Zone Alarm help: Can't block ZA itself

I have the latest version of the zone alarm free firewall. In the program control access list there is something called "check point updating client" and i set this to "ASK" so whenever it accesses the internet it has to ask me. I set the updating of zone alarm to "manual". I have the highest zone alarm security settings.
However, when i click on "check for update", zone alarm checks for an update using the internet and it doesn't even ask me if i want to allow it to have internet access, even though in the program control list i set the "check point updating client" to MANUAL.

Is this a bug with the latest version of the free Zone alarm firewall which is 8.0?

 

Yes, I see this in the retail versions, ZA cannot block itself.
Don't know the free version never used.

You can block the sites ZA connects to by adding them in host file, but then why doing this? Just move on and choose another free firewall that can block itself...

Fax

 

Wow didnt think you would recommend another firewall fax. Has this been confirmed via a packet sniffer etc?

 

Hallo,
I said ZA cannot block itself NOT that ZA connects if it is turned OFF. Big difference between the two

In other words, if you don't trust ZA when turned OFF then better to move on fast to another firewall. There is no reason to mess up with settings with your first line of defense. Moreover we have seen here that if you start blocking ZA, it will start to misbehave with the end result of less security.

and no... I am not part of the group that beleives that ZA is owned bythe Mossad... LOL

Fax

 

How do i block zone alarm from connecting to the internet by putting something into the HOSTS file? I have windows XP.

 

So you are saying that when ZA is turned on, it cant block itself? Has this been checked with a packet sniffer? i.e. has someone blocked ZA from connecting and checked wireshark if it is still sending packets?

Yea love hearing that one!

The wikipedia article actually has a fair bit on it.

http://en.wikipedia.org/wiki/Hosts_file

For ZA specifically, have 127.0.0.1 www.zonealarm.com and any other ZA domains.

 

It should be enough to turn OFF the various elements in ZA that connects out including the virus monitoring (if still there in ZA free). No need of the hosts file. This way ZA will not connect out unless you manually ask for.

See here
https://www.wilderssecurity.com/showthread.php?t=199443&highlight=zonelabs.com

If you block ZA by using other programs or the hosts it will start to act weird and, for example, it will log wrong entries... really better to remove it, don't mess up.

Fax

 

You can't block ZA within ZA, rules are hard coded. This is at least in the last retail versions (don't know the free). Of course you can turn off all elements in ZA to avoid ZA automatically connecting out, but that was not the point of the OP.

...and I stop here since I am fed up everytime to deal with the usual ZA "call home" paranoia...

Fax

 

If i did want to block zone alarm update using the Hosts file, can you list for me all the ip addresses and urls of zone alarm to block? I have found this:

# Block access to ZoneLabs Server
127.0.0.1 zonelabs.com

But when i add the above to the Hosts file, and click "check for update" inside zone alarm, it still Updates. So can someone list ALL the zone alarm update ip addresses and URLs so i can add them to my hosts file.

By the way, the "check point updating client" has the file name of UpdClient.exe so even when I block this using ZA, it still updates. It cannot be blocked for some reason.

 

Try to block the Zlclient.exe also...
May be your ZA settings are corrupted.

Btw, how do you know it connects out? Do you use a sniffer?
ZA will not necessarily pop-up with an error.

Fax

 

i tried to add Zlclient.exe to the ZA program control list but it wouldn't even add. it just does nothing. by the way i just want to block Zone alarm from updating, i don't want to block ZA itself.

By the way, when i update it says it has to send a "product identification of my copy of ZA". What information does this give to Zone alarm? will zone alarm know the original ip address that downloaded my copy of ZA?

And if you have the "hide my ip address when applicable" setting enabled, does this mean when I update my ip address will be hidden? If so, can zone alarm un-hide my ip address if they wanted to?

Also, can you try and block this on your Zone Alarm on your computer:
UpdClient.exe
Windows\System32\ZoneLabs\UpdClient.exe

Once you have added it, block it by putting X X X X, then click on "check for update" and see if it works. Hopefully it doesn't work. If it DOES work then i think something fishy is going on here.

 

When you install it gives the option to tick " Always trust Checkpoint " or something similar, and a few other things. Don't tick them if you choose not to.

In Admin mode you can locate those particular offending ZA .EXE etc right click on them and change the privileges to deny write/read etc. Then they shouldn't be able to run !

 

Sorry no idea,
why messing up with ZA, remove it and choose something else. There is nothing worst than running a security tool you don't trust.

Plenty of options out there

Fax

 

Ok the more I read this the more it seems to me you are trying to Prevent ZA from calling home to check if the Product key is Valid. I have used ZA for years never had a problem with it calling home or sending information. If your running a "Hacked" version and I'm not saying you are. You wont find help here to circumvent the validation.

Otherwise the only thing it sends is your Product version and Product key, and he is why.

1. To make sure the key is VALID.
2. To make sure you are running the most up to date version as to create less bugs and less hassle for ZA support team if something goes arye.

 

hey does anyone know if ZA can block windows updates? i can't try it because there aren't any new windows update alerts popping up, but if you have used ZA for a few years, does ZA popup and ask to allow the windows update alert or can windows update alerts bypass ZA?

And can ZA block the windows xp clock from syncing with the time server? if so, how? i know i can disable this by going into the clock settings but i'm just wondering if ZA can do it?

And if you set ZA to block everything on windows xp from connecting to the internet, does this mean ZA can block everything on xp or does it miss stuff?

 

is ZoneAlarm commutable with Kaspresky Antivirus 7.0.325 and 8.0.506 ?

 

If for commutable you mean capable of being exchanged for another or for something else that is equivalent then No, they are not equivalent, they are two completely different products with different features. Which one is best? The one that runs best in your system. You have to try it. They provide both excellent protection

If you mean adding ZA antivirus/suite/extreme on top of Kaspersky or vice versa then, NO, you cannot. They share some kernel drivers that are the same.

Fax

 

Hello danielspencer2:

No it is not a bug in the classic sense of a bug being an unintentional error in coding.

In the case of ZA Pro, which I used at one time, this behaviour is designed in and coded by Checkpoint. This has been posted on many many times here at Wilder's. Most likely too much.

If you don't like this (as I don't and some others in the FW world) just move to another FW vendor that doesn't design this way. There are many options.

But I'm not going to list my choices here as it would lead to much product x vs product y posts and these are a waste of effort.

There is a wealth on information here in the stickies and they also refer users to specific product threads.

You may have some research to do but it is interesting.