Tony's ruleset - Minor problem with Zone Alarm settings

Discussion in 'Ghost Security Suite (GSS)' started by zoril, Apr 17, 2006.

Thread Status:
Not open for further replies.
  1. zoril

    zoril Registered Member

    Joined:
    May 31, 2005
    Posts:
    243
    I found at startup that certain settings re my Zone Alarm Firewall (based on the svchost) were being refused. On the standard ruleset this was not the case? I wasn't given choice to accept or refuse..........Howard
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I'm wondering if this has anything to do with ZA's email (ZAmailsafe) protection which likes to set values on the HKEY_CLASSES_ROOT\* Key. The new Tony ruleset has a lot of these 'file association' extensions covered and it just might interfere.

    I am of course referring to ZASS, ZAP etc; I don't think this applies to the free version of ZA. But if you are running the former, create an Application Rule for:-

    zlclient.exe

    <PF>\zone labs\zonealarm\zlclient.exe

    HKEY_LOCAL_MACHINE\Software\Classes**

    and see if you have problems then. (BTW I know that Key is different from HKEY_CLASSES_ROOT\*, but it works this way due to an anomaly!).


    Another possibility (and this might be relevant to free ZA as well - particularly since you mention SVCHost) is to try creating an Application Rule for both vsmon.exe and SVCHost as follows:-

    vsmon.exe

    <WD>\system32\zonelabs\vsmon.exe

    HKEY_LOCAL_MACHINE\System\*controlset*\Services**


    SVCHost

    <WD>\system32\svchost.exe

    HKEY_LOCAL_MACHINE\System\*controlset*\Services**

    In all of the above cases you need to allow Values to be set.

    If none of that works you really need to put up a screenshot of your Log, otherwise we are stabbing in the dark!
     
  3. zoril

    zoril Registered Member

    Joined:
    May 31, 2005
    Posts:
    243
    I think that you may be right.

    I am using the Zone Alarm free version. My problem is that I am not very good configuring the advanced options...

    Most of the time Reg Defend gives me the option to accept or reject but not this time!...............Howard:)
     
  4. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I was only making suggestions.

    What you really need to do is look at your RD log to see what is being denied and make a note of the app concerned (eg zlclient.exe, vsmon.exe etc) and the Rule/Reg Key that it wishes to amend. With that information it would be possible to make a more precise recommendation.
     
  5. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,735
    Hi Topper,

    In post #2 in re: to ZASS, you have to add those values to RD.

    I have ZASS that's why I ask. I don't have RD installed yet.

    Thanks

    Rilla927
     
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    There is an 'E-mail Protection' section in ZAP and ZASS, and I have noticed that everytime you click the tab to enter that section in the ZA GUI, or click the 'Attachments' tab, ZA will set values on the sub-keys relating to all of the protected extensions on the HKEY_LOCAL_MACHINE\Software\Classes Key.

    I have also noticed that if you have all those sub-Key extensions protected by RD on the HKEY_CLASSES_ROOT Key, then ZA will hang for a few seconds whenever you click to enter ZA's e-mail protection section or Attachments sub-section. Also, due to a quirk in the way windows operates, you will not receive a pop-up from RD nor do you see anything in RD's log.

    As it happens, the new Tony Ruleset does protect a long list of HKEY_CLASSES_ROOT extensions in its 'File Association' section. So if you installed RD and experience a slight 'hang' problem you should be able to get round this by creating the following Application Rule:-

    Group Name: zlclient.exe

    Filename: <PF>\zone labs\zonealarm\zlclient.exe

    Key: HKEY_LOCAL_MACHINE\Software\Classes**

    Value: *

    Allow 'Set Value'

    I should explain that I'm personally running a modified Ruleset that protects all extensions on HKEY_CLASSES_ROOT\.* This makes it more of an issue for me; but the above App Rule solves the problem and I then see all activity in RD's log section.

    Naturally, you would only need to create the App Rule if you had a problem and it may be that the more limited list of extensions in the Tony Ruleset would not give you a problem.
     
  7. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,735
    Hey Topper,

    thanks for the info. I would have never known. It's good to know these things a head of time with certain apps.

    Thanks

    Rilla927
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.