I have just set up a new, completely clean installation (onto a recently zeroed hard disc) of Windows XP Pro SP3. Outside of the required drivers (ATI video and ThinkPad power), the only thing program I added so far was WinRAR (so no office suite, no utilities, no antivirus, no firewall, or at least none of that other than what I am forced to have by Uncle Bill and his All Knowing Installer).
I installed ZoneAlarm Extreme Security 9.1.008.000 (TrueVector and driver also have this version number), with antivirus engine 126.96.36.199, antispam engine 188.8.131.523, and forcefield 184.108.40.206. I allowed it to update itself to antivirus DAT file 997624986. I am using the trial version to see if I like it (have been using an older ZA Pro for years and been really happy with it).
I want to restrict what ports and protocols *each* program can use (my experience with certain programs has been extremely unnerving, and I have seen ZA confused into believing a program was something else). So, I enabled 'advanced program control', 'timing attack prevention', 'application interaction control', 'component control', and 'services control'. I also disabled 'microsoft catalog utilization'.
My system still works fine at this point, and I can do sundry things like ping my router, telnet to it, touch a few select outside sites (but not with IE yet, since I don't trust it at all). Now, I want to set it up so that, for example, the MS telnet client is only allowed TCP connections on port 23. I launch the MS telnet client once so it appears in ZA's list, then kill it. Now, I go to the expert settings in ZA's program list and add a single rule: ALLOW TCP port 23. Now, telnet again to another machine and my Windows box is hung hard (need to power cycle to get it back). Reboot, go back to the programs list, pick telnet again, and change the rule so it's ALLOW TCP port 1234. Telnet to another machine and all is well (since apparently ZA's default expert rule is ALLOW and default telnet port is 23). Try telnet again, but this time use port 1234 instead. Windows hangs hard; must power cycle again. Get back to the expert page for the telnet program and change the action to DENY. Try telnet again on port 23, fine. Now port 1234 and windows hangs hard again.
Basically, it looks to me, after a few hours of serious frustration, that any hit in this version of ZA on an expert rule for a program simply hangs the entire system hard. I have tried to do similar things with other programs (say, the ping program) and the results are always the same -- any hit to a program's 'expert' rule (even an 'everything else' rule at the end of a set of expert rules) will hang the entire machine. No BSOD, no dialogue, no response from mouse or keyboard or network or other input device -- just hard hang that requires a power cycle or hardware reset strobe to recover.
Oh, this is probably a moot point within this context, but I also noticed that I could not set the message type when I choose ICMP as the protocol in the expert settings.