windows processes: csrss, rundll32, services, lsass, winlogon, userinit, explorer, logonui and smss all need trusted access and ask for the internet. However as applications are installed or windows is updated or events occur, others such as mmc, msiexe, wuauclt and a few others will need both trusted and internet access. To be strict, just allow as need and do not allow permanently.

    The svchost.exe (generic host process) always needs both trusted and internet access and server for the trusted. It needs server for the trusted to both the dhcp and dns servers (which IPs should be listed as trusted in the zones of the firewall).

    As a rule, I give all windows processes three green bars or the super.

    As for browsers or emnail clients, I set as trusted and internet access and allow the server for the trusted. If you seek stricter settings, then set as Ask for the internet zone. When the applications wishes internet access, the alert must be then allowed. This is an ideal setting for users wanting stronger controls of the more commonly outbound applications - it will help stopping hijacking or help to stop firewallleaks.

    In the right click of the security applications I usually open the Options and set the Allow Application Interaction. It seems to make things runs alittle smoother.


    In the Custom Program setting, all items are enabled in the Prrogram Control. I use the OSFirewall settings to stop host file, IE search engine and IE home page changes. The activeX and program startup is set to Ask, but this can be changed to deny as time passes or as needed. But the Program Control slider should be at Medium for an initial period till the Zone Alarm gets propely trained to the system and also when installing new programs or making severe setting changes to the operating system.

    In the Advanced Program settings, I deny all internet server (as safety precation) and leave the others setting to ask. If a user does p2p or some file sharing or Internet Messengers, this should not be set to deny and instead use ask.

    Does this help?

    Oldsod
    Best regards.
    oldsod

  10. #10
    mistress Guest

    Default Re: Receiving strange message in Events viewer, and AV seems only to run I make it run

    Thank you!
    I will compare what you have to what I have, and let you know.
    I am still getting that 1802 error btw.

    Did you have a chance to see those URLs yet?

    TY!

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •