Results 1 to 6 of 6

Thread: ZA firewall Application Control seems completely buggy

  1. #1
    Join Date
    Dec 2013

    Default ZA firewall Application Control seems completely buggy

    i'm a ZA Free FW user on XP Home SP3.
    I have used ZA for years already, but I noticed that ZA behaves different then how it used to.

    My observations are close to the ones remarked in:

    However the answers/assertions, "No this is By Design and not a Bug", provided in that thread are inconsistent with the user guide info, in my opinion, nor in my experience from the past with ZA, nor are they consistent with the behavior I'm seeing now.
    (Next to the fact it relates to a different software release version.)

    I did an RTFM with help->help from ZA it self.
    Then the following configuration settings:
    - Go to Application Control and ensure it is set to MAX
    - Go to Smartdefense and ensure it is set to MANUAL
    - Go to Program control and ensure that "Enable Microsoft Catalog Utilization" is UNchecked
    - Reboot the PC
    - Go to Program List and remove the entry(ies) in question.
    The user guide
    The most secure setting, but creates the most alerts. Every program must ask for, and receive, permission for network and Internet access, and for server privileges.
    On by default. Not as secure as the Max setting, but minimizes alerts by working in auto-learn mode. In this mode, the ZoneAlarm Free Antivirus + Firewall security software auto-learns the programs that you use the most, and later grants permissions to them without alert interruptions.

    SmartDefense Auto:
    The default setting. SmartDefense Advisor queries the ZoneAlarm server for an access policy for each program that asks for network or server permissions. Then, the ZoneAlarm Free Antivirus + Firewall security software makes a decision to allow or to deny the access silently, without alerts.
    Smart Defense Manual:
    For every program that asks for access permissions, you must make a decision to allow or to deny access. The SmartDefense Advisor does not make automatic decisions, but gives on-demand advice.
    Should result in the logically to be expected behaviour that:
    - The application list isn't automatically populated at all,
    - If the application list is automatically populated, the permission is set to "Ask" and combined with ZA actually asking pop-ups, when the program is used.

    Very simply to verify this isn't the specified case: there are permissions set automatically, without asking, which are usually also very permissive.
    Hence because this can't be reasonably expected from the manual, this suggests already bug.

    The behaviour quoted by user dtld, is also in this version still the same:
    when one changes the automatically generated application entry to deny or kill, the firewall shows it's self to be configured to do so but doesn't perform alike, hence causes a complete disconnect between shown configuration and executed configuration. This discrepancy is totally unreasonable to be expected and obviously extremely insecure.

    That the assertion "No this is By Design and not a Bug" is plain wrong, can also be demonstrated: ZA Free can let individual applications behave the user wants to (hence like user dtld wanted).
    However this will show the opposite erratic behaviour of the same buggy behaviour in my opinion.

    When one is quick, one can remove the application from the application list and add it manually and chenge the permissions before the automatic population mechanism strikes again.
    Hence one removes firefox, re-adds it and configures it for kill or deny access. Then one exactly gets what I and user dtld were looking for (and how ZA worked in the past) ZA blocks indeed the complete startup of firefox, or the traffic depending on whether one chose "Kill" or just "Deny" traffic. However the automatic population mechanism of course strikes again: in no time your manually configured entry is over written, again with Allow permissions of course....
    That it ain't got to do with malware or something, but plain buggy ZA firewall software comes from the fact, that the result is again a discrepancy between the actual behaviour and what the config is showing, because while ZA shows it configured for forwarding it's actually still using the invisible manual settings, hence it's blocking firefox. Also after rebooting it's still blocking, while showing "Allow".
    Also changing SmartDefense to "Auto" and again rebooting, doesn't override the invisible manual settings, ZA keeps blocking.
    The only way to get firefox working again is again to quickly remove and re-add firefox to manually allow.

    Hence it seems clear to me, that there's still the old ZA firewall functionality there always was and as the user guide also suggests, which allows individual applications to behave, in the way the user wants to. But there's also a complete run away erratic working automatic population process programmed on top of it, which causes complete disconnects between ZA's configuration and how it's actually operating.

    Does anyone else have thoughts about this ?
    And if similar, how can we get the ZA folks attention, to do something about it.

    Kind Regards.

  2. #2
    Join Date
    Nov 2004

    Default Re: ZA firewall Application Control seems completely buggy

    Sorry all users here and there is no official support for za free. The only suggestion I can give is that, the next time a beta cycle is started, you test it and provide beedback on what you feel are bugs in ZA. The beta feedback will go directly to ZA development team. More reports to beta feedback from users more likely ZA development team will look to it earlier than later. No use to report it here.

    sorry, no idea if and when the next beta cycle will start.


    Click here for ZA Support
    Monday-Saturday 24x6 Pacific time
    Closed Sundays and Holidays

  3. #3
    Join Date
    Apr 2013

    Default Re: ZA firewall Application Control seems completely buggy

    Seems to affect version 11 as well. I set my ZA to Ask when Internet Explorer needs access to the internet. It works as expected, that is, I get prompted when IE wants to access the web. I don't check the box to 'remember' my choice. Again, it works as expected. I'm prompted whenever IE needs to access the web.

    One day I accidentally click the option to remember my decision and Allow it to connect. As expected, ZA never prompts me. So I go back to ZA settings and change the check mark to question mark. ZA ignores the new setting which is to prompt me when IE wants to access the web. I never get any prompt since then. Strange thing is when I updated IE with new patches, ZA prompts me when (now patched) IE wants to access the web.

    This "Ask" setting seems to be ignored for some other Apple iTunes (and its supporting services) too.
    Last edited by morph27; December 5th, 2013 at 04:17 PM.

  4. #4

    Default Re: ZA firewall Application Control seems completely buggy

    Maybe be smart-defense control overrides manual settings ?

    I suggest to turn of smart defense if you want absolutely control over the program access rights within ZA.

  5. #5
    Join Date
    Apr 2013

    Default Re: ZA firewall Application Control seems completely buggy

    SmartDefense is set to Manual, just like OP says.

  6. #6

    Default Re: ZA firewall Application Control seems completely buggy

    Quote Originally Posted by morph27 View Post
    SmartDefense is set to Manual, just like OP says.

    Yes, manual but I suggested turning it OFF to get full control.

    The documentation says that ZA warns you in manual mode if a program claims access rights. As long it does not, smartdefense configures the access rights.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Application Control
    By Sky Soldiers in forum ZoneAlarm Configuration
    Replies: 1
    Last Post: July 10th, 2013, 07:02 AM
  2. Un-resizable window - Application control
    By Methen in forum ZoneAlarm Free Firewall
    Replies: 1
    Last Post: December 18th, 2012, 09:21 AM
  3. application control
    By Splinterd1 in forum ZoneAlarm Configuration
    Replies: 4
    Last Post: May 11th, 2012, 07:48 PM
  4. Constant scanning and application control.
    By Secret77 in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 2
    Last Post: February 12th, 2012, 02:33 PM
  5. Can't completely rid ZA firewall
    By ecco in forum ZoneAlarm Free Firewall
    Replies: 1
    Last Post: December 4th, 2010, 02:47 AM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts