I'm having a problem with svchost.exe and was wondering if anyone could provide some insight as to some weird ZA behaviour.

On my system GHP (svchost.exe) has a trust level of Super and can access trusted/internet and act as a server in the trusted zone. It cannot act as a server in the internet zone. Smart Defence identifies the program as System. These are the ZA defaults.

On booting my PC I always get the following in the ZA alert log.

Description Generic Host Process for Win32 Services was prevented from modifying registry key: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Rating Medium
Date / Time 2006/06/10 20:38:54+1:00 GMT
Type Registry
Subtype Set Value
Data HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN ,
Program C:\WINDOWS\SYSTEM32\svchost.exe
Action Taken Blocked (once)
Count 1

I have tracked this down to the Windows Image Acquisition service which fails to start properly. If I have ZA enabled and try to start this service then it fails to start and reports the above in the ZA log. If I disable ZA then the service starts fine.

I have rebuilt the ZA logs. The problem persists.

Why would ZA block svchost from setting a registry key when the svchost process has a trust level of Super ? It doesn't make sense.

Any ideas anyone?

Operating System:Windows XP Pro
Product Name:ZoneAlarm Internet Security Suite
Software Version:6.1