Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: ZoneAlarm Free seems to be incompatible with Webshield component of **bleep** Anti-virus

  1. #11
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZoneAlarm Free seems to be incompatible with Webshield component of [a v a s t] Anti-virus

    Personally, I feel the forum filters are a joke and not really needed.
    More of a PITA than anything else.
    Oldsod.
    Best regards.
    oldsod

  2. #12
    sgolux Guest

    Default Re: ZoneAlarm Free seems to be incompatible with Webshield component of **bleep** Anti-virus

    No file called "lspconflict.txt" anywhere on my system (or even on my LAN).

    If I boot up with webshield turned on, and then surf like a maniac, eventually all browser activity (IE and Firefox) will cease. If I turn webshield off at that point, and then close and re-open the browsers, they work. If I then turn webshield back on, things seem to work OK again for a while, but then (again after a while) the browsers stop.

  3. #13
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZoneAlarm Free seems to be incompatible with Webshield component of **bleep** Anti-virus

    Does this happen with other software firewalls or just with the ZA?

    In the web scanner what are the options or configurations details - such as stop scanning with certain file sizes or limits or certain files types (exclide .jpgs, gifs etc) or after a certain time to stop or perhaps exempt certain sites from the scanner activity and so forth. Or perhaps a rate of scan - it does seem like the connection are getting timed out, if the connections are dropped.

    http://i236.photobucket.com/albums/f...sod/avira1.jpg

    http://i236.photobucket.com/albums/f...sod/avira2.jpg

    http://i236.photobucket.com/albums/f...sod/avira3.jpg

    http://i236.photobucket.com/albums/f...sod/avira4.jpg

    http://i236.photobucket.com/albums/f...sod/avira5.jpg

    http://i236.photobucket.com/albums/f...sod/avira6.jpg

    http://i236.photobucket.com/albums/f...rawebguard.jpg

    Please check the ZA logs in the Log Viewer and look for any activity such as dns or dhcp or pings related to the web scanner.
    I would presume the web scanner does just http scanning and nothing else - but look for any unusual https or dns or pop3 activity in particular.
    Also the localhost (127.0.0.1) set as trusted in the zones of the firewall of the ZA? And the web scanner does have the trusted server?
    Try it with the web scanner with internet server and see if that improves anything.

    I presume the antivirus web scanner is filtering both inbound and outbound http traffic - the logs would show not the application connecting, but the web scanner connecting to the internet IPs.
    Rather limited resources to check, since I am just a ZA user and not an employee with all their resources.

    Please do a netstat -anb with the ZA, web scanner and the browser running all at the same time and copy/paste the results in your next post along with some deductions from the ZA logs.

    Oldsod.

    Message Edited by Oldsod on 05-02-2008 01:10 AM
    Best regards.
    oldsod

  4. #14
    sgolux Guest

    Default Re: ZoneAlarm Free seems to be incompatible with Webshield component of **bleep** Anti-virus

    Does this happen with other software firewalls or just with the ZA?
    Not with Windows Firewall, but I am assuming that is not what you meant. I have not tried any other firewalls for a long time. Last time I tried PCTools firewall (maybe a year ago?), it was such a disaster on my Vista system that I vowed never to let another piece of their software on my computer.

    In the web scanner what are the options or configurations details...
    There are options to exclude certain file types or certain MIME types from the scan. In my system, I have not used that. There is also the option of which ports to inspect HTTP traffic on -- mine is (of course) set to port 80. Other than that there is only an option to "Enable Intelligent Scanning". I am not sure what this means, but I have tried turning it off and leaving webshield running, it doesn't seem to materially change the behavior, or the problems I have.

    Please check the ZA logs in the Log Viewer and look for any activity such as dns or dhcp or pings related to the web scanner.
    There is nothing I can see. All looks very normal.

    Also the localhost (127.0.0.1) set as trusted in the zones of the firewall of the ZA?
    localhost is trusted.

    And the web scanner does have the trusted server?
    None of the [a v a s t] software has any server priviledges under ZA. They have never asked for them. Those programs all show still a question mark in the program control list of ZA.

    Try it with the web scanner with internet server and see if that improves anything.
    Not sure what you mean here... I don't know what this is.

    Please do a netstat -anb with the ZA, web scanner and the browser running all at the same time and copy/paste the results in your next post
    I have to restart my computer to do this, and don't wish to lose my editing so far, so I will add another message to the thread with that result.

    To be continued....

  5. #15
    sgolux Guest

    Default Re: ZoneAlarm Free seems to be incompatible with Webshield component of **bleep** Anti-virus

    Here is netstat -anb result, with firefox and IE running, as well as [a v a s t] Anti-Virus with Websheild component turned on, and ZA:

    <pre>Microsoft Windows [Version 6.0.6001]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.

    C:\Windows\system32&gt;netstat -anb

    Active Connections

    Proto Local Address Foreign Address State
    TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
    [httpd.exe]
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    RpcSs
    [svchost.exe]
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING

    Can not obtain ownership information

    x: Windows Sockets initialization failed: 5
    TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
    CryptSvc
    [svchost.exe]
    TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING

    Can not obtain ownership information

    x: Windows Sockets initialization failed: 5
    TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
    [wininit.exe]
    TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
    Eventlog
    [svchost.exe]
    TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
    [lsass.exe]
    TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
    Schedule
    [svchost.exe]
    TCP 0.0.0.0:49158 0.0.0.0:0 LISTENING
    PolicyAgent
    [svchost.exe]
    TCP 0.0.0.0:49159 0.0.0.0:0 LISTENING
    [services.exe]
    TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING
    [ashMaiSv.exe]
    TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING
    [ashWebSv.exe]
    TCP 127.0.0.1:12080 127.0.0.1:49521 ESTABLISHED
    [ashWebSv.exe]
    TCP 127.0.0.1:12080 127.0.0.1:49525 ESTABLISHED
    [ashWebSv.exe]
    TCP 127.0.0.1:12080 127.0.0.1:49526 ESTABLISHED
    [ashWebSv.exe]
    TCP 127.0.0.1:12080 127.0.0.1:49527 ESTABLISHED
    [ashWebSv.exe]
    TCP 127.0.0.1:12080 127.0.0.1:49528 ESTABLISHED
    [ashWebSv.exe]
    TCP 127.0.0.1:12080 127.0.0.1:49533 ESTABLISHED
    [ashWebSv.exe]
    TCP 127.0.0.1:12080 127.0.0.1:49587 TIME_WAIT
    TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING
    [ashMaiSv.exe]
    TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING
    [ashMaiSv.exe]
    TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING
    [ashMaiSv.exe]
    TCP 127.0.0.1:49168 127.0.0.1:49169 ESTABLISHED
    [firefox.exe]
    TCP 127.0.0.1:49169 127.0.0.1:49168 ESTABLISHED
    [firefox.exe]
    TCP 127.0.0.1:49170 127.0.0.1:49171 ESTABLISHED
    [firefox.exe]
    TCP 127.0.0.1:49171 127.0.0.1:49170 ESTABLISHED
    [firefox.exe]
    TCP 127.0.0.1:49521 127.0.0.1:12080 ESTABLISHED
    [firefox.exe]
    TCP 127.0.0.1:49525 127.0.0.1:12080 ESTABLISHED
    [firefox.exe]
    TCP 127.0.0.1:49526 127.0.0.1:12080 ESTABLISHED
    [firefox.exe]
    TCP 127.0.0.1:49527 127.0.0.1:12080 ESTABLISHED
    [firefox.exe]
    TCP 127.0.0.1:49528 127.0.0.1:12080 ESTABLISHED
    [firefox.exe]
    TCP 127.0.0.1:49533 127.0.0.1:12080 ESTABLISHED
    [firefox.exe]
    TCP 127.0.0.1:49583 127.0.0.1:12080 TIME_WAIT
    TCP 127.0.0.1:49585 127.0.0.1:12080 TIME_WAIT
    TCP 127.0.0.1:49589 127.0.0.1:12080 TIME_WAIT
    TCP 127.0.0.1:49591 127.0.0.1:12080 TIME_WAIT
    TCP 192.168.1.101:139 0.0.0.0:0 LISTENING

    Can not obtain ownership information

    x: Windows Sockets initialization failed: 5
    TCP 192.168.1.101:49157 192.168.1.100:445 ESTABLISHED

    Can not obtain ownership information

    x: Windows Sockets initialization failed: 5
    TCP 192.168.1.101:49522 199.239.137.245:80 ESTABLISHED
    [ashWebSv.exe]
    TCP 192.168.1.101:49529 62.41.81.17:80 ESTABLISHED
    [ashWebSv.exe]
    TCP 192.168.1.101:49530 62.41.81.17:80 ESTABLISHED
    [ashWebSv.exe]
    TCP 192.168.1.101:49531 62.41.81.17:80 ESTABLISHED
    [ashWebSv.exe]
    TCP 192.168.1.101:49532 62.41.81.17:80 ESTABLISHED
    [ashWebSv.exe]
    TCP [::]:135 [::]:0 LISTENING
    RpcSs
    [svchost.exe]
    TCP [::]:445 [::]:0 LISTENING

    Can not obtain ownership information

    x: Windows Sockets initialization failed: 5
    TCP [::]:3389 [::]:0 LISTENING
    CryptSvc
    [svchost.exe]
    TCP [::]:5357 [::]:0 LISTENING

