Results 1 to 5 of 5

Thread: Oldsod -- I forgot to ask...

  1. #1
    bloomcounty Guest

    Default Oldsod -- I forgot to ask...

    I noticed this morning when I turned on the new laptop here at home (not connected to the internet), that there was a program added to Program Control in ZA that must have been added on its own sometime last night after I installed ZA 6.5.737 (and AVG A/V and A/S Free) at my friends house (and was connected to the internet at various times via his Ethernet cable, and behind his own firewall/router).

    It was this program: spooler subsystem app

    And it had two green checkmarks (one in Access-Trusted and one in Access-Internet, with ?'s in the two server columns). It wasn't automatically added when ZA installed, because I checked right after the install finished. And it *never* asked me for permission or alerted me that it was being added (so I guess it's possible that it never actually connected to the internet).

    I have never seen this program in ZA on my current/old laptop.

    So I removed it (ignoring that warning ZA gives you about removing system programs or something -- which I also ignore when I remove Windows Explorer when that gets added).

    I'll have to see if it gets added back after I connected to his Ethernet again tomorrow... but any idea why this showed up?

    Anything to be worried about? (Note that I was not part of a network or anything that I know of...)

    (I have since scanned my new laptop with AVG A/V and A/S free and both showed clear -- just FYI.)

    Let me know your thoughts. Thanks!

    Operating System:Windows XP Home Edition
    Software Version:6.5
    Product Name:ZoneAlarm (Free)

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Oldsod -- I forgot to ask...

    Next time you see something in the Zone Alarm, just right click the entry and open the Properties. This will display the file properties. Location, vendor, date/time of install, version number all can be readily seen.

    I would imagine it is the spoolsv.exe found in the WINDOWS\system32 folder. This is a legitmate windows file. Nothing to worry about. Used for the printing of file/pages/etc.

    The Printer Spooler service is enabled, thus when windows started, so did the printer spooler. It did go outbound, the ZA saw it and recognized it as legitimate, and allowed it. If not using a printer, disable the Printer Service in the Services. This will stop that issue.

    Legitimate programs going outbound is not a security risk.

    The windows explorer.exe should be listed in the Zone Alarm. It will want to go outbound. The internet activity of the explorer.exe can be controlled in the Zone Alarm. The main reason for a firewall- to control these things. Just make sure neither the explorer or the spoolsv.exe has any server rights. [These do not need any open ports.]

    The default settings for the Zone Alarm is Ask for server attempts. If an application wanted to have a server attempt, the Zone Alarm will ask by default, before allowing.
    This default setting can be changed in the Advanced of the Main of the Program Control- set both the Trusted and Internet Server Attempts to Deny. This will mean the Zone Alarm will automatically use Deny for any server attempt.

    Oldsod
    Best regards.
    oldsod

  3. #3
    bloomcounty Guest

    Default Re: Oldsod -- I forgot to ask...

    Re: Windows Explorer

    But it's not bad that I removed Windows Explorer, right?

    And next time it gets added back automatically, is it supposed to have green checks for *both* Access-Trusted and Access-Internet? Or ?'s for both?

    If green checks, then why does Windows Explorer ever really need to connect to the internet? (I've always blocked it when that happens on my old/current laptop...)

    And then X's for *both* Server-Trusted and Server-Internet, correct?
    ---------------------------------------
    Re: Spooler Subsystem App

    That's definitely what it was listed as in ZA Program Control -- Spooler Subsystem App.

    I *do* have a printer connected to my current/old laptop which has ZA 7 on it, and that has never shown up in ZA for me on that machine. So you can't need it in ZA just because you have a printer connected, because I've been printing off my current/old laptop for over a year without Spooler Subsystem App ever being added to Program Control in ZA... But it's not weird that it was added on the new laptop?

  4. #4
    prof_fate Guest

    Default Re: Oldsod -- I forgot to ask...


    <blockquote><hr>bloomcounty wrote:
    Re: Windows Explorer

    But it's not bad that I removed Windows Explorer, right?

    And next time it gets added back automatically, is it supposed to have green checks for *both* Access-Trusted and Access-Internet? Or ?'s for both?

    If green checks, then why does Windows Explorer ever really need to connect to the internet? (I've always blocked it when that happens on my old/current laptop...)

    And then X's for *both* Server-Trusted and Server-Internet, correct?
    that is Correct..
    ---------------------------------------
    Re: Spooler Subsystem App

    That's definitely what it was listed as in ZA Program Control -- Spooler Subsystem App.

    I *do* have a printer connected to my current/old laptop which has ZA 7 on it, and that has never shown up in ZA for me on that machine. So you can't need it in ZA just because you have a printer connected, because I've been printing off my current/old laptop for over a year without Spooler Subsystem App ever being added to Program Control in ZA... But it's not weird that it was added on the new laptop?
    <hr></blockquote>Here is a list (from one of the Guru's) of other important file/program names that need Trusted and Internet Access in Program control..

    Now you should not have anymore problem with
    (That Program)
    or any other program listed in Program Control..
    NOTE: Make sure all of the following Programs have Trusted and Internet access (Green Check Marks):
    a.) All Microsoft and Windows Programs have Green Check marks for Trusted and Internet Access..b.) Generic Host Process for win32 Services (svchost.exe) also allow Trusted Server Rightsc.) IE Crash Detectiond.) Internet Explorere.) Malicious Software Removal Toolf.) True Vector Service
    (If it is listed)g.) Zone Alarm Clienth.) Zone Alarm Updating Clienti.) Your Email Client needs Trusted, Internet and Send Mail all need Green check Marks..
    ---------------------------------------------------------
    ZoneAlarm Security Suite version:7.0.462.000
    TrueVector version:7.0.462.000
    Driver version:7.0.462.000
    Anti-virus engine version:3
    Anti-virus SDK version:5.0.1.82
    Anti-virus signature DAT file version:932679210
    Anti-spyware engine version:5.0.187.0
    Anti-spyware signature DAT file version:01.200712.3055
    AntiSpam version:5.0.6.8903

  5. #5
    bloomcounty Guest

    Default Why does Windows Explorer need Internet Access?

    Thanks for the post.

    1. I don't understand why Windows Explorer needs internet access? Can you explain?

    It makes me nervous to just automatically allow it to have internet access whenever it wants... so I'd like to understand why this is needed.

    2. If you set things to &quot;?&quot; instead of a checkmark, it will just ask you when it wants to access something, and if you allow it, it would be the same as having a checkmark, is that correct? (And that way you can see what/whenwhy this is happening?)

    Please let me know... Thanks!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •