ZA Pro True Vector

Discussion in 'other firewalls' started by eyespy, Oct 27, 2002.

Thread Status:
Not open for further replies.
  1. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Alas,
    another ZA Pro query !!
    The "True Vector" unexpectedly shut down today. A big "X" crossed the ZA icon in the systray. ZA was still running. I had to restart ZA to get it up and running again.
    In the past, wasn't their a program or hack that could disable ZA's inner workings from a remote server or host ?
    ZA would still be lit up and the user wouldn't even know his firewall has been disabled !!
    Have any ZA Pro users experienced this event ?
    Just want to make sure that this was a simple "hiccup" in the OS or ZA program !!
    The ZA logs didn't show any strange connections or events !!

    regards,
    bill :)
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Bill,

    Quite some malware out there is capable of putting a software firewall out of business. Did ZA disconnect as well?

    Anyway: a full deep scan with both a good and update antivirus and antitrojan is recommended, if only to be on the sure side.

    regards.

    paul
     
  3. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!

    Paul,
    ZA locked the internet connection...which is a good thing !!
    But what caused it is my main concern !! :mad:

    Full AV and Trojan scan coming right up !!

    ty,
    bill
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Hmm, I've never actually had the True Vector service die on its own. I had to kill it off (or stop the service via Admin Tools > Services interface) to test what happens when either the UI or the True Vector service are killed by malware. See this thread on that testing:

    https://www.wilderssecurity.com/showthread.php?t=4271;start=0

    Did you check in Admin Tools > Event Viewer > Application events, to see if there were any True Vector Engine errors logged?
     
  5. marti

    marti Registered Member

    Joined:
    Mar 25, 2002
    Posts:
    646
    Location:
    Houston, Texas, USA
    If you are running WinXP/SP-1 this has happened to my friend. She was running ZAPlus on a clean install of XP. She would be on-line, and true vector would shut down. This happened on several different sites. She is "on travel" right now, so I can't ask her if the solution was found.

    Best suggestion is to totally remove the program (including the settings files) and reload it. http://www.zonelabs.com/store/content/support/zapInstallFAQ.jsp
     
  6. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Here is the app. log. True Vector has had a few errors in the past few days. These are just a few !!

    Now I'm not even sure when it's working. Today was the first time I was alerted to the event !!

    regards,
    bill
     

    Attached Files:

  7. controler

    controler Guest

    Maybe running the XP builtin firewall and the Zone Alarn don't work so good together?
    I had no problem with Sygate or Outpost as of yet.
    Stopped using The Zine Alarm after much trouble with it messing up the internet connection files.
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    bill,

    Any news?

    regards.

    paul
     
  9. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Okay, those probably aren't going to be of any help to you. Generally, when you get 5 messages like that in a row from True Vector, it's simply the messages stating that it is repairing of the true vector databases, which happens when ZA is restarted after any unclean shutdown or crash.

    If you double click on those event lines, starting from the bottom of the five, and read the text message in the small lower portion of the window, you'll find that all it says is something very much like this...

    [pre]File "C:\WINNT\Internet Logs\IAMDB.RDB" was corrupt and has copied to "C:\WINNT\Internet Logs\xDB4.tmp".

    File "C:\WINNT\Internet Logs\IAMDB.RDB" was corrupt and has been deleted.

    File "C:\WINNT\Internet Logs\IAMDB.RDB" was corrupt, restoring from backup "C:\WINNT\Internet Logs\BACKUP.RDB".

    File "C:\WINNT\Internet Logs\HOME-PC.ldb" was corrupt and has copied to "C:\WINNT\Internet Logs\xDB5.tmp".

    File "C:\WINNT\Internet Logs\HOME-PC.ldb" was corrupt and has been deleted.
    [/pre]This is how ZA tries to keep damage out of the databases by using its backup copy to replace the active copy after a failure. I was hoping you'd have an error or dump or something related to the actual failure itself. :(

    If you've eliminated the possiblilty of malware, through the scans you were going to do, then you really need to think about following Marti's advice and do a full deinstall, including the deletion of all database files in the Internet Logs directory, reinstall, reconfigure and go. Follow the Zone Labs instructions in her link, and hopefully, this will give you a clean, stable version of ZA again.

    Best Wishes,
    LowWaterMark
     

    Attached Files:

  10. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    I tried to post the follow up today, but connection/forum problems got in the way !! GRRR !!


    Deep scan done with AV and AT !
    All clean .

    Here are the properties for 1 of about 8 event logs concerning ZA True Vector. They are all the same !!

    Thanks and regards,
    bill :)
     

    Attached Files:

  11. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Yes, those are as I expected and will not be of any use in determining the cause of the true vector failures. They are instead simply part of the database cleanup done by restarting ZA.

    Are you going to try full deinstall / reinstalling of ZA now?
     
  12. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    LWM,
    Thanks a bunch for your help. :)
    I'll do the uninstall/reinstall tommorrow ! It's a little late here right now to go diggin' through the registry !!
    Right now, my ZA is working fine...even ran some tests at PC flank and all seems OK !!

    kindest,
    bill ;)
     
  13. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    LOL - I know that feeling. It seems that whenever anything either goes wrong with my PC, or I decide to "improve" it (ergo, see the first half of this statement) - it's suddenly 2:00am and I'm desperately trying to finish... ;)

    Have a great night!! And be well rested when you tackle that. :D

    Best Wishes,
    LowWaterMark
     
Loading...
Thread Status:
Not open for further replies.