Discussion in 'other firewalls' started by javacool, Sep 11, 2002.
Do you have a broadband or dial-up connection?
Dial-up (ISDN). Maybe a sniffer would help here, to see exactly what's being transmitted.
This same problem is being discussed in the GRC Security Software newsgroup. So far, the solution has not been found.
However, I will report your problem to Zone Labs.
Thanks marti. I appreciate you reporting it to Zone Labs.
Thanks to Checkout as well for his response and advice. Although I think I'll pass for now on the sniffer. I doubt that it's anything sinister.
Also I failed to notice until after my first post that Mr. Blaze mentioned that the same thing was happening to him.
Yes, I think Zone Alarm could handle these apps better and more transparently to the user then it does. These aren't new. They are well established parts of the NT side of the Windows family. And ZA should have more automation in its configuration to support these apps. But, it doesn't.
So, I think you have two different ways you could approach this, and it's simply a personal choice, neither necessarily better than the other. First, you could give those two apps network permission and then determine if by doing so you've exposed open ports to the Internet - then take appropriate steps to close or stealth the ports. This would allow you to leave your OS configured with all the automated features MS has put into it. If you go this way, obvious try a few different port scanners out and watch for the obvious (5000, 445, 135, 137-139, etc.)
Or, instead you could disable all the services and functions that lay under "Generic Host Process..." and the "Services and Controller App", in which case those (and their close friends - alg, lsass and Windows Explorer), will never need or ask for network access rites again, but, then you've turned off many of the various automations in your OS. (I don't know whether you're on XP or Win2K, but, I don't think it matters too much.)
I decided to turn off the unnecessary services myself. But, then I don't provide any network services or support a LAN with my system. It's just a standalone, personal browsing and emailing system for the most part.
If you choose to shutdown the underlying services, then you need to disable several system services, such as: SSDP Discovery, Universal Plug and Play Device Host and RIP Listener. In my case, I also did not need or want any of these services running: DNS Client, DHCP Client, Error Reporting, ICF/ICS, Remote Desktop, Routing and Remote Access and Windows Time. Each of which accesses the network in some form or fashion.
And lastly, of course, I disabled all things related to NetBIOS. Not just by setting "Disable NetBIOS over TCP/IP" in the WINS tab of the network connectoid properties page, but, by also disabling the "TCP/IP NetBIOS Helper" service, and the hidden "NetBios over Tcpip" device in the "Non-Plug and Play drivers" section of the Device Manager (which gets rid of the listener on port 445 TCP and UDP).
I did all this over time and finally I ended up with nothing accessing the Internet except the client applications I choose to run (like: IE, OE, etc.) And the only port listening is 135, but that is just locally and never causes any application to ask for access in ZA.
Oh, you may also want to check the DNS tab in the advanced properties section of your network connection for "Register this connection's addresses in DNS" - remove the check mark from that, it may also be causing the Service and Controller App" to hit the network.
Separate names with a comma.