Tony's ruleset - Minor problem with Zone Alarm settings

I found at startup that certain settings re my Zone Alarm Firewall (based on the svchost) were being refused. On the standard ruleset this was not the case? I wasn't given choice to accept or refuse..........Howard

 

I'm wondering if this has anything to do with ZA's email (ZAmailsafe) protection which likes to set values on the HKEY_CLASSES_ROOT\* Key. The new Tony ruleset has a lot of these 'file association' extensions covered and it just might interfere.

I am of course referring to ZASS, ZAP etc; I don't think this applies to the free version of ZA. But if you are running the former, create an Application Rule for:-

zlclient.exe

<PF>\zone labs\zonealarm\zlclient.exe

HKEY_LOCAL_MACHINE\Software\Classes**

and see if you have problems then. (BTW I know that Key is different from HKEY_CLASSES_ROOT\*, but it works this way due to an anomaly!).


Another possibility (and this might be relevant to free ZA as well - particularly since you mention SVCHost) is to try creating an Application Rule for both vsmon.exe and SVCHost as follows:-

vsmon.exe

<WD>\system32\zonelabs\vsmon.exe

HKEY_LOCAL_MACHINE\System\*controlset*\Services**


SVCHost

<WD>\system32\svchost.exe

HKEY_LOCAL_MACHINE\System\*controlset*\Services**

In all of the above cases you need to allow Values to be set.

If none of that works you really need to put up a screenshot of your Log, otherwise we are stabbing in the dark!

 

I think that you may be right.

I am using the Zone Alarm free version. My problem is that I am not very good configuring the advanced options...

Most of the time Reg Defend gives me the option to accept or reject but not this time!...............Howard

 

I was only making suggestions.

What you really need to do is look at your RD log to see what is being denied and make a note of the app concerned (eg zlclient.exe, vsmon.exe etc) and the Rule/Reg Key that it wishes to amend. With that information it would be possible to make a more precise recommendation.

 

Hi Topper,

In post #2 in re: to ZASS, you have to add those values to RD.

I have ZASS that's why I ask. I don't have RD installed yet.

Thanks

Rilla927

 

There is an 'E-mail Protection' section in ZAP and ZASS, and I have noticed that everytime you click the tab to enter that section in the ZA GUI, or click the 'Attachments' tab, ZA will set values on the sub-keys relating to all of the protected extensions on the HKEY_LOCAL_MACHINE\Software\Classes Key.

I have also noticed that if you have all those sub-Key extensions protected by RD on the HKEY_CLASSES_ROOT Key, then ZA will hang for a few seconds whenever you click to enter ZA's e-mail protection section or Attachments sub-section. Also, due to a quirk in the way windows operates, you will not receive a pop-up from RD nor do you see anything in RD's log.

As it happens, the new Tony Ruleset does protect a long list of HKEY_CLASSES_ROOT extensions in its 'File Association' section. So if you installed RD and experience a slight 'hang' problem you should be able to get round this by creating the following Application Rule:-

Group Name: zlclient.exe

Filename: <PF>\zone labs\zonealarm\zlclient.exe

Key: HKEY_LOCAL_MACHINE\Software\Classes**

Value: *

Allow 'Set Value'

I should explain that I'm personally running a modified Ruleset that protects all extensions on HKEY_CLASSES_ROOT\.* This makes it more of an issue for me; but the above App Rule solves the problem and I then see all activity in RD's log section.

Naturally, you would only need to create the App Rule if you had a problem and it may be that the more limited list of extensions in the Tony Ruleset would not give you a problem.

 

Hey Topper,

thanks for the info. I would have never known. It's good to know these things a head of time with certain apps.

Thanks

Rilla927