Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: Random programs and services trying to gain 'net access.

  1. #1
    voivod Guest

    Default Random programs and services trying to gain 'net access.

    Running under Vista Basic:For the past couple days ZA's been popping up alerts that random programs are trying to make an outbound connection, I've updated the firewall to the latest (nightmare). Screen savers, normal processes that have NEVER in the nine months I've had the machine tried to make a connection. Programs that are already running and HAVE been given access.
    I also just noticed that ZA is NOT saving settings. The screen saver trying to access the net was denied access and had the 'remember this' box checked then a few hours later it tried again. Checked the settings and the program was still set to 'ask'.
    The times I noticed the IP address the programs are trying to connect to are all in IANA's reserved special use block (i.e. 224.0.0.252).
    AVG AV (free) reports the system clean.Kapersky Online scanner reports the system clean.AdAware reports no malicious programs.SpyBot S&D reports no problems.
    Could all these alerts just be a flub/bug in ZA? I've asked around at a few security forums and everyone's at a complete loss. This is rather unnerving.

    Operating System:Windows Vista Home Basic
    Software Version:7.1 (Vista)
    Product Name:ZoneAlarm (Free)

  2. #2
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Random programs and services trying to gain 'net access.

    Go to the firewall section and then in the internet zone, click the custom button and make sure the selection for multicast is still selected. If not check the box and click apply. Reboot the computer and see if the setting stayed.
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  3. #3
    voivod Guest

    Default Re: Random programs and services trying to gain 'net access.

    Using the free version of ZA and I don't see anything like you describe.
    Under Firewall I have "Main" with two sliders for Internet and Trusted and an Advanced button that opens a security window for blocking/allowing a few things. On the Zones tab all I have listed is my subnet adapter that I can't edit. Thanks for the reply.

  4. #4
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Random programs and services trying to gain 'net access.

    Is your trusted zone slider on medium and is your adapter subnet in the trusted zone?
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  5. #5
    voivod Guest

    Default Re: Random programs and services trying to gain 'net access.

    Trusted is at Medium. Adapter zone is Internet.

  6. #6
    voivod Guest

    Default Re: Random programs and services trying to gain 'net access.

    Changed 'adapter subnet' to 'trusted' and I'm still getting connection alerts from things like dwm.exe (desktop window manager) and my screen saver.

    Message Edited by Voivod on 04-20-2008 06:28 AM

  7. #7
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Random programs and services trying to gain 'net access.

    Unless you are on a private LAN the adapter subnet should always be on internet.

    Try resetting your settings database.

    Please note thatthis will remove your program permission settings (so you may want to make
    note of them), but re-establishing them is a simple process.

    1.) Hold down the Ctrl and Shift keys together
    2.) Right click on the ZA icon near your clock
    3.) Choose 'Reset' from the box that comes up
    4.) Choose Yes on the Reset Settings dialog box
    5.) When prompted, choose OK to restart your system
    6.) Follow the on screen configuration prompts after reboot
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  8. #8
    voivod Guest

    Default Re: Random programs and services trying to gain 'net access.

    Changed adapter subnet to Internet.Reset ZA as instructed, rebooted, followed prompts.Said I would be prompted to reboot after clicking finish.Waited 5-10 minutes. No prompt to reboot.Checked settings and the only changes I see were
    my providers
    DNS and DHCP being added to the trusted zone and the check for updates changed to automatic from manual. No other settings I've changed/set over the last months were changed/reset. No program/permission settings were removed all are intact and as I'd previously set them.
    Have tried resetting ZA twice just in case I missed something.
    Here's a weird thing I've also
    noticed... Windows defender is not remember the date of the last scan. It's telling me I haven't scanned the system in 5 days and yesterday just before running
    a scan it told me it'd been four days. Don't know if that means anything but I thought I'd include it.


  9. #9
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Random programs and services trying to gain 'net access.

    Disconnect from the internet (make sure it won't reconnect after a boot) and uncheck the load on boot option in ZA. Reboot windows to the safe mode. Once there go to c:\windows\internet logs and delete or move the files with an RDB and ldb extension. Reboot windows, and then start ZA manually, and recheck the load on boot option. Run your machine for a while, its going to ask for permissions all over again, and once it has settled down, see if it is acting the same.
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  10. #10
    voivod Guest

    Default Re: Random programs and services trying to gain 'net access.

    Followed the above instructions. Was going through the apps that need access (browser, email, FTP client, etc.) ran Spybot, checked for updates, gave permission to the apps updater. Five minutes later the application itself is asking for internet access. Denied it. Let the machine sit. Came back and had a ZA requestor saying the stupid screen saver (ribbons.scr) wants internet access. New IP but still in IANA's non-routable block (10.193.96.1). Same things as before. This is really strange.
    Oh, while I'm here, just wondering why the spooler subsystem app (spoolsv.exe, the print spooler I believe) is given automatic access as ZA sets itself up?
    Sorry for adding the 2nd question

    Edit: also noted that it's not retaining "remember this setting'
    DENY access set from the pop-up request.

    Message Edited by Voivod on 04-21-2008 04:29 AM

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •