Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: ZA blocking internet activity after period of inactivity

  1. #1
    kep_zauser Guest

    Default ZA blocking internet activity after period of inactivity

    System: XP Home SP2 running latest version of ZA Security Suite - firewall, virus, spyware in use and all up to date.The system starts up fine. Everything works great- even email is retrieved and scanned just like normal. The problem is when the screen saver (blank screen) comes on for a period of time - maybe 30 mins or so. I move the mouse, enter the user password, and the desktop appears - like normal. No applications are running. ZA appears to be normally running in the tray at the bottom. However, no internet activity is allowed. The log indicates svchost.exe is blocked sending a DNS packet. This is a normal stop when activity is detected before ZA has fully loaded on startup. But the system didn't just start up, it's been up for a long time. This problem repeates over and over after returning from the screen saver being on. I'm not logging out, I'm just letting the screen saver come on. I regain internet access by terminating ZA then restarting itfrom the start menu. I've never had this problem with earlier versions of ZA Security Suite. There are no detectable viruses or spyware. Windows update is current. No other applications are running when left idle.

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:6.5

  2. #2
    billc Guest

    Default Re: ZA blocking internet activity after period of inactivity

    Go to your ZASS Program Control > Main tab, click on the 'Custom' button in your Internet Lock panel and see if you've enabled the auto lock to come on when your screen saver is activated. If so, turn it off.

  3. #3
    kep_zauser Guest

    Default Re: ZA blocking internet activity after period of inactivity

    I checked it, Thanks.Automatic lock is disabled so no autolock options are active. I remember the ZA main page showed the 'lock' icon as unlocked. I reviewed the system logs (security, application, system) - no warnings or errors. It did indicate that the TrueVector service was successfully started and never indicated it was terminated.The messages were appearing in the ZA Firewall log as: Description Packet sent from 192.168.0.100 (UDP Port 1035) to 192.168.0.1 (DNS) was blocked
    Rating Medium
    Date / Time 2006/08/10 04:47:02-7:00 GMT
    Type Firewall
    Protocol UDP
    Program svchost.exe
    Source IP 192.168.0.100:1035
    Destination IP 192.168.0.1:53
    Direction Outgoing
    Action Taken Blocked
    Count 1
    Source DNS AAE-1
    Destination DNS dslmodem.domain.actdsltmp

  4. #4
    zzzzzzzzzzzzzzz Guest

    Default Re: ZA blocking internet activity after period of inactivity

    For me when Zone Alarm decides to block the internet, its all over. No amount of fiddling can unlock it. Shut down and re-open?? forget it. Format and reload?? sometimes it is OK for awhile then Boom! once it calls home its all over.!! no more surfing while Zone Alarm is awake, It musy be turned off completely so I can surf. It was O.K. for years (version 3.7. 098)even with XP it was great, Now Zone Labs has decided to kill it so we will buy a newer one. Huh Uh!! it wont work Z Labs. We will show our appreciation for being herded around like that by going to a different firewall.

  5. #5
    billc Guest

    Default Re: ZA blocking internet activity after period of inactivity

    Check your ZASS > Firewall > Zones panel to make certain your LAN IP is in the Trusted zone. The LAN should look something like this 192.168.0.0 /255.255.255.0 . If it doesn't then add it by clicking on the 'add' button then select 'Subnet' and enter these IP's. Also make certain you have granted Generic Host Process For Win32 Services 'access' in both zones and 'server' rights in the Trusted zone but not the Internet zone. The UDP (User Datagram Protocol) that is being blocked is used by DHCP servers to renew your IP. See if that helps.

  6. #6
    billc Guest

    Default Re: ZA blocking internet activity after period of inactivity

    Sounds like you've got a configuration problem or a corrupt upgrade. Did this problem begin after you upgraded to a newer version of Zone Alarm?

  7. #7
    kep_zauser Guest

    Default Re: ZA blocking internet activity after period of inactivity

    That network configuration was found and identified when ZA was installed. Since it was the only network I can see, and has access in/out to/from the internet, I placed it in the internet zone when asked. It's the only network this computer sees which is a D-Link router (DHCP is on) connected to a Qwest DSL modem. If I change this network (192.168.0.0/255.255.255.0) from zone internet to zone trusted, what is the need for the internet zone? How do I subsequently define an Internet network/zone?The 'scvhost.exe' program is currently set to SYSTEM, SUPER, access to TRUSTED and INTERNET, server to TRUSTED only, no MAILNormally ZA has no problem with the way it's currently set up. Internet functions work fine. They cease after a relatively long period of inactivity normally associated by the screen saver having been on.

  8. #8
    billc Guest

    Default Re: ZA blocking internet activity after period of inactivity

    Here's the problem. By default Zone Alarm blocks UDP packets in the Internet zone and UDP is the protocol used by DHCP servers including routers. Change your LAN in your Firewall > Zones panel from the Internet zone to the Trusted zone. This should then allow the UDP packets to get in even when your screen saver is activated. I'm not 100% sure that will fix it, but I think it should.

    If you did not have a router and were connected directly to your modem, I would then tell you to find the IP for both your DNS & DHCP servers and put them in the Trusted zone. All other computers are in the Internet zone by default. But since you have a router, you should put your LAN IP in the Trusted zone. Hope this makes some sense to you.

  9. #9
    kep_zauser Guest

    Default Re: ZA blocking internet activity after period of inactivity

    Thanks,I now understand your approach. After doing some research I found that this svchost 'issue' is not so uncommon a problem affecting multiple versions/products of ZA. The root of the problem (as best I can interpret it), scvhost begins to act as a server in some systems after some period of time either with or without activity (in my case, it's after long inactivity). It's not allowed tofunction this way by default in the internet zone. It's seems missleading in that it's blocking normal outbound traffic to resolve names to IPs. - I think this block is a subsequent result of it's activity change. I don't know how to prove any of this - but seems consistant with everything I've read. Internet access is not stopped; access by IP works fine. The problem can be temporarily corrected by stopping and restarting svchost or ZA itself.It's probably not prudent to put my internet exposed subnet into the TRUSTED zone. I'll have to somehow addQwest's DNS IPs as trusted in some expert rule or something. - At least until I can figure out why svchost acts this way. Itmay be some malware that's currently undetcted. - How would I even find that?

  10. #10
    billc Guest

    Default Re: ZA blocking internet activity after period of inactivity

    Glad you've found a solution that works for you. I would like to add that I do not believe you will expose yourself to any additional risk by adding your LAN including your subnet to the Trusted zone and give Generic Host Process For Win32 Services server rights to the Trusted zone.Nonetheless, if you feel better with what you're doing, I'd stick with it.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •