Results 1 to 5 of 5

Thread: What happens--alert log shows no action taken?

  1. #1
    critterjoe Guest

    Default What happens--alert log shows no action taken?

    ZAES 9.1.008; Win XP, SP3

    Sometimes when I do the monthly Windows security updates, the updates are installed during shutdown, so no ZA alerts are shown. I later notice in the ZA alert log (under OS Firewall), an entry like "Windows Service Pack Update tried to modify an existing driver". Driver: SENS. Action taken: (blank). There is no "allowed" or "blocked" as there would be if I made a choice in real-time if it was installing in front of me. Of course, I would have "allowed" it had I seen it in realtime. But whenever it leaves these blank entries, how does one know if that was an "allowed" or "blocked"? How would I know that the driver was correctly modified? My sens.dll version number 5.1.2600.5512 and file date doesn't appear to be different than before. So what does a blank entry for Action Taken mean? Thanks.
    Last edited by critterjoe; December 22nd, 2009 at 12:37 AM.

  2. #2
    Join Date
    Aug 2009
    Location
    Texas Gulf Coast
    Posts
    1,648

    Default Re: What happens--alert log shows no action taken?

    Quote Originally Posted by critterjoe View Post
    ZAES 9.1.008; Win XP, SP3

    Sometimes when I do the monthly Windows security updates, the updates are installed during shutdown, so no ZA alerts are shown. I later notice in the ZA alert log (under OS Firewall), an entry like "Windows Service Pack Update tried to modify an existing driver". Driver: SENS. Action taken: (blank). There is no "allowed" or "blocked" as there would be if I made a choice in real-time if it was installing in front of me. Of course, I would have "allowed" it had I seen it in realtime. But whenever it leaves these blank entries, how does one know if that was an "allowed" or "blocked"? How would I know that the driver was correctly modified? My sens.dll version number 5.1.2600.5512 and file date doesn't appear to be different than before. So what does a blank entry for Action Taken mean? Thanks.
    I log on to do PM and saw your post.I also see this.Did search on sens.dll.Checked Properties nothing changed.

    I don't have Windows Update set to Automatic.Lookup pertain info on updates and then install.

    I copy & paste from Entry Detail the following :

    Description Windows Service Pack Setup was trying to modify an existing driver or service: SENS
    Rating High
    Date / Time 2009-12-08 23:41:40-6:00
    Type Driver
    Subtype Modify Driver
    Data SENS
    Program C:\WINDOWS\SoftwareDistribution\Download\5e5aab018 4cde550e4ba21f1d2bd377e\update\update.exe
    Action Taken
    Count 1
    Policy Personal Policy

    Click More Info will take you to SmartDefense Advisor for more detail information.You can contact Support for additional info on this matter.Have no more input.Maybe other users might address this for you.

    Have a nice Holidays

  3. #3
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,466

    Default Re: What happens--alert log shows no action taken?

    Quote Originally Posted by critterjoe View Post
    ZAES 9.1.008; Win XP, SP3

    Sometimes when I do the monthly Windows security updates, the updates are installed during shutdown, so no ZA alerts are shown. I later notice in the ZA alert log (under OS Firewall), an entry like "Windows Service Pack Update tried to modify an existing driver". Driver: SENS. Action taken: (blank). There is no "allowed" or "blocked" as there would be if I made a choice in real-time if it was installing in front of me. Of course, I would have "allowed" it had I seen it in realtime. But whenever it leaves these blank entries, how does one know if that was an "allowed" or "blocked"? How would I know that the driver was correctly modified? My sens.dll version number 5.1.2600.5512 and file date doesn't appear to be different than before. So what does a blank entry for Action Taken mean? Thanks.

    I agree with SkySoildiers, Sometimes Changes or updates are made to a File from Microsoft, or Checkpoint, and either the change was so minor they the Developer did not feel the need to change the version number..

    If your still concerned, I would Contact the Tech Support Links..




    Seasons Greetings..
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  4. #4
    Join Date
    Aug 2009
    Location
    Texas Gulf Coast
    Posts
    1,648

    Default Re: What happens--alert log shows no action taken?

    Just wanted to add the following.

    Under Program Control / Programs : Windows Update " wuauclt.exe " must have Super Trust Level and " Allow " Trusted and Internet in Access and " Ask " for the rest.

    Have a nice Year
    Last edited by Sky Soldiers; December 22nd, 2009 at 01:25 PM. Reason: Typo

  5. #5
    Join Date
    Aug 2009
    Location
    Texas Gulf Coast
    Posts
    1,648

    Default Re: What happens--alert log shows no action taken?

    critterjoe, This is what OSFirewall is doing according SmartDefense Advisor.

    Windows Service Pack Setup is trying to modify the settings for an existing driver or service.

    Drivers are special computer instructions that allows Windows to access system resources, such as, memory, network interfaces, hard disks, and other devices. Since drivers run as part of Windows itself, they have unrestricted access to the system. ZoneAlarm Security Suite protects against unauthorized modification of the settings of an existing driver or service because of potential malicious behavior.

    From Help :

    OSFirewall alerts are alerts that appear when programs or processes on your computer are attempting to modify your computer's settings or programs.

    There are three types of OSFirewall alerts, two of which require a response from you: Medium-rated Suspicious and High-rated Suspicious.

    Malicious alerts do not require a response from you.

    Have a nice Xmas & Happy New Year

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •