Zone Alarm help: Can't block ZA itself

Discussion in 'other firewalls' started by danielspencer2, Jun 10, 2009.

Thread Status:
Not open for further replies.
  1. danielspencer2

    danielspencer2 Registered Member

    Joined:
    Jun 3, 2009
    Posts:
    40
    I have the latest version of the zone alarm free firewall. In the program control access list there is something called "check point updating client" and i set this to "ASK" so whenever it accesses the internet it has to ask me. I set the updating of zone alarm to "manual". I have the highest zone alarm security settings.
    However, when i click on "check for update", zone alarm checks for an update using the internet and it doesn't even ask me if i want to allow it to have internet access, even though in the program control list i set the "check point updating client" to MANUAL.

    Is this a bug with the latest version of the free Zone alarm firewall which is 8.0?
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    Yes, I see this in the retail versions, ZA cannot block itself.
    Don't know the free version never used.

    You can block the sites ZA connects to by adding them in host file, but then why doing this? Just move on and choose another free firewall that can block itself... :)

    Fax
     
  3. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Wow didnt think you would recommend another firewall fax. Has this been confirmed via a packet sniffer etc?
     
  4. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    Hallo,
    I said ZA cannot block itself NOT that ZA connects if it is turned OFF. Big difference between the two :)

    In other words, if you don't trust ZA when turned OFF then better to move on fast to another firewall. There is no reason to mess up with settings with your first line of defense. Moreover we have seen here that if you start blocking ZA, it will start to misbehave with the end result of less security.

    and no... I am not part of the group that beleives that ZA is owned bythe Mossad... LOL :D

    Fax
     
  5. danielspencer2

    danielspencer2 Registered Member

    Joined:
    Jun 3, 2009
    Posts:
    40
    How do i block zone alarm from connecting to the internet by putting something into the HOSTS file? I have windows XP.

     
  6. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    So you are saying that when ZA is turned on, it cant block itself? Has this been checked with a packet sniffer? i.e. has someone blocked ZA from connecting and checked wireshark if it is still sending packets?
    Yea love hearing that one!

    The wikipedia article actually has a fair bit on it.

    http://en.wikipedia.org/wiki/Hosts_file

    For ZA specifically, have 127.0.0.1 www.zonealarm.com and any other ZA domains.
     
  7. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    It should be enough to turn OFF the various elements in ZA that connects out including the virus monitoring (if still there in ZA free). No need of the hosts file. This way ZA will not connect out unless you manually ask for.

    See here
    https://www.wilderssecurity.com/showthread.php?t=199443&highlight=zonelabs.com

    If you block ZA by using other programs or the hosts it will start to act weird and, for example, it will log wrong entries... really better to remove it, don't mess up. :)

    Fax
     
  8. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    You can't block ZA within ZA, rules are hard coded. This is at least in the last retail versions (don't know the free). Of course you can turn off all elements in ZA to avoid ZA automatically connecting out, but that was not the point of the OP. :)

    ...and I stop here since I am fed up everytime to deal with the usual ZA "call home" paranoia... :gack:

    Fax
     
  9. danielspencer2

    danielspencer2 Registered Member

    Joined:
    Jun 3, 2009
    Posts:
    40
    If i did want to block zone alarm update using the Hosts file, can you list for me all the ip addresses and urls of zone alarm to block? I have found this:

    # Block access to ZoneLabs Server
    127.0.0.1 zonelabs.com

    But when i add the above to the Hosts file, and click "check for update" inside zone alarm, it still Updates. So can someone list ALL the zone alarm update ip addresses and URLs so i can add them to my hosts file.

    By the way, the "check point updating client" has the file name of UpdClient.exe so even when I block this using ZA, it still updates. It cannot be blocked for some reason.
     
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    Try to block the Zlclient.exe also... :)
    May be your ZA settings are corrupted.

    Btw, how do you know it connects out? Do you use a sniffer?
    ZA will not necessarily pop-up with an error.

    Fax
     
  11. danielspencer2

    danielspencer2 Registered Member

    Joined:
    Jun 3, 2009
    Posts:
    40
    i tried to add Zlclient.exe to the ZA program control list but it wouldn't even add. it just does nothing. by the way i just want to block Zone alarm from updating, i don't want to block ZA itself.

    By the way, when i update it says it has to send a "product identification of my copy of ZA". What information does this give to Zone alarm? will zone alarm know the original ip address that downloaded my copy of ZA?

    And if you have the "hide my ip address when applicable" setting enabled, does this mean when I update my ip address will be hidden? If so, can zone alarm un-hide my ip address if they wanted to?

