Need help with ZoneAlarm Program Control (& also question about MS firewall)

Discussion in 'other firewalls' started by bloomcounty, Feb 5, 2007.

Thread Status:
Not open for further replies.
  1. bloomcounty

    bloomcounty Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    64
    Hi,

    I just got a new laptop with Windows XP SP2 on it and installed the newest version of the *free* version of ZoneAlarm. Since my last compter was a Windows 98SE machine (which had the old version of ZoneAlarm on it), things are a bit different and I'm uncertain about some new things that popped up...

    I am not on a server, and I use dail-up (though I'll start using wireless when I'm somewhere that provides free usage). I have two logons on the laptop (one for me and one for my wife).

    1. There are five new things that are listed in the Program Contol section that were not there on my old machine. They are:

    Application Layer Gateway Service
    File name: C:\WINDOWS\system32\alg.exe
    It is marked as "Ask" for Access Trusted & Internet and Server Trusted & Internet

    Generic Host Process for Win32 Services
    File name: C:\WINDOWS\system32\svchost.exe
    It is marked as "Allow" for Access Trusted & Internet and Server Trusted. But it is marked as "Block" for Server Internet.

    Windows Explorer
    File name: C:\WINDOWS\explorer.exe
    It is marked as "Allow" for Access Trusted & Internet and "Ask" for Server Trusted & Internet.

    Service and Controller app
    File name: C:\WINDOWS\services.exe
    It is marked as "Allow" for Access Trusted & Internet and "Ask" for Server Trusted & Internet.

    Windows NT Logon Application
    File name: (I just shut down my laptop, so I don't remember...)
    It is marked as "Allow" for Access Trusted & Internet and "Ask" for Server Trusted & Internet.


    ...none of those were listed on my old machine. These were automatically listed on my new XP machine in ZoneAlarm. The only other thing listed (so far) is AVG (which as also listed on my old machine), and I know that's okay, of course.

    1a. Are these things supposed to be listed? If so, why? (And why not on my old 98SE machine?)

    1b. And if they are supposed to be listed, are they set to the correct access settings for each thing?

    1c. If they're not supposed to be listed, should I just remove them from the list? Why did they pop up in the first place?

    2. Windows Firewall was initially on. Some setting came up that said it recognized ZoneAlarm but couldn't verify it (or something like that) and asked if I wanted to disregard the message and basically accept it as is. I just cancelled it, but when I turned my computer back on, Windows Firewall is now off. Do I want to leave this off if I'm using ZoneAlarm?

    2a. Are there any other settings in Windows Firewall or ZoneAlarm that I need to make sure are set?

    3. I'm I correct in thinking I'm better off using ZoneAlarm than the Windows Firewall?

    Any help is apprecaited! Thanks!
     
    Last edited: Feb 5, 2007
  2. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    That looks pretty normal to me. Most of them are necessary processes for running xp, ZA will recognise certain processes and automatically apply rules for them.
    Application layer gateway works alongside the windows firewall, seeing as you don't use the windows firewall you can block this completely or disable the service if you want. If an app is allowed to act as a server it means it will accept incoming connections.

    The windows firewall should be off when using a third party firewall. ZA is more secure than the windows firewall as it offers outbound protection which the xp firewall does not.
     
  3. bloomcounty

    bloomcounty Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    64
    Thanks for the post!

    In addition to the above, there are now a bunch more programs listed in Zone Alarm, so I'm getting confused as to what's what (and a bit parnanoid).

    Here are the rest of the program listed that I'm unsure of why they're listed:

    ATI Desktop Control Panel
    atiptaxx.exe (I think I disabled this in msconfig on my old 98SE computer)
    Access Trusted: Ask
    Access Internet: Ask
    Server Trusted: Ask
    Server Internet: Ask

    hp Wireless Assistant Module
    HP Wireless Assistant. exe
    Access Trusted: Ask
    Access Internet: Ask
    Server Trusted: Ask
    Server Internet: Ask

    Quick Launch Buttons
    eabservr.exe
    Access Trusted: Ask
    Access Internet: Ask
    Server Trusted: Ask
    Server Internet: Ask

    Recguard Application
    SMINST\Recguard.exe
    Access Trusted: Ask
    Access Internet: Ask
    Server Trusted: Ask
    Server Internet: Ask

    Userinit Logon Application
    system32\userinit.exe
    Access Trusted: Allow
    Access Internet: Allow
    Server Trusted: Ask
    Server Internet: Ask

    Zone Alarm Client
    Access Trusted: Ask
    Access Internet: Ask
    Server Trusted: Ask
    Server Internet: Ask

    Zone Alarm Updating Client
    Access Trusted: Ask
    Access Internet: Ask
    Server Trusted: Block
    Server Internet: Block
    (I've changed the setting to manually update instead of automatic, since I have dial-up, but this setting remained as is...)

    I've made changes to the Windows NT Logon Application setting, to make both the server settings as "deny" (which was recommended to me by someone). ZoneAlarm gave me a warning about applying custom settings to system program, but I just made the change anyways. (That seems a standard warning if you try to change certain things?)

    If you're up for some further help, it's still greatly appreciated -- thanks! :)
     
  4. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Those look like legitimate apps to me. Nothing to worry about imo.

    If you do come across something you're not sure about i suggest you block its access and then do a google search on it to find out what it is. If it turns out to be legitimate app then you can allow it access again.
     
  5. bloomcounty

    bloomcounty Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    64
    Okay, if I can bug you again... :) (Sorry to keep asking, but they keep popping up!)

    I did a screen cap of ZA... so do all these look okay? (Image attached...)

    Thanks!
     

    Attached Files:

  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Obviously you do it the way you want but I would not be giving access to progs that don't need it. On my system I have everything in the Server columns set to deny (with a red cross) and I would only allow Server status for a prog that actually needed it - if you are not sure then by all means set progs to 'ask'.

    With regard to Access, I would set ALL those progs to 'ask', except for Firefox, Generic Host Process (which hosts svchost.exe which in turn needs access) and ZA Updating Client. The rest do not need access and with Windows Explorer I prefer to set it to block (red cross) to stop it even pestering me for access; though you can have 'ask' if you prefer (you can never go wrong with an 'ask' setting - so long as you can answer the pop-ups correctly!). Explorer.exe can act as a browser, but it does not actually need to and since it is a danger if exploited it is best not to give it a green tick in the Internet Zone.
     
  7. bloomcounty

    bloomcounty Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    64
    Thanks!
     
Loading...
Thread Status:
Not open for further replies.