strange firewall alert

Discussion in 'other firewalls' started by jima, Sep 10, 2004.

Thread Status:
Not open for further replies.
  1. jima

    jima Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    77
    Hi,
    I have a question regarding something I read on another forum. It did not happen to me, but I did not understand the response given to the poster. It seems he was concerned about his antivirus program when he received this warning from his firewall as he was running a virus scan:

    Application Hijacking has been detected
    The application: C:\Program Files\Alwil Software\Avast4\ashSimpl.exe try to launch another application: C:\Program Files\Internet Explorer\iexplore.exe to go to remote host sa.windows.com

    He didn't say what firewall he had.

    I do not understand exactly what was occurring here but I have this antivirus program and am somewhat concerned. Any response would be appreciated. Thank you
     
  2. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    I know what is going on, and I don't even run that firewall that assumed it was malicious. He launched the manual scanner, and it launched a help window, well the program automatically connected to that site on its own, the scanner didn't tell the program to goto that site.

    This is a false positive.

    On the launch of IE to display the help file, it went to sa.windows.com which means search assistant.... Its a default behavior.
     
  3. jima

    jima Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    77
    thank you very much for your concise reply.
     
  4. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    I think it is tiny firewall hence the sentence:

    Application Hijacking has been detected
    The application: C:\Program Files\Alwil Software\Avast4\ashSimpl.exe try to launch another application: C:\Program Files\Internet Explorer\iexplore.exe to go to remote host sa.windows.com
     
  5. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    You're wrong, I know that alert is by Sygate Personal Firewall. (www.sygate.com )
     
  6. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    that is why I said: "I think" maybe you should have said that too. because now you sound a little..ah forget about it.

    the problem here is tiny firewall uses practically the same warnings when some process is spawning another process. and the only two firewalls I remember can control spawning are Tiny and Zonealarm.

    But if you say it is sygate then OK, no prob.

    it could be :D
     
  7. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    these are one of the million warnings regarding spawning etc


    Application:IEXPLORE.EXE
    Access:Injecting code into other processes
    Object:SetWindowsHookEx(MsgFilter,ThreadId=0,Modul
    e=C:\WINDOWS\system32\SHELL32.dll)


    it looks like the same structure a bit...
     
Loading...
Thread Status:
Not open for further replies.