Results 1 to 4 of 4

Thread: LSASS.EXE Warnings (Revisited) ZA Pro

  1. #1
    forkys Guest

    Default LSASS.EXE Warnings (Revisited) ZA Pro

    I realize this is not the first message trying to unravel the
    ways ZA Pro deals with this XP file (service).

    As far as I'm aware there's
    still no answer/solution to:

    1) If you allow and tick the "always etc.... box, why doesn't ZA keep this setting?
    for every time the Smart defense (what is so "smart" on this one?) warning keeps bugging me.


    Anyone having a solution?

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: LSASS.EXE Warnings (Revisited) ZA Pro

    Hi!which version of ZA are you using? 5,6,7? (337? 462? 470?)It does it only with lsass.exe? And why 'lsass.exe' is asking for permission (trusted, internet, server)? SmartDefence for lsass.exe is set to? auto, custom?If you go to "C:\Windows\Internet Logs" do you see any ***.tmp file?Permission request, or repated permission request may be related to:- the executable has changed(windows update, interaction with other tools)- Corruption of the ZA settings.Corruption of ZA settings can be caused:- your system had hangs/crashes- you had cold shutdown (improper shutdown). Including forced shtutdown (ZA save settings at shutdown)- you are infected by malware- there are conflicts with other tools installed on your systemCheers,FaxP.S. you seem to be plugged by problems with ZA.... probably need to look for alternative solutions?P.S.II I have seen issue of lsass.exe wanting access to 0.0.0.0 but this is limited to ZAPRO for VISTA and not XP version of ZA

    Message Edited by fax on 04-27-2008 10:50 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    forkys Guest

    Default Re: LSASS.EXE Warnings (Revisited) ZA Pro

    I'm not sure about being plugged- it only started after upgrading (and paying..) from free version to ZA Pro 7.

    There are indeed several xDB*.tmp files in this directory . Below you find a ZA log file which makes mention of this LSA Shell export (and another recurring is the svchost one).

    You mentioned on an earlier occasion that it might be an option to uninstall and reinstall Pro? Is this a straight forward exercise or do I need to remove registry entries etc?

    ZoneAlarm Logging Client v7.0.470.000
    Windows XP-5.1.2600-Service Pack 2-SP
    type,date,time,source,destination,transport (Security)
    type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
    type,date,time,source,destination,action,service (IM Security)
    type,date,time,source,destination,program,action (Malicious Code Protection)
    type,date,time,action,product,file,event,subevent, class,data,data,... (OSFirewall)
    type,date,time,name,type,mode (Anti-Spyware)
    OSFW,2008/04/26,07:31:36 +2:00 GMT,UNKNOWN(0),LSA Shell (Export Version),C:\WINDOWS\system32\lsass.exe,PROCESS,OPE NPROCESS,SRC,C:\WINDOWS\system32\ZoneLabs\UpdClien t.exe
    OSFW,2008/04/26,07:31:40 +2:00 GMT,UNKNOWN(0),Generic Host Process for Win32 Services,C:\WINDOWS\system32\svchost.exe,PROCESS,O PENPROCESS,SRC,C:\WINDOWS\system32\ZoneLabs\UpdCli ent.exe
    ZLUpdate,2008/04/26,07:36:46 +2:00 GMT,,,Auto
    ZLUpdate,2008/04/26,07:36:50 +2:00 GMT,,,Auto
    OSFW,2008/04/26,15:32:22 +2:00 GMT,UNKNOWN(0),LSA Shell (Export Version),C:\WINDOWS\system32\lsass.exe,PROCESS,OPE NPROCESS,SRC,C:\WINDOWS\system32\ZoneLabs\UpdClien t.exe
    OSFW,2008/04/26,15:33:24 +2:00 GMT,UNKNOWN(0),Generic Host Process for Win32 Services,C:\WINDOWS\system32\svchost.exe,PROCESS,O PENPROCESS,SRC,C:\WINDOWS\system32\ZoneLabs\UpdCli ent.exe
    ZLUpdate,2008/04/26,15:37:34 +2:00 GMT,,,Auto
    ZLUpdate,2008/04/26,15:37:38 +2:00 GMT,,,Auto
    OSFW,2008/04/26,15:41:30 +2:00 GMT,BLOCKED,Services and Controller app,C:\WINDOWS\system32\services.exe,REGISTRY,SETV ALUE,SRC,HKCS\SERVICES\VSMON,Start
    OSFW,2008/04/26,17:16:24 +2:00 GMT,UNKNOWN(0),LSA Shell (Export Version),C:\WINDOWS\system32\lsass.exe,PROCESS,OPE NPROCESS,SRC,C:\WINDOWS\system32\ZoneLabs\UpdClien t.exe
    OSFW,2008/04/26,17:16:30 +2:00 GMT,UNKNOWN(0),Generic Host Process for Win32 Services,C:\WINDOWS\system32\svchost.exe,PROCESS,O PENPROCESS,SRC,C:\WINDOWS\system32\ZoneLabs\UpdCli ent.exe
    ZLUpdate,2008/04/26,17:21:38 +2:00 GMT,,,Auto
    ZLUpdate,2008/04/26,17:21:40 +2:00 GMT,,,Auto

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: LSASS.EXE Warnings (Revisited) ZA Pro


    <BLOCKQUOTE><HR>forkys wrote:
    There are indeed several xDB*.tmp files in this directory .
    <HR></BLOCKQUOTE>This is an indication that ZA tries to save changes to your configuration in ZA database and fail to do so.So it creates a temporary file where to store these changes and load them at next reboot.Something wrong then with your settings. Probably better to try to reset the settings.Leave ZAPRO at default and see what happen. See my previous post for reasons why ZA database get corrupted.To reset the ZA database do the following:1.) Hold down the Ctrl and Shift keys together
    2.) Right click on the ZA icon near your clock
    3.) Choose 'Reset' from the box that comes up
    4.) Choose Yes on the Reset Settings dialog box
    5.) When prompted, choose OK to restart your system
    6.) Follow the on screen configuration prompts after reboot

    Try not to restore any previous settings just in case its a problem of your saved configuration.

    Alternatively you could update to the latest version (473) and choose 'clean' install when prompted. This will start ZAPRO with fresh settings. (http://download.zonealarm.com/bin/fr...473_000_en.exe)

    Cheers, Fax


    Message Edited by fax on 04-27-2008 12:28 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •