Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help with ZoneAlarm Program Control (& also question about MS


  • Please log in to reply

#1
bloomcounty

bloomcounty

    Member

  • Member
  • PipPip
  • 93 posts
Hi,

I just got a new laptop with Windows XP SP2 on it and installed the newest version of the *free* version of ZoneAlarm. Since my last compter was a Windows 98SE machine (which had the old version of ZoneAlarm on it), things are a bit different and I'm uncertain about some new things that popped up...

I am not on a server, and I use dail-up (though I'll start using wireless when I'm somewhere that provides free usage). I have two logons on the laptop (one for me and one for my wife).

1. There are three five new things that are listed in the Program Contol section that were not there on my old machine. They are:

Application Layer Gateway Service
File name: C:\WINDOWS\system32\alg.exe
It is marked as "Ask" for Access Trusted & Internet and Server Trusted & Internet

Generic Host Process for Win32 Services
File name: C:\WINDOWS\system32\svchost.exe
It is marked as "Allow" for Access Trusted & Internet and Server Trusted. But it is marked as "Block" for Server Internet.

Windows Explorer
File name: C:\WINDOWS\explorer.exe
It is marked as "Allow" for Access Trusted & Internet and "Ask" for Server Trusted & Internet.

Service and Controller app
File name: C:\WINDOWS\services.exe
It is marked as "Allow" for Access Trusted & Internet and "Ask" for Server Trusted & Internet.

Windows NT Logon Application
File name: (I just shut down my laptop, so I don't remember...)
It is marked as "Allow" for Access Trusted & Internet and "Ask" for Server Trusted & Internet.


...none of those were listed on my old machine. These were automatically listed on my new XP machine in ZoneAlarm. The only other thing listed (so far) is AVG (which as also listed on my old machine), and I know that's okay, of course.

1a. Are these things supposed to be listed? If so, why? (And why not on my old 98SE machine?)

1b. And if they are supposed to be listed, are they set to the correct access settings for each thing?

1c. If they're not supposed to be listed, should I just remove them from the list? Why did they pop up in the first place?

2. Windows Firewall was initially on. Some setting came up that said it recognized ZoneAlarm but couldn't verify it (or something like that) and asked if I wanted to disregard the message and basically accept it as is. I just cancelled it, but when I turned my computer back on, Windows Firewall is now off. Do I want to leave this off if I'm using ZoneAlarm?

2a. Are there any other settings in Windows Firewall or ZoneAlarm that I need to make sure are set?

3. I'm I correct in thinking I'm better off using ZoneAlarm than the Windows Firewall?

Any help is apprecaited! Thanks!

Edited by bloomcounty, 05 February 2007 - 02:31 AM.

  • 0

Advertisements


#2
pip22

pip22

    Trusted Tech

  • Banned
  • PipPipPipPipPip
  • 2,663 posts
Those five you've listed are fine as they are except I would recommend one change. "Windows NT Logon Application" does not have any server rights on my PC and ZoneAlarm shows it as blocked. That's the default, I certainly haven't changed it. It may be wise you do the same:
"Windows NT Logon Application" -- 'Server Trusted' (Blocked), 'Server Internet' (Blocked).
Leave both "Access" settings as they are (green ticks).
The NT Logon does not need server rights, very few applications do on a home PC, other than your web browser and email client, and those third-party applications you use to upload photographs to your webspace.

The fact is, there are many more services running on Windows XP compared to your old Windows 98SE, plus the fact that the new ZoneAlarm 7 has been 'beefed up' to offer even greater protection, so even Windows Explorer gets "interrogated". So you will see more things requiring ZoneAlarm's attention than you had in Windows 98.

Your XP Firewall should be "off" if you have a third-party one installed. ZoneAlarm turns it off automatically during ZoneAlarm setup. Having two software firewalls running together is not recommended.

Of the two, ZoneAlarm is infinitely better. The XP firewall only monitors traffic travelling in to your PC. ZoneAlarm and all other competing products monitor traffic coming in and going out. So you could say the XP firewall only does half a job.

Edited by pip22, 05 February 2007 - 10:00 AM.

  • 0

#3
bloomcounty

bloomcounty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Thanks for the post! I will make the change you suggested.

I saw this posted on another board:

Application layer gateway works alongside the windows firewall, seeing as you don't use the windows firewall you can block this completely or disable the service if you want. If an app is allowed to act as a server it means it will accept incoming connections.

...so should I either block or disable this? Or leave as is? What's best?

Also, why is it okay to Allow the Generic Host Processes in Trusted Server?

Thanks again! :whistling:

Edited by bloomcounty, 05 February 2007 - 09:36 PM.

  • 0

#4
bloomcounty

bloomcounty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Hi again pip22,

In addition to the questions above, there are now a bunch more programs listed in Zone Alarm, so I'm getting confused as to what's what :blink: (and a bit parnanoid :whistling: ).

So I've done a screen capture of all of them, to make it easier! :help:

ZoneAlarm.jpg

I've also made the change to Windows NT Logon Application as you recommended (as shown). ZoneAlarm gave me a warning about applying custom settings to system program, but I just made the change anyways. (That seems a standard warning if you try to change certain things?)

If you don't mind providing further help -- that would be great! Thanks so much! :help:

Edited to add image...

Attached Thumbnails

  • ZoneAlarm.jpg

Edited by bloomcounty, 06 February 2007 - 11:01 AM.

  • 0

#5
pip22

pip22

    Trusted Tech

  • Banned
  • PipPipPipPipPip
  • 2,663 posts
Hi again.

Application Layer Gateway Service -- what you saw elsewhere is not strictly true. It is indeed used by the Windows Firewall, but it's also a required service if you share resources (files, printer etc) with another PC on an internal network. Only disable it if neither of those apply to you. All I can advise you is that it's in my ZoneAlarm list with green ticks for all except 'server internet' (blocked)., and that's ZoneAlarm's settings, not mine. never given me any problems.

Generic Host Process for Win32 Services -- again, I've advised you based on my own default settings which have never done me any harm. All green ticks except for 'server internet' (blocked).

I have no reason not to trust ZoneAlarms automatic configuration so I leave them alone unless forced to make a decision when asked, or if an internet aware application can't connect when I need it to.

That long list in your ZA Programs list is simply the number of programs that ZoneAlarm has detected is capable of using an internet connection, be it for obtaining updates (like AVG) or a one-off program registration, or opening a web-page link through another application (like Microsoft Word can open your web-browser). As you'll see, nearly all of them have a question mark for all permissions. That means whenever one of those programs or program-components asks for internet-access, ZA will ask you first if you want to allow it. As that can be very tedious for things like regular AVG updates, you'll also be given the option to tick "always allow" for that particular process.

Asking your permission (the 'question mark' setting) is infinitely better than ZA deciding "I don't know what to do with this so I'd better block it". That would mean half of your online programs would not work !

Relax, most of those programs in your screen-capture pic will probably never need internet access even though they contain a component that requires it. It depends how you use that program. For example, some photo-editing software has a utility to upload photos to a webpage. To do that it needs internet access. But if you only edit photos with it and don't bother with the uploading bit, then it doesn't need internet access, so you can either block it completely in ZA or just remove it from the list to make the list more manageable.

AS I said, ZA has simply created that list by scanning your PC for applications which MAY need internet access depending on how you use the program.

Phew! MY arms are aching! Don't take this the wrong way, but you may like to visit the ZoneAlarm users forum at:
http://forum.zonelabs.org/zonelabs

But don't get too wound up about what ZoneAlarm is doing. Let it get on with it's job. It's automatic configuration is one of the best in the business. Just read what pops up before you press "allow" or tick "always use this setting".

You'll be less paranoid and less hassled by those pop-ups if you make a small change here:
1. Open ZoneAlarm Control Centre window (double-click tray icon)
2. At bottom left, click "Alerts & Logs".
3. At right, click the radio button labelled "Off"

This will suppress all but the important alerts from the tray area. You'll still be alerted whenever a program tries to access the internet (unless it already has permission), but you won't be hassled by everything that ZoneAlarm is doing on your behalf (such as blocking suspicious attacks). ZoneAlarm will just get on with it in the background. Much less stressful!

Edited by pip22, 06 February 2007 - 01:14 PM.

  • 0

#6
bloomcounty

bloomcounty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Thanks SO much for your very helpful post!

I'm not on a server... just have two separate logons on the laptop (mine and my wife's).
So I'll check out the ZA message boards (I didn't know there was one!) and verify if it's
okay to block that or leave as is.

And I do have it set not to bug me with those pesky messages! :blink:

Thanks again for all your help (and some piece of mind)!

:whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP