Results 1 to 2 of 2

Thread: Bogus access alerts?

  1. #1
    marksidell Guest

    Default Bogus access alerts?

    I am the developer of Forte Agent, the Usenet newsreader and email client.

    We have received reports from our customers that ZoneAlarm displays alerts when Agent goes online, reporting that Agent is trying to connect to the DNS port of an unrelated server.

    Using various TCP/IP monitoring tools, I have determined that the spurious accesses are being made to an akamai server (typically IP address 69.45.79.9) and that the process actually connecting to the server is vsmon.exe. The accesses occur at the moment our program calls the winsock function WSAAsyncGetHostByName() to look up the IP address for the host *it* wants to connect to.

    As you probably know, vsmon.exe is part of ZoneAlarm. On further investigation, we determined that ZoneAlarm does not generate the alerts for our program if we turn off ZoneAlarm's own automatic check for updates feature.

    So, it looks like ZoneAlarm is using our program's call to WSAAsyncGetHostByName() to trigger its own check-for-update operation. Then, ZoneAlarm reports the attempt to access its own update server as a suspicious access by our program.

    To confirm that the problem is not just with Agent, we ran the same experiment with VanDyke Software's SecureCRT telnet program. Same results.

    Questions:

    - Why is ZoneAlarm in effect piggy-backing on other program's online operations to do its update checking?

    - More importantly, why is it reporting its own online operations as suspicious activity by other programs?

    As you can imagine, our own customers are, uh, "alarmed" by the ZoneAlarm alerts. So, we're looking for any information we can provide that will mollify them.

    Mark Sidell
    Vice President
    Forte Internet Software, Inc.

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Pro
    Software Version:6.1

  2. #2
    billc Guest

    Default Re: Bogus access alerts?

    Hey Mark. I may need to refer you to the technicians at Zone Labs Technical Support for an 'official' Zone Labs response. This is only a user forum with volunteers but we do not represent Zone Labs.

    Having said that, it would seem that if you have granted Forte Agent 'access' in Program Control and your Program Control security slider is on 'Medium' and not 'High', I'm not certain why you're getting the alert. If Program Control is on 'High', then you'll get the alert. What I'd suggest you try, is either put your Program Control on 'Medium' or if on 'High', turn off your "Advanced Program Control' using the 'Custom' button.

    From Zone Labs:<hr>Advanced Program Control tightens your security by preventing unknown programs from using trusted programs to access the Internet, or by preventing hackers from using the Windows OpenProcess function to manipulate your computer. Advanced Program Control is enabled by default.

    By default, the following applications are allowed to use other programs to access the Internet:
    [*]Zone Labs security software[*]MS Word, Excel, PowerPoint, and Outlook<hr>

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •