I'm having a problem with svchost.exe and was wondering if anyone could provide some insight as to some weird ZA behaviour.
On my system GHP (svchost.exe) has a trust level of Super and can access trusted/internet and act as a server in the trusted zone. It cannot act as a server in the internet zone. Smart Defence identifies the program as System. These are the ZA defaults.
On booting my PC I always get the following in the ZA alert log.
Description Generic Host Process for Win32 Services was prevented from modifying registry key: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Date / Time 2006/06/10 20:38:54+1:00 GMT
Subtype Set Value
Data HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN ,
Action Taken Blocked (once)
I have tracked this down to the Windows Image Acquisition service which fails to start properly. If I have ZA enabled and try to start this service then it fails to start and reports the above in the ZA log. If I disable ZA then the service starts fine.
I have rebuilt the ZA logs. The problem persists.
Why would ZA block svchost from setting a registry key when the svchost process has a trust level of Super ? It doesn't make sense.
Any ideas anyone?
Operating System:Windows XP Pro
Product Name:ZoneAlarm Internet Security Suite