Need help with ZoneAlarm Program Control (& also question about MS firewall)

Hi,

I just got a new laptop with Windows XP SP2 on it and installed the newest version of the *free* version of ZoneAlarm. Since my last compter was a Windows 98SE machine (which had the old version of ZoneAlarm on it), things are a bit different and I'm uncertain about some new things that popped up...

I am not on a server, and I use dail-up (though I'll start using wireless when I'm somewhere that provides free usage). I have two logons on the laptop (one for me and one for my wife).

1. There are five new things that are listed in the Program Contol section that were not there on my old machine. They are:

Application Layer Gateway Service
File name: C:\WINDOWS\system32\alg.exe
It is marked as "Ask" for Access Trusted & Internet and Server Trusted & Internet

Generic Host Process for Win32 Services
File name: C:\WINDOWS\system32\svchost.exe
It is marked as "Allow" for Access Trusted & Internet and Server Trusted. But it is marked as "Block" for Server Internet.

Windows Explorer
File name: C:\WINDOWS\explorer.exe
It is marked as "Allow" for Access Trusted & Internet and "Ask" for Server Trusted & Internet.

Service and Controller app
File name: C:\WINDOWS\services.exe
It is marked as "Allow" for Access Trusted & Internet and "Ask" for Server Trusted & Internet.

Windows NT Logon Application
File name: (I just shut down my laptop, so I don't remember...)
It is marked as "Allow" for Access Trusted & Internet and "Ask" for Server Trusted & Internet.

...none of those were listed on my old machine. These were automatically listed on my new XP machine in ZoneAlarm. The only other thing listed (so far) is AVG (which as also listed on my old machine), and I know that's okay, of course.

1a. Are these things supposed to be listed? If so, why? (And why not on my old 98SE machine?)

1b. And if they are supposed to be listed, are they set to the correct access settings for each thing?

1c. If they're not supposed to be listed, should I just remove them from the list? Why did they pop up in the first place?

2. Windows Firewall was initially on. Some setting came up that said it recognized ZoneAlarm but couldn't verify it (or something like that) and asked if I wanted to disregard the message and basically accept it as is. I just cancelled it, but when I turned my computer back on, Windows Firewall is now off. Do I want to leave this off if I'm using ZoneAlarm?

2a. Are there any other settings in Windows Firewall or ZoneAlarm that I need to make sure are set?

3. I'm I correct in thinking I'm better off using ZoneAlarm than the Windows Firewall?

Any help is apprecaited! Thanks!

 

That looks pretty normal to me. Most of them are necessary processes for running xp, ZA will recognise certain processes and automatically apply rules for them.
Application layer gateway works alongside the windows firewall, seeing as you don't use the windows firewall you can block this completely or disable the service if you want. If an app is allowed to act as a server it means it will accept incoming connections.

The windows firewall should be off when using a third party firewall. ZA is more secure than the windows firewall as it offers outbound protection which the xp firewall does not.

 

Thanks for the post!

In addition to the above, there are now a bunch more programs listed in Zone Alarm, so I'm getting confused as to what's what (and a bit parnanoid).

Here are the rest of the program listed that I'm unsure of why they're listed:

ATI Desktop Control Panel
atiptaxx.exe (I think I disabled this in msconfig on my old 98SE computer)
Access Trusted: Ask
Access Internet: Ask
Server Trusted: Ask
Server Internet: Ask

hp Wireless Assistant Module
HP Wireless Assistant. exe
Access Trusted: Ask
Access Internet: Ask
Server Trusted: Ask
Server Internet: Ask

Quick Launch Buttons
eabservr.exe
Access Trusted: Ask
Access Internet: Ask
Server Trusted: Ask
Server Internet: Ask

Recguard Application
SMINST\Recguard.exe
Access Trusted: Ask
Access Internet: Ask
Server Trusted: Ask
Server Internet: Ask

Userinit Logon Application
system32\userinit.exe
Access Trusted: Allow
Access Internet: Allow
Server Trusted: Ask
Server Internet: Ask

Zone Alarm Client
Access Trusted: Ask
Access Internet: Ask
Server Trusted: Ask
Server Internet: Ask

Zone Alarm Updating Client
Access Trusted: Ask
Access Internet: Ask
Server Trusted: Block
Server Internet: Block
(I've changed the setting to manually update instead of automatic, since I have dial-up, but this setting remained as is...)

I've made changes to the Windows NT Logon Application setting, to make both the server settings as "deny" (which was recommended to me by someone). ZoneAlarm gave me a warning about applying custom settings to system program, but I just made the change anyways. (That seems a standard warning if you try to change certain things?)

If you're up for some further help, it's still greatly appreciated -- thanks!

 

Those look like legitimate apps to me. Nothing to worry about imo.

If you do come across something you're not sure about i suggest you block its access and then do a google search on it to find out what it is. If it turns out to be legitimate app then you can allow it access again.

 

Okay, if I can bug you again... (Sorry to keep asking, but they keep popping up!)

I did a screen cap of ZA... so do all these look okay? (Image attached...)

Thanks!

 

Obviously you do it the way you want but I would not be giving access to progs that don't need it. On my system I have everything in the Server columns set to deny (with a red cross) and I would only allow Server status for a prog that actually needed it - if you are not sure then by all means set progs to 'ask'.

With regard to Access, I would set ALL those progs to 'ask', except for Firefox, Generic Host Process (which hosts svchost.exe which in turn needs access) and ZA Updating Client. The rest do not need access and with Windows Explorer I prefer to set it to block (red cross) to stop it even pestering me for access; though you can have 'ask' if you prefer (you can never go wrong with an 'ask' setting - so long as you can answer the pop-ups correctly!). Explorer.exe can act as a browser, but it does not actually need to and since it is a danger if exploited it is best not to give it a green tick in the Internet Zone.

 

Thanks!