    Can not obtain ownership information

    x: Windows Sockets initialization failed: 5
    TCP [::]:49152 [::]:0 LISTENING
    [wininit.exe]
    TCP [::]:49153 [::]:0 LISTENING
    Eventlog
    [svchost.exe]
    TCP [::]:49154 [::]:0 LISTENING
    [lsass.exe]
    TCP [::]:49155 [::]:0 LISTENING
    Schedule
    [svchost.exe]
    TCP [::]:49158 [::]:0 LISTENING
    PolicyAgent
    [svchost.exe]
    TCP [::]:49159 [::]:0 LISTENING
    [services.exe]
    UDP 0.0.0.0:123 *:*
    W32Time
    [svchost.exe]
    UDP 0.0.0.0:500 *:*
    IKEEXT
    [svchost.exe]
    UDP 0.0.0.0:3702 *:*
    FDResPub
    [svchost.exe]
    UDP 0.0.0.0:3702 *:*
    FDResPub
    [svchost.exe]
    UDP 0.0.0.0:4500 *:*
    IKEEXT
    [svchost.exe]
    UDP 0.0.0.0:5355 *:*
    Dnscache
    [svchost.exe]
    UDP 0.0.0.0:59800 *:*
    FDResPub
    [svchost.exe]
    UDP 127.0.0.1:1900 *:*
    SSDPSRV
    [svchost.exe]
    UDP 127.0.0.1:52873 *:*
    BITS
    [svchost.exe]
    UDP 127.0.0.1:55779 *:*
    Wlansvc
    [svchost.exe]
    UDP 127.0.0.1:57359 *:*
    [iexplore.exe]
    UDP 127.0.0.1:64363 *:*
    SSDPSRV
    [svchost.exe]
    UDP 192.168.1.101:137 *:*

    Can not obtain ownership information

    x: Windows Sockets initialization failed: 5
    UDP 192.168.1.101:138 *:*

    Can not obtain ownership information

    x: Windows Sockets initialization failed: 5
    UDP 192.168.1.101:1900 *:*
    SSDPSRV
    [svchost.exe]
    UDP 192.168.1.101:64362 *:*
    SSDPSRV
    [svchost.exe]
    UDP [::]:123 *:*
    W32Time
    [svchost.exe]
    UDP [::]:500 *:*
    IKEEXT
    [svchost.exe]
    UDP [::]:3702 *:*
    FDResPub
    [svchost.exe]
    UDP [::]:3702 *:*
    FDResPub
    [svchost.exe]
    UDP [::]:59801 *:*
    FDResPub
    [svchost.exe]
    UDP [::1]:1900 *:*
    SSDPSRV
    [svchost.exe]
    UDP [::1]:64361 *:*
    SSDPSRV
    [svchost.exe]

    C:\Windows\system32&gt;</pre>

  6. #16
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZoneAlarm Free seems to be incompatible with Webshield component of **bleep** Anti-virus

    I agree PCTOOLs firewall last year did have numerous bugs - getting it installed gave immediate BSOD and so forth, But the latest releases are working very well and it does run okay. Tried it on XP not just two months ago - very smooth. I dislike it because of it's nag screen.

    The antivirus web scanner must have Trusted Server rights (even if it was never asked).
    Trusted server not only applies to the dhcp and dns servers, but it applies to the localhost activity.
    Both the localhost (and very possibely the non route addresses) are very much involved with the web scanner proxy of the local host.
    ZA is like any other firewall and will closely follow and control the localhost server activity - the web scanner must have trusted server. And so must the browser involved - the browsers must have trusted server rights as well.
    I think this may be the problem.

    Please give it trusted server and also for the browsers and then close the ZA and then restart it and then see if the issue completely clears.

    Oldsod.
    Best regards.
    oldsod

  7. #17
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZoneAlarm Free seems to be incompatible with Webshield component of **bleep** Anti-virus

    Thank you.

    Please give both the browsers and the ashWebSv.exe Trusted Server rights in the ZA application control.
    I hope this will resolve the problem.

    Oldsod.
    Best regards.
    oldsod

  8. #18
    sgolux Guest

    Default Re: ZoneAlarm Free seems to be incompatible with Webshield component of **bleep** Anti-virus

    I did what you suggested - gave the [a v a s t] server and both browsers trusted server access, but the problem still pervades. After a fair amount of web surfing, the browsers appear to hang waiting for sites. Then, when I turn off webshield, the browsers work fine again.

    I am so appreciative for all your time and ideas!

  9. #19
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZoneAlarm Free seems to be incompatible with Webshield component of **bleep** Anti-virus

    OK one more last advice.
    Do a database reset of the ZA:
    [*]Boot your computer into the Safe Mode[*]Navigate to the c:\windows\internet logs folder[*]Delete the backup.rdb, iamdb.rdb, *.ldb and the tvDebug files in the folder[*]Clean the Recycle Bin[*]Reboot into the normal mode[*]ZA will be just like new with no previous settings or data

    Oldsod.
    Best regards.
    oldsod

  10. #20
    sgolux Guest

    Default Re: ZoneAlarm Free seems to be incompatible with Webshield component of **bleep** Anti-virus

    Is this &quot;database reset&quot; functionally different than uninstalling and then re-installing zonealarm?

Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •