yup i think thats what this was lol

so im siting there in sneaky super stealth mode me and my tds-3 ZAP port explorer dimonds regystry protection anti spam seetings in ie and boclean and ad watch with hta stop and neo trace on stand by

im downloading something and something is doing random scaning i feel like a a ninja or a navy seal avoiding the enmy but im arm with the latest high tech gear he he he

but i think 5 hours was a bit much cause eventualy i recived this

rating high typ program acess Uknowen Process-16057761 (Find Error) outgoing connection blocked 48 times

did the badys spot the elusive blaze in zap super stealth mode?

do i have a nasty in my bunker is there a spy in my ranks has a secret program infitrated my psc and has gone rogue? lol

-{ Quote: "rating high typ program acess Uknowen Process-16057761 (Find Error) outgoing connection blocked 48 times

did the badys spot the elusive blaze in zap super stealth mode?

do i have a nasty in my bunker is there a spy in my ranks has a secret program infitrated my psc and has gone rogue?" }-
Well you may have company in the bunker if it was a blocked outgoing connection. :o

But before we jump to conclusions, do you have any more detailed information - log entry?

Regards,
CrazyM

more info how do i get more i try seaching for it found nothing did tds update scan found nothing

did a sweep spy bot search and adware found nothing try sweet talking my pc and give it a rub dub dub and it said nothing

try talking to zap for more info lol it just sat there stareing at me ith blank stare lol

Were the outbound alerts generated by ZAP?

If you do not have a utility for log analysis, you might want to look at something like VisualZone (http://www.visualizesoftware.com/).

If it was the firewall blocking the outbound, it would be nice to know the application (if possible), source/destination IP's and ports. Just edit your IP when posting firewall log events (123.45.xx.xxx). For these blocked outbound alerts you will be looking for the FWOUT entries.

Regards,
CrazyM

Hi MRBlaze,

You weren't using this FlashCatcher program by any chance at the time this happened?
( http://www.wilderssecurity.com/showthread.php?t=5320;start=15 )

Regards,

Pieter

-{ Quote: "You weren't using this FlashCatcher program by any chance at the time this happened?" }-
Hi Pieter

The same thought crossed my mind. That is why the logs would be nice to see where the outbound was headed.

Regards,
CrazyM

-{ Quote: " quoting: CrazyM link=board=23;threadid=5429;start=0#35512 date=1039686986]
The same thought crossed my mind. That is why the logs would be nice to see where the outbound was headed.
" }-

I wasn't sure if you'd noticed that thread :)

Regards,

Pieter

NeoTrace will try to get out as it has settings for location like North America/South America and will want to get set to trace once asked. My two cents.

If not NeoTrace one of them there proggies was wanting out.

nope it was out bound no destination just internet

and the name of the program was just that Uknowen Process-16057761 (Find Error) creation date something like not valid or something to that effect

no wasnt useing flash catcher or any thing just ideling

only thing i could think of and i know this is going to sound very stupit but it could be an aol thing

when aol reports an anoying error it goes something like this.

aol or waol has caused and error if you continue to have problems try restating your computer or on 8.0 you get aol has caused an error sorry for the conviniance aol willl now close

turns out im not 100 percent sure but awhile ago aol use to boot there customers puposely with so clled error mesages if you idel to long or if the servers where busy they kick you or give you a message do you still want to be online

it could had been aol purposely trying to boot me but the fire wall stop the out bound error message that would explaine why i was able to finish my dowenload

usealy if that error mesage surfices then you get kicked off of aol and aol closes its self.

could be cause i was in zap super stealth mode i didnt get booted

thats the only reason i can see why the outbound had no destination but come to think of it i didnt see a source reading either hmmmmmmmmm very puzzleing indeed

i still dont know what it realy was but it hasnt happend algain

Well it could be an AOL glitch, but I have never used it, so could not offer much insight there.

For your own peace of mind it would be nice to figure out what the outbound connection attempts were. If the alerts were from ZAP, is there any log entries of these events?

Regards,
CrazyM

Hi Blaze,

I'm wondering if you have event logging fully enabled in ZAP. As I'm sure you know, the screen image shown below is the "log viewer" panel in ZA. But, what you may not know is that the entries in that scrolling window are actually drawn from the ZA log file, not from the pop-up alerts...

You should be able to review the details of all blocked connection attempts in the log viewer window, if you have event logging fully enabled. Also, you could open the ZAP logfile in Notepad and review all the entries there. Usually, the log file is in the following location:

C:\Windows\Internet Logs\ZALog.txt

To ensure that all events are being logged, you need to bring up the Zone Alarm user interface, select the "Alerts & Logs" panel and press the "Main" tab, then in the "Event Logging" section, select the "On" button to display the "Event logging is enabled" message.

Note that the settings in ZAP for which events are "alerted" versus "logged to a file" are actually controlled separately. The second image below shows a setting where no events are being alerted, but "all events" are being logged. (You get to this screen via: "Alerts & Logs" panel > "Main" tab > "Advanced" button > "Alert Events" tab.) This is the way my system is set. I get no alert pop-ups, but, I can review at any time the logged events.

You should ensure that your ZAP is set to log all events so that whenever something like what you described above happens again, you can open up the log file to get the event details. The destination address for a blocked outgoing connection attempt should always be logged within the event details.

Hope this is of some help,
LowWaterMark

(second image referenced above)

Sounds like the same problem experienced by some at Dslr

http://www.dslreports.com/forum/remark,5214843~root=security,1~mode=flat

If it is, it is a glitch in the new version of ZAP 3.5.166, which ZoneLabs know about but have not been able to reproduce.


Added URL tags

Thanks for the link and info, john2g !!!

will if i ever catch it algain ill rip my pc apart and post it here