I have a Corel Video Studio installed on a Windows 7 PC along with ZoneAlarm. It's a legitimate copy and I use it regularly. It is, however, constantly phoning home and bombarding me with offers which I find annoying considering it is paid for software. e.g. "Holiday Gifting Made Easy - Pick your gift for your special photographer....." Buy Corel PaintShop Pro etc.
So, I banned "Corel VideoStudio Pro" from accessing the net and "Corel VideoStudio Screen Capture". In fact pretty much everything in my Application Control Settings is banned unless it has a legitimate reason for accessing the net - why should I waste bandwidth to look at an advert for software I have already paid for or don't want? The only programs that can access the net are Firefox and various updaters (yes I have checked very thoroughly that there is no other sneaky named software doing this).
So, imagine my surprise when I suddenly find that I am presented with another advert from Corel. How on earth did it manage this - it's banned from accessing the net!!!!!?????
Well it turns out that it is using the "Host Process for Windows Services" in order to gain access and it is completely bypassing the firewall application controls.
If I ban "Host Process for Windows Services" from accessing the net then Firefox stops working so I can't stop this relentless bombardment from Corel.
BIG QUESTION: If Corel can do this then so can any program installed on my PC - what is the point of Application Control if all the software has to do is access the net via Host Process for Windows Services?????
And before anybody asks - yes it is all practically red crosses for all the programs running. Most secure but creates the most alerts is set. DefenseNet is set to manual. I have even turned off the Microsoft Catalog Utilization.
Could someone explain why this giant sized backdoor seems to be present in ZoneAlarm? More to the point what are you going to do about it?