    Also, can you try and block this on your Zone Alarm on your computer:
    UpdClient.exe
    Windows\System32\ZoneLabs\UpdClient.exe

    Once you have added it, block it by putting X X X X, then click on "check for update" and see if it works. Hopefully it doesn't work. If it DOES work then i think something fishy is going on here.
     
  12. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    When you install it gives the option to tick " Always trust Checkpoint " or something similar, and a few other things. Don't tick them if you choose not to.

    In Admin mode you can locate those particular offending ZA .EXE etc right click on them and change the privileges to deny write/read etc. Then they shouldn't be able to run !
     
  13. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    Sorry no idea,
    why messing up with ZA, remove it and choose something else. There is nothing worst than running a security tool you don't trust.

    Plenty of options out there :)

    Fax
     
  14. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812

    Ok the more I read this the more it seems to me you are trying to Prevent ZA from calling home to check if the Product key is Valid. I have used ZA for years never had a problem with it calling home or sending information. If your running a "Hacked" version and I'm not saying you are. You wont find help here to circumvent the validation. :cautious:

    Otherwise the only thing it sends is your Product version and Product key, and he is why.

    1. To make sure the key is VALID.
    2. To make sure you are running the most up to date version as to create less bugs and less hassle for ZA support team if something goes arye.
     
  15. danielspencer2

    danielspencer2 Registered Member

    Joined:
    Jun 3, 2009
    Posts:
    40
    hey does anyone know if ZA can block windows updates? i can't try it because there aren't any new windows update alerts popping up, but if you have used ZA for a few years, does ZA popup and ask to allow the windows update alert or can windows update alerts bypass ZA?

    And can ZA block the windows xp clock from syncing with the time server? if so, how? i know i can disable this by going into the clock settings but i'm just wondering if ZA can do it?

    And if you set ZA to block everything on windows xp from connecting to the internet, does this mean ZA can block everything on xp or does it miss stuff?
     
  16. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,910
    Location:
    U.S.A.
    danielspencer2, although I use ZA Free 5.5.094.000, I'll attempt to answer some of your questions:

    • If you want ZA to alert you whenever manually checking for update, go to Overview > Preferences > Contact with Zone Alarm area and check Alert me with a pop-up before I make contact. Note: the User Guide states "There are certain situations in which you will not be notified before contact is made. Those include sending DefeneseNet data to ZoneAlarm, contacting ZoneAlarm for program advice, when an anti-virus update is performed, or when monitoring your anti-virus status. The “Share setting anonymously...” setting below, turns off the DefenseNet transfer. All other settings can be disabled from the main tab of their respective panels." and while some of these features might not be present and/or apply to the Free version, be aware.
    • To block the Windows Update Auto-Update Client (wuauclt.exe) via ZA, go to Program Control > Programs, then click Add. Locate wuauclt.exe (in my Win XP, it's located at C:\WINDOWS\system32\wuauclt.exe) and click Open. It's now added to the list of programs. Click Trusted Zone and select Block. No more ZA alerts.

    • I do not advise to stop the clock synchronization with the server because there are programs that depend on current time and date for proper operation.

    • The Internet Lock will stop all traffic to and from your computer, dropping the Internet connection, if engaged.

    • If zlclient.exe is set to Ask, you should see some alerts if ZA tries to initiate contact (read Note above).
    In this Technical Support page, you will find the latest posted User Guide (which is version 7.0). I suggest you read it fully to familiarize yourself with your ZA program.
     
  17. catnotspam

    catnotspam Registered Member

    Joined:
    May 1, 2009
    Posts:
    42
    Location:
    haifa
    is ZoneAlarm commutable with Kaspresky Antivirus 7.0.325 and 8.0.506 ?
     
  18. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    If for commutable you mean capable of being exchanged for another or for something else that is equivalent then No, they are not equivalent, they are two completely different products with different features. Which one is best? The one that runs best in your system. You have to try it. They provide both excellent protection ;)

    If you mean adding ZA antivirus/suite/extreme on top of Kaspersky or vice versa then, NO, you cannot. They share some kernel drivers that are the same.

    Fax
     
  19. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hello danielspencer2:

    No it is not a bug in the classic sense of a bug being an unintentional error in coding.

    In the case of ZA Pro, which I used at one time, this behaviour is designed in and coded by Checkpoint. This has been posted on many many times here at Wilder's. Most likely too much.

    If you don't like this (as I don't and some others in the FW world) just move to another FW vendor that doesn't design this way. There are many options.

    But I'm not going to list my choices here as it would lead to much product x vs product y posts and these are a waste of effort.

    There is a wealth on information here in the stickies and they also refer users to specific product threads.

    You may have some research to do but it is interesting.
     
Loading...
Thread Status:
Not open for further replies.