Results 1 to 6 of 6

Thread: blocked file write

  1. #1
    geofizzell Guest

    Default blocked file write

    Hi Everyone, While inspecting my ZA log file I noticed that the OS firewall has been blocking Windows Explorer from changing ZLDIR*. Is this normal? Here is my log.
    Thanks,George
    ZoneAlarm Logging Client v8.0.059.000
    Windows XP-5.1.2600-Service Pack 3-SP
    type,date,time,source,destination,transport (Security)
    type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
    type,date,time,source,destination,action,service (IM Security)
    type,date,time,source,destination,program,action (Malicious Code Protection)
    type,date,time,action,product,file,event,subevent, class,data,data,... (OSFirewall)
    type,date,time,name,type,mode (Anti-Spyware)
    OSFW,2008/10/25,23:30:44 -3:00 GMT,BLOCKED,Spam Filter,C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe,REGISTRY, SETVALUE,SRC,HKLM\SOFTWARE\ZONE LABS\ZONEALARM,EmailSpamTotal
    OSFW,2008/10/25,23:30:44 -3:00 GMT,BLOCKED,Spam Filter,C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe,REGISTRY, SETVALUE,SRC,HKLM\SOFTWARE\ZONE LABS\ZONEALARM,EmailFraudTotal
    OSFW,2008/10/25,23:30:44 -3:00 GMT,BLOCKED,Spam Filter,C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe,REGISTRY, SETVALUE,SRC,HKLM\SOFTWARE\ZONE LABS\ZONEALARM,MFCurrentVersion
    ,2008/10/25,23:31:12 -3:00 GMT,
    AV/update,2008/10/26,00:11:58 -3:00 GMT,,Update Install Completed,Auto
    ZLUpdate,2008/10/26,00:13:14 -3:00 GMT,,,Auto
    ZLUpdate,2008/10/26,00:13:18 -3:00 GMT,,,Auto
    AV/update,2008/10/26,01:14:20 -3:00 GMT,,Update Install Completed,Auto
    AV/scan,2008/10/26,01:58:42 -3:00 GMT,C:\,Scan Completed,Auto
    AV/update,2008/10/26,02:15:56 -3:00 GMT,,Update Install Completed,Auto
    AV/update,2008/10/26,03:17:04 -3:00 GMT,,Update Install Completed,Auto
    AV/update,2008/10/26,04:18:10 -3:00 GMT,,Update Install Completed,Auto
    AV/update,2008/10/26,06:19:36 -3:00 GMT,,Update Install Completed,Auto
    AV/update,2008/10/26,07:20:38 -3:00 GMT,,Update Install Completed,Auto
    ZLUpdate,2008/10/26,08:34:44 -3:00 GMT,,,Manual
    ZLUpdate,2008/10/26,08:34:46 -3:00 GMT,,,Manual
    AV/update,2008/10/26,15:02:04 -3:00 GMT,,Update Install Completed,Auto
    AV/update,2008/10/26,16:03:24 -3:00 GMT,,Update Install Completed,Auto
    ZLUpdate,2008/10/26,16:20:34 -3:00 GMT,,,Manual
    ZLUpdate,2008/10/26,16:20:40 -3:00 GMT,,,Manual
    AV/scan,2008/10/26,17:40:42 -3:00 GMT,C:\,Scan Completed,Auto
    AV/update,2008/10/26,22:20:28 -3:00 GMT,,Update Install Completed,Auto
    OSFW,2008/10/26,22:49:06 -3:00 GMT,BLOCKED,Run a DLL as an App,C:\WINDOWS\system32\rundll32.exe,FILE,WRITE,SR C,ZLDIR*
    OSFW,2008/10/26,22:49:06 -3:00 GMT,BLOCKED,Run a DLL as an App,C:\WINDOWS\system32\rundll32.exe,FILE,WRITE,SR C,WINSYSDIR\ZoneLabs*
    OSFW,2008/10/26,22:49:06 -3:00 GMT,BLOCKED,Run a DLL as an App,C:\WINDOWS\system32\rundll32.exe,FILE,WRITE,SR C,ZLDIR*
    AV/update,2008/10/26,23:21:46 -3:00 GMT,,Update Install Completed,Auto
    OSFW,2008/10/27,00:11:38 -3:00 GMT,BLOCKED,Windows Explorer,C:\WINDOWS\explorer.exe,FILE,WRITE,SRC,ZL DIR*
    OSFW,2008/10/27,00:11:46 -3:00 GMT,BLOCKED,QuickTime Task,C:\Program Files\QuickTime\QTTask.exe,REGISTRY,SETVALUE,SRC,H KLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN, QuickTime Task
    OSFW,2008/10/27,00:11:46 -3:00 GMT,BLOCKED,Windows Explorer,C:\WINDOWS\explorer.exe,FILE,WRITE,SRC,ZL DIR*
    AV/update,2008/10/27,06:41:22 -3:00 GMT,,Update Install Completed,Auto
    OSFW,2008/10/27,06:51:44 -3:00 GMT,BLOCKED,Windows Explorer,C:\WINDOWS\explorer.exe,FILE,WRITE,SRC,ZL DIR*
    OSFW,2008/10/27,06:53:22 -3:00 GMT,BLOCKED,Windows Explorer,C:\WINDOWS\explorer.exe,FILE,WRITE,SRC,ZL DIR*
    OSFW,2008/10/27,06:54:00 -3:00 GMT,BLOCKED,Windows Explorer,C:\WINDOWS\explorer.exe,FILE,WRITE,SRC,ZL DIR*
    OSFW,2008/10/27,06:58:08 -3:00 GMT,BLOCKED,Windows Explorer,C:\WINDOWS\explorer.exe,FILE,WRITE,SRC,ZL DIR*
    OSFW,2008/10/27,06:58:44 -3:00 GMT,BLOCKED,Windows Explorer,C:\WINDOWS\explorer.exe,FILE,WRITE,SRC,ZL DIR*
    AV/update,2008/10/27,07:42:36 -3:00 GMT,,Update Install Completed,Auto
    OSFW,2008/10/27,14:09:24 -3:00 GMT,BLOCKED,Windows Explorer,C:\WINDOWS\explorer.exe,FILE,WRITE,SRC,ZL DIR*
    OSFW,2008/10/27,14:09:38 -3:00 GMT,BLOCKED,Windows Explorer,C:\WINDOWS\explorer.exe,FILE,WRITE,SRC,ZL DIR*
    AV/update,2008/10/27,14:09:46 -3:00 GMT,,Update Install Completed,Auto
    OSFW,2008/10/27,14:09:46 -3:00 GMT,BLOCKED,QuickTime Task,C:\Program Files\QuickTime\QTTask.exe,REGISTRY,SETVALUE,SRC,H KLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN, QuickTime Task
    OSFW,2008/10/27,14:09:46 -3:00 GMT,BLOCKED,Windows Explorer,C:\WINDOWS\explorer.exe,FILE,WRITE,SRC,ZL DIR*
    ZLUpdate,2008/10/27,15:11:34 -3:00 GMT,,,Auto
    ZLUpdate,2008/10/27,15:11:36 -3:00 GMT,,,Auto
    AV/update,2008/10/27,16:12:48 -3:00 GMT,,Update Install Completed,Auto
    AV/update,2008/10/27,17:14:02 -3:00 GMT,,Update Install Completed,Auto
    AV/update,2008/10/27,19:15:42 -3:00 GMT,,Update Install Completed,Auto


    Operating System:Windows XP Pro
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: blocked file write

    Yes it is okay (I suppose it could be called normal).
    Basically what is happening is the self protection built into the ZA files is blocking the explorer attempts from opening the ZA files.
    You could just give the explorer.exe the rights for the first two items listed in the Options (in the right click of the explorer.exe listed in the ZA program listing).

    Oldsod.
    Best regards.
    oldsod

  3. #3
    geofizzell Guest

    Default Re: blocked file write

    Thanks Oldsod,
    I made the changes as you suggested. I'll keep an eye on the logs to see if it made a difference.
    George

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: blocked file write

    You are welcome George.
    Oldsod.
    Best regards.
    oldsod

  5. #5
    dctomlinson Guest

    Default Re: blocked file write


    <blockquote><hr>Oldsod wrote:
    Yes it is okay (I suppose it could be called normal).
    Basically what is happening is the self protection built into the ZA files is blocking the explorer attempts from opening the ZA files.
    You could just give the explorer.exe the rights for the first two items listed in the Options (in the right click of the explorer.exe listed in the ZA program listing).

    Oldsod.
    <hr></blockquote>




    Ummm....that begs the question...why is explorer trying to access ZA files?

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: blocked file write

    Windows files such as explorer.exe and other windows files will access many other files - including other supported applications and other windows files. Not just the ZA files.
    This is part of how windows works.
    Actually all very normal.
    The security or self protection built into the ZA is really intended for a malicious file(s) attacking the ZA.
    Seeing normal windows activity is not a concern - it is when some strange file in the Temp folders or some unusually named files suddenly wants to open ZA files that this should be a concern. It is possiblely malware attempting to attack the ZA.
    The ZA is well built - it will resist these malware attacks, but these definitely malware attacks should be treated with attention, as there is a rogue file(s) on the system and these should be removed as soon as possible.
    Best regards.
    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •