Hy,
i'm a ZA Free FW 12.0.104.000 user on XP Home SP3.
I have used ZA for years already, but I noticed that ZA behaves different then how it used to.

My observations are close to the ones remarked in:
https://www.zonealarm.com/forums/sho...ck+application

However the answers/assertions, "No this is By Design and not a Bug", provided in that thread are inconsistent with the user guide info, in my opinion, nor in my experience from the past with ZA, nor are they consistent with the behavior I'm seeing now.
(Next to the fact it relates to a different software release version.)

I did an RTFM with help->help from ZA it self.
Then the following configuration settings:
- Go to Application Control and ensure it is set to MAX
- Go to Smartdefense and ensure it is set to MANUAL
- Go to Program control and ensure that "Enable Microsoft Catalog Utilization" is UNchecked
- Reboot the PC
- Go to Program List and remove the entry(ies) in question.
-----------------------------------------------------------
The user guide
Max:
The most secure setting, but creates the most alerts. Every program must ask for, and receive, permission for network and Internet access, and for server privileges.
Auto:
On by default. Not as secure as the Max setting, but minimizes alerts by working in auto-learn mode. In this mode, the ZoneAlarm Free Antivirus + Firewall security software auto-learns the programs that you use the most, and later grants permissions to them without alert interruptions.

SmartDefense Auto:
The default setting. SmartDefense Advisor queries the ZoneAlarm server for an access policy for each program that asks for network or server permissions. Then, the ZoneAlarm Free Antivirus + Firewall security software makes a decision to allow or to deny the access silently, without alerts.
Smart Defense Manual:
For every program that asks for access permissions, you must make a decision to allow or to deny access. The SmartDefense Advisor does not make automatic decisions, but gives on-demand advice.
-----------------------------------------------------------
Should result in the logically to be expected behaviour that:
- The application list isn't automatically populated at all,
- If the application list is automatically populated, the permission is set to "Ask" and combined with ZA actually asking pop-ups, when the program is used.

Very simply to verify this isn't the specified case: there are permissions set automatically, without asking, which are usually also very permissive.
Hence because this can't be reasonably expected from the manual, this suggests already bug.

The behaviour quoted by user dtld, is also in this version still the same:
when one changes the automatically generated application entry to deny or kill, the firewall shows it's self to be configured to do so but doesn't perform alike, hence causes a complete disconnect between shown configuration and executed configuration. This discrepancy is totally unreasonable to be expected and obviously extremely insecure.

That the assertion "No this is By Design and not a Bug" is plain wrong, can also be demonstrated: ZA Free can let individual applications behave the user wants to (hence like user dtld wanted).
However this will show the opposite erratic behaviour of the same buggy behaviour in my opinion.

When one is quick, one can remove the application from the application list and add it manually and chenge the permissions before the automatic population mechanism strikes again.
Hence one removes firefox, re-adds it and configures it for kill or deny access. Then one exactly gets what I and user dtld were looking for (and how ZA worked in the past) ZA blocks indeed the complete startup of firefox, or the traffic depending on whether one chose "Kill" or just "Deny" traffic. However the automatic population mechanism of course strikes again: in no time your manually configured entry is over written, again with Allow permissions of course....
That it ain't got to do with malware or something, but plain buggy ZA firewall software comes from the fact, that the result is again a discrepancy between the actual behaviour and what the config is showing, because while ZA shows it configured for forwarding it's actually still using the invisible manual settings, hence it's blocking firefox. Also after rebooting it's still blocking, while showing "Allow".
Also changing SmartDefense to "Auto" and again rebooting, doesn't override the invisible manual settings, ZA keeps blocking.
The only way to get firefox working again is again to quickly remove and re-add firefox to manually allow.

Hence it seems clear to me, that there's still the old ZA firewall functionality there always was and as the user guide also suggests, which allows individual applications to behave, in the way the user wants to. But there's also a complete run away erratic working automatic population process programmed on top of it, which causes complete disconnects between ZA's configuration and how it's actually operating.

Does anyone else have thoughts about this ?
And if similar, how can we get the ZA folks attention, to do something about it.

Kind Regards.