Zone Alarm - Resetting Intrusion Counts

Discussion in 'other firewalls' started by LowWaterMark, Nov 3, 2002.

Thread Status:
Not open for further replies.
  1. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Has the total number of alert and intrusion attempts logged by your Zone Alarm firewall got you depressed? Would you like to reset those counts periodically, to give yourself a fresh start, or so you can more easily see just how many you're logging in a week or a month? Well, you can do this without having to reinstall Zone Alarm.

    The total number of intrusions and the count of those that were considered "high-rated", as seen in the attached ZA screen shot, can be easily modified.

    [​IMG]

    I've started resetting the total intrusion counters in ZA at the start of each month, in an attempt to see the change in the overall trends . It's amazing how since the start of the Opaserv/Bugbear NetBIOS scans that I now get more scans each month then I got the entire year before.

    To reset these counters, you need to use Regedit. The usual warnings about editing the registry apply (make a backup, use caution, etc.) If you are uncomfortable using regedit, then you shouldn't use it or attempt to try this tweak.

    To reset the counts manually go into Regedit and locate the key:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Zone Labs\ZoneAlarm]

    Notice the two values BlockCount and HackCount. These are where ZA stores the running counts for intrusions since installation (or your last reset). You can change these values as you like.

    You can also make a regedit file that you could use to assist in this task. Create a file in Notepad named something like ZA-Count-Reset.reg, and paste these lines into it...

    Merge this file into the registry anytime you want to reset the counts to zero. Note that ZA must be restarted for these new numbers to take effect. The way I do this is I first shutdown ZA, run this file to reset the counters, and then restart ZA. (If you are going to shutdown your firewall, then be sure to be disconnected from the net when you do so.)

    Enjoy,
    LowWaterMark

    - Changed version on regedit header for better platform compatibility - 09/02/03
     

    Attached Files:

    Last edited: Apr 24, 2004
  2. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Nice touch LWM !! :)
    I shall be doing the same.

    Thanks and regards,
    bill ;)
     
  3. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
    Thank you so much for that.
    I've wanted to reset my counters for ages, but didn't know how.
    Recently I have been getting up to 450 blocked access attempts a day and the counters have been racking up so quickly! :) :)
     
  4. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Now if you could just tell me how to set that clock back in my Range Rover for Daylight Savings Time the whole world will be in harmony. :eek: I disabled the UnPnP last winter and that did not help.
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Now that is way too much effort. Easier to just wait until next April, and like magic, it'll be right again. ;)
     
  6. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Thanks lowwatermark. Maybe if we keep our fingers crossed ZL will pick up on this and put a clear counter in their next update. lol
     
  7. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    449
    Location:
    UK
    Thanks LowWaterMark,

    As it happens I only upgraded to the new version this week and I absolutely love it... wish I'd done it ages ago now.

    But the funny thing is... it was this very point about the count always being displayed from the install that was the only thing I didn't like... you have sorted it... cheers.
     
  8. Judgedredd

    Judgedredd Guest

    Your comment has been suggested and forwarded on to Zonelabss Technicial Staff ;)
     
  9. flawed_cat

    flawed_cat Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    7
    Thanks for that tip.
    That's a useful reg file.
     
  10. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi
    My first post.

    Thanks and Thanks again, LowWaterMark. I have always liked to have done this there bang done your Cool, Thanks again. I can not post as
    much as I like would as I am disable typing is so slow for me I wished
    I find a program, to help with it. Anyway Thanks again

    CooLTempo
     
  11. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi CooLTempo

    ...and welcome to Wilders :)

    Regards,

    CrazyM
     
  12. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Hi CooLTempo,

    You're very welcome. :)

    I'm glad you found this useful. And I hope you enjoy your time here.

    Best Wishes,
    LowWaterMark
     
  13. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi again LowWaterMark

    How do I make the notepad txt.file in to a reg.file so I can get it to

    merge in the reg, To save having to go to regedit each time to do the

    reset.

    Thanks Again

    CooLTempo :cool:
     
  14. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    In Notepad when you use the Save or Save As... options, you can over ride the default file name that will be used. Normally, a file saved via Notepad will be named like this: somefilename.txt But, if you choose a name like: ZA-count-reset.reg it'll be saved as a registry file which you can simply doubl-click on anytime you want to clear those settings.
     
  15. mr.mark

    mr.mark Guest

    i just found this thread and cleared the intrusion attempt counts on my machines today. thank you very much, LWM, for posting this great info. it really should (and i suspect it shall soon) become a standard feature in a future upgrade.

    now to try the reg file....

    best regards

    :)

    mark
     
  16. Stoofer

    Stoofer Registered Member

    Joined:
    Aug 16, 2003
    Posts:
    1
    This is great information, however, I did have problems running the reg. file until I discovered that I could not use Windows Registry Editor Version 5.00 which is for versions other than Windows 98 or NT 4.0. I instead had to use REGEDIT4 for my Windows 98SE version.

    Thank you for this little file, LWM.
     
  17. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Hi Stoofer,

    That's a very good point. In fact, I've been using REGEDIT4 almost exclusively in all my recommended reg files for a while now, but, this thread is coming up on a year old now and I hadn't gone back and fixed that - until now! Thanks for mentioning it. [​IMG]

    Best Wishes,
    LowWaterMark
     
  18. TinyMember

    TinyMember Registered Member

    Joined:
    Aug 25, 2003
    Posts:
    15
    Hope your wish has already come true CoolTempo saw these (as you do) after reading this thread one of them had a good user rating thats as much as I know and most important to me supposedly freeware.

    Click-N-Type 2.02 (popular pick) http://download.com.com/3000-2094-6343862.html?tag=lst-0-20

    Point-N-Click 2.0 http://download.com.com/3000-2094-7220357.html?tag=lst-0-16

    Sorry I'm a bit off the thread admin
     
  19. manOFpeace

    manOFpeace Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    716
    Location:
    Ireland
    Hello, I was reading through "help" and it seems handy enough to clear. Open up ZA, left hand side>>"Overview". Header>>"Status" and at bottom of page you will see "Reset to Default".
    My version is 3.7.211.
     

    Attached Files:

    • ZA.JPEG
      ZA.JPEG
      File size:
      1.3 KB
      Views:
      9,291
  20. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Hi mOp,

    Actually, that option simply resets the current session stats (i.e. the Inbound Protection and Email Protection counts), not the totals blocked intrusions at the top of that screen. This is the popup you get when using the option you mention:
     

    Attached Files:

  21. manOFpeace

    manOFpeace Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    716
    Location:
    Ireland
    OK LowWaterMark, got it wrong again :oops:
    That is the same popup as I get.
     
  22. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Actually, I probably should have documented that in the first post here. I was more concerned about clearing the grand totals. I never thought about the session stats. A lot of people may not have realized those could be cleared by using that option.
     
  23. pompste

    pompste Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    27
    Hi,when you find the BLOCKCOUNT & HACKCOUNT numbers in regedit----how do you change the numbers? Please be specific.
    THANK YOU
     
  24. pompste

    pompste Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    27

    How do you actually reset the numbers to zero once you have found them in regedit? Please be specific.THANK YOU
     
  25. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, pompste

    If you make a folder somewere [My Documents] and put the reg.file in it you can reset any time, it is better then having to open regedit and find and reset the key.

    Hope this is of some help.

    Take Care,
    TheQuest 8
     
Thread Status:
Not open for further replies.