Results 1 to 10 of 10

Thread: ForceField and "_ISW_RESTRICTED_GROUP_"

  1. #1
    Rzzo Guest

    Default ForceField and "_ISW_RESTRICTED_GROUP_"

    Hey. Few days ago i noticed that some of my personal folders are shared to internet (I use Vista) and i watched folder users and there was "_ISW_RESTRICTED_GROUP_". When I googled it, almost all pages informed that it have something to do with ZoneAlarm. Is my firewall program really sharing my folders or is this possible some kind of vulnerability?

    Im using Windows Vista (SP2) and newest ZoneAlarm. ZoneAlarm also have been reporting a lot lately that it have blocked incoming connections that use port 22. I dont run any server or shell or irc programs in this computer, so what are these all the time incoming connections that use port 22?
    Last edited by fax; February 9th, 2010 at 07:20 AM. Reason: Title

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Why is ZoneAlarm sharing my folders

    Hi!
    I think the best is to contact ZA support directly. I have only seen a post in here referring to it from last year with no other users answering. Link to support in my signature. Let us know if you get any insights

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    Rzzo Guest

    Default Re: Why is ZoneAlarm sharing my folders

    Quote Originally Posted by fax View Post
    Hi!
    I think the best is to contact ZA support directly. I have only seen a post in here referring to it from last year with no other users answering. Link to support in my signature. Let us know if you get any insights

    Cheers,
    Fax
    Hey. Where/how I can do that? I tried to find some support email address but didnt have much luck.

  4. #4
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,470

    Post Re: Why is ZoneAlarm sharing my folders

    Quote Originally Posted by Rzzo View Post
    Hey. Where/how I can do that? I tried to find some support email address but didnt have much luck.
    Sorry there is no Direct Email adress for Tech Support..

    Please Click on the Tech Support Link in my Signature..

    I just checked and Tech Support Live Text chat is On-line Now..

    Please Post back with your Progress Report..
    --------------------------------------------------------
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    Rzzo Guest

    Default Re: Why is ZoneAlarm sharing my folders

    : "_ISW_RESTRICTED_GROUP_" is created by the browser security features in ZA ForceField. It is part of the virtualization processes. This folder is not shared over the internet however."

    : That group is created by ForceField. This is a special group with restricted rights which is used to run virtualized processes. It used to limit permissions of virtualized process, so it will not be able to damage system even if it bypasses our hooks. Files saved directly by virtualized processes (e.g. by using Save As or favorites created by IE) will have this group in the list of owners. It shouldn’t be a problem for user (other than seeing it in the list of groups in file properties). We haven’t seen any bugs about it."

    And he also told that ZoneAlarm should block windows file sharing automatically even if windows is showing that files are shared, so Im guessing that there is no problem then.

    Kind weird though because i never had shared my personal folders (there where no other folders shared to internet) or downloaded anything to them from internet, those folders are in two different hard drive and most of those folders just contain my documents. And when i disable file sharing from those folders, it soon get enabled itself. So i guess i just have to trust that zonealarm firewall dont allow them to be shared to internet though windows is trying to do so for some reason

    And i read that port 22 can be used to hacking, but i guess it dont have anything to do with this case because zonealarm said that it blocked those connections that used port 22.
    Last edited by Rzzo; February 9th, 2010 at 07:08 AM.

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Why is ZoneAlarm sharing my folders

    Quote Originally Posted by Rzzo View Post
    So i guess i just have to trust that zonealarm firewall dont allow them to be shared to internet even that windows is trying to do so for some reason
    Thank you for posting the answer from support. This clarify the issue related to that folder.

    Note that ZA takes overs on PC resources sharing, you need to configure it properly to allow or not allow sharing (via the ZA firewall section --> Internet and Trusted zones). Whatever is "internet" has not unattended access to your PC.

    Please consult the online help to know better how ZA operates.

    Thanks,
    Fax
    Last edited by fax; February 9th, 2010 at 07:14 AM.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    Rzzo Guest

    Default Re: ForceField and "_ISW_RESTRICTED_GROUP_"

    Hey. Thank you guys for helping. My last question is that:

    if i havent updated windows needed security updates, is there chance that somebody could hack into my windows by exploiting some windows vulnerability though ZoneAlarm is running?

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: ForceField and "_ISW_RESTRICTED_GROUP_"

    Yes, its possible you get hacked and no security tools can cover this risk if they run on an unstrusted platform (i.e. running ZA on an unpatched OS). It is essential that you keep your OS up-to-date.

    Check with secunia if you are running vulnerable software:
    http://secunia.com/vulnerability_scanning/online/

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    Rzzo Guest

    Default Re: ForceField and "_ISW_RESTRICTED_GROUP_"

    Wow, that solved my problem . Windows update said that i had all updates installed, but then I run that scan site and it found out:


    MS10-009: Vulnerabilities in Windows TCP/IP could allow remote code execution

    MS10-015: Vulnerabilities in Windows kernel could allow elevation of privilege

    MS10-006: Vulnerabilities in SMB client could allow remote code execution

    MS10-012: Vulnerabilities in SMB Server could allow remote code execution



    I downloaded those updates manually and installed and now windows doesnt share those my folders automatically anymore . Thanks.

    Is there anything that I should check anymore?

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: ForceField and "_ISW_RESTRICTED_GROUP_"

    You should be OK now. Strange that windows update reported you are updated...

    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. NTFS permissions for ZoneAlarm folders question
    By bbuddha in forum Security Issues
    Replies: 3
    Last Post: June 6th, 2009, 03:25 AM
  2. ZoneAlarm Free blocking printer sharing
    By kleimann in forum ZoneAlarm Configuration
    Replies: 9
    Last Post: March 28th, 2009, 03:17 PM
  3. Problems with sharing folders on a network
    By kchight in forum ZoneAlarm Configuration
    Replies: 18
    Last Post: September 9th, 2007, 06:59 PM
  4. ZoneAlarm will NOT work unless you display your "Folders List" ....
    By tkh in forum Anti-spam & Parental Controls
    Replies: 6
    Last Post: April 19th, 2007, 07:19 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •