Results 1 to 9 of 9

Thread: Frequent "Suspicious Behaviour" alert for know program.

  1. #1
    paradiddle Guest

    Default Frequent "Suspicious Behaviour" alert for know program.

    For the last week or so ZA Security suite version:6.5.722.000 frequently alerts me to what it thinks is suspicious behaviour. The messge is, for instance,"guard is trying to change your network settings by modifying the file: WINDRVDIR\etc\hosts" The program is Ewido. Why is ZA kicking up a fuss and what can I do to calm it down?

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:6.5

  2. #2
    chrisnstell Guest

    Default Re: Frequent "Suspicious Behaviour" alert for know program.

    I am having the same problem, but getting that message from my Zone Alarm Pro Firewall..it happens every time AVG Antivirus does a complete test.

  3. #3
    woodwise Guest

    Default Re: Frequent "Suspicious Behaviour" alert for know program.

    Yes. I think that this is where ZA got ahead of themselves. Of course, I may not understand it correctly yet. As I see it, we ZAP is now alerting us to activities that heretofore went unheeded by ZAP. And we have a way to reduce the error messages, which are not only annoying in their frequency, but so mysterious in what they warn us of that I thought that I had a virus and went to great lengths to demonstrate that I [probably] don't. The problem is that if we tell ZAP that this application is OK by clicking on the "remember this setting" box - this stops us from getting so many spurious alerts - we also open the door for a virus or trojan to take over an application without our knowledge, because them the app can do what ever it likes and ZAP thinks that it is "OK".

    In one of my instances, for example, Mathcad opens randomly-named temp process streams and temp files; if I tell ZAP that it is OK for Mathcad to do this, how will ZAP know when Mathcad gets infected and does something I don't want?

  4. #4
    forum_moderator Guest

    Default Re: Frequent "Suspicious Behaviour" alert for know program.



    Actually, should the file get infected, it's MD5 checksum would change and ZA would immediately flag you with a Changed Program alert, assuming it didn't catch the virus in the first place.

    Marcus


  5. #5
    paradiddle Guest

    Default Re: Frequent "Suspicious Behaviour" alert for know program.

    These alerts don't have a "Remember this" box ! I wish they did.I have sent my query direct to ZA's technical support now, but I don't expect an answer until Monday or Tuesday.

  6. #6
    forum_moderator Guest

    Default Re: Frequent "Suspicious Behaviour" alert for know program.



    Try setting that program to have Trusted access (2 bars), or if necessary, SuperTrusted (3 bars) in the program list.

    Marcus


  7. #7
    jarvis Guest

    Default Re: Frequent "Suspicious Behaviour" alert for know program.

    There are now some Global OS Firewall settings, See This Reply

  8. #8
    paradiddle Guest

    Default Re: Frequent "Suspicious Behaviour" alert for know program.

    Thank you Marcus and Andy.Yes, the trust setting was on three greens. Now that I have made the changes suggested by Andy I shall see what happens.

  9. #9
    paradiddle Guest

    Default Re: Frequent "Suspicious Behaviour" alert for know program.

    So far so good. Since making those changes I haven't experienced the problem. Thank you Andy.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •