does zap block gator

The key question is what program was Gator using to connect out through ZAP? There are pieces of gator that run as dlls within IE, I believe, but, there are also separate programs. (I'm not a spyware expert. )

What was ZAP telling you exactly, what message? What programs do you have listed in the ZAP > Program Control > Programs listing? Any Gator/Gain references? What program did Port Explorer flag as making the connections?

See this page for a little on Gator and ZAP:

http://www.alanluber.com/pcfearfactor/officiagatorpage.htm

ZAP is not meant to stop malware from coming in. It's not scanning the data stream for good and bad content (such as virus or spyware "signatures"). The ZAP Privacy settings allow you on a global, or site by site basis, to allow or block mobile code, cookies and Ads. But, if you allow a site through (so you can run pages off the site with Javascript, Java or ActiveX), then you've allowed whatever they want to do to come into your system, too.

Once on your system, from there it becomes a test to see if you can see it going outbound... If it was a new program trying to connect outbound, there would have been a ZAP pop-up asking you to approve it. If you did, then that is a problem, of course.

>> "but fire wall kept going off..."

It seems like you noticed something. Was it an alert or ZAP pop-up message?

 

Well, if it wasn't a separate program, then ZAP's normal program alerts would not have flagged it anyway.

I'm not sure if you've looked at the Program Control > Main screen yet. There's a slider setting there called Program Control. It's at Medium normally after a fresh install of ZA+/ZAP. They recommend you keep it there until you've used all your normal programs so that it can map all the DLLs that those programs use...

But, once you slide that to High, from there on, any new DLL (like maybe a ie gator related one) will be alerted and you'll have to approve it before it can access out.

Now, there are literally hundreds of DLLs on a system, so that's why you let it learn (at medium) before moving the slider to High (unless you want to answer hundreds of permission alerts.) It's important to have a clean system while you are at Medium, because all DLLs get allowed as they are used when you are at set there.

Anyway, that's just something for the next time. (You may want to go into the ZAP > Program Control > Components list, and look for any gator/gain references in that long list, as well.)