Results 1 to 5 of 5

Thread: Zonealarm Logs... All Logs Vanished & ZA Blocking itself

Hybrid View

  1. #1
    thedillinger Guest

    Default Zonealarm Logs... All Logs Vanished & ZA Blocking itself



    When i first logged onto my PC i checked the zonealarm logs, they were all blank... considering i just installed i think a day ago this should not have happened.
    OSFirewall
    Rating

    Date/Time


    Type

    Subtype

    Data

    Action

    Taken

    Count
    Policy
    High
    2008-10-19 21:50:14+1:00
    Registry
    Set Value
    HKLM\SOFTWARE\ZONE LABS\ZONEALARM,
    Blocked (once)
    1
    Personal Policy
    High
    2008-10-19 21:50:14+1:00
    Registry
    Set Value
    HKLM\SOFTWARE\ZONE LABS\ZONEALARM,
    Blocked (once)
    1
    Personal Policy
    High
    2008-10-19 21:50:14+1:00
    Registry
    Set Value
    HKLM\SOFTWARE\ZONE LABS\ZONEALARM,
    Blocked (once)
    1
    Personal Policy
    High
    2008-10-19 21:49:56+1:00
    File

    File Write
    ZLDIR*




    Blocked (once)
    1
    Personal Policy

    The first 3 above log entries relate to "Spam Filter was prevented from changing the settings of Zonealarm Security Suite by modifying the registry key (as above)"
    The 4th above log entry relates to "Windows Explorer was prevented from changing the behavior of Zonealarm Security Suite by modifying the file: ZLDIR* "

    Also, when i click on Anti-virus/spyware, Main...
    Anti-virus On
    Anti-virus Activated
    Last Scan: 19/10/2008 21:48
    Last Update: 19/10/2008 21:58
    On-access scan is on
    Anti-spyware On
    Anti-spyware Activated
    Last Scan: 19/10/2008 21:46
    Last Update: 19/10/2008 21:58

    *notice it does not say "On-access scan is on" for the anti-spyware.
    when i first installed zonealarm internet security suite it did say this was on, in addition to the anti-virus saying the same.

    *Also, its been 25 minutes now since i first logged on... if i go to alerts & logs within zonealarm...
    Select "Anti-spyware" and it is blank
    Select "Anti-virus" and it has Date/Time: 2008-10-19 21:58:42+1:00, Type: Update, Virus name: Blank, Filename: Blank, Action: Update completed, Mode: Auto, E-mail: Blank
    I guess not showing any spyware update could be because there may not have been any new spyware in the 8 hours my pc was just off for... viruses being more common than spyware?
    yes i could go to technical support as i have bought the internet security suite and force field, i'd rather seek help here first... i like the idea of having my info posted on a public forum, ie a permanent record made for anyone who chooses to see.



    Operating System:Windows XP Pro
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: Zonealarm Logs... Log vanished?

    Hi!what you describe is normal.. LOGs of ZA are normal, you do NOT have any 'On access' scanning for the antispyware.You do not have an indication of hourly antispyware update.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    thedillinger Guest

    Default Re: Zonealarm Logs... Log vanished?

    <blockquote>Hi Fax,</blockquote>From what i've read i do not think zonealarm deletes its logs after only a day or so... its not normal for the logs to just vanish, unless there was a problem i think.
    regarding the spyware protection... does that mean we can become infected and if so... are we safe from all spyware activities, i guess the main ones are logging screen and keyboard outputs which zonealarm+force field should cover... but what about changes to the registry or other settings... would zonealarm warn us and stop that.. or not?
    have to admit it seems odd that zonealarm would let us become infected with spyware and then remove it with on demand scans, rather than there being an on-access scan that would protect us in the first place.
    On another note, i just performed an on demand scan for both virus and spyware and afterwards got the message...
    Restart computerTo run this product safely, you must restart your computer.Before restarting........................................ ............
    it found some spyware, nothing major, all low alerts.. it was gamespy arcade... and some cookies.
    there was a dll it quarantined, perhaps the restart is to do with that.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: Zonealarm Logs... Log vanished?

    Hi!
    which logs are you referring to?
    How is your ZA been configured?

    I think the best is to have a good reading of the manual, ti will explain you a lot about functions and features of ZA.
    'On Access' Spyware protection is performed by the antivirus. In ZASS you have two engines covering spyware. One by kaspersky and one by ZA. Again better you check the manual.

    Restarting the system? This is most likely something else than ZA.
    ZA does not request to restart unless it finds a virus or you installed a ZA update.

    Better you proceed with a cleaning of your system following what suggested here:
    http://forum.zonelabs.org/zonelabs/b...essage.id=3787

    Here you find the manual:
    http://download.zonealarm.com/bin/me...ser_manual.pdf

    For you case of reserved IP targeting you... it may be simply your LAN or incorrect setting in ZA of your network or other system on your LAN... nothing to worry about.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    thedillinger Guest

    Default Re: Zonealarm Logs... All Logs Vanished & ZA Blocking itself

    Related to another recent post of mine, for the record in the past i have had a lot of fake/spoofed IP addresses attack me, ones that are said to be reserved addresses and as such must be fake/spoofed... i've had more than i could count.
    Rating

    Date/Time

    Type

    Protocal

    Program

    Source IP

    Destination IP

    Direction

    Action Taken

    Count

    Source DNS

    Destination DNS

    Policy

    Rule

    High

    2008-10-19 22:00:46+1:00

    Firewall

    UDP

    Blank

    xx.xxx.xxx.xxx:4802

    (My IP):23

    Incoming

    Blocked

    1

    (this has a value, its the only entry of the 11 alerts that does)

    (My Destination DNS?)

    Personal Policy

    (Rule)
    *I clicked &quot;More Info&quot;... then on &quot;Hacker ID&quot;
    [[[SmartDefense Advisor
    xx.xxx.xxx.xxx (same IP as the source IP from the zonealarm log above) is a reserved address
    The Internet Assigned Numbers Authority (IANA) has reserved this address for its own use. Unless you are on a network that is actively involved in the development of the system for assigning IP addresses, this address was probably forged in order to hide the identity of the sender.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •