ZoneAlarm Pro 6.0 & BOClean issue....

Discussion in 'other firewalls' started by q1aqza, Jul 28, 2005.

Thread Status:
Not open for further replies.
  1. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Just purchased BOClean (so very new to it) and started testing it with ZAP 6 and I am experiencing a dangerous behaviour warning whenever I launch any app that doesn't have 'super' trust status. See attached pic. Obviously I don't want to allocate super trust status to every single program that I run as surely that would negate some of the security provided by the new triple firewall.

    Is anyone else experiencing this?
     

    Attached Files:

  2. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Think I was a bit too hasty in my post. I've managed to solve it. Windows NT Session Manager (smss.exe) was set at 'trusted' but by setting it to 'super' it has stopped these alerts.

    I hope by allowing super trust level to smss.exe I haven't caused any other potential security hole??
     
  3. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Do not know? But I am hearing about issues between ZA 6 and BoClean.

    See post 190. Kevin spoke about problems. :doubt:

    https://www.wilderssecurity.com/showthread.php?t=90017&page=8&pp=25

    "Just SMELL the desperation in ZA6, condemned to do really dumb things and fail to detect what's REAL and what's not. BOCLEAN is a trojan as far as ZA6 goes! We've got a KEYLOGGER, or so they false-detect! Hahahahaha."

    I know which one I would keep should I need to make a choice at some point. ;)
     
  4. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Thanks Mercurie. Interesting point Kevin made.

    OK, I did have to increase the trust level of BOClean itself to 'super' which stopped the dangerous behaviour alerts but then again I also had to do the same for KAV & Ewido to stop dangerous behaviour alerts from them - so I guess the very nature of what these programs do they need full unrestricted access on a system. Now I have promoted smss.exe to 'super' the other problem I posted above has definitely gone away.

    I guess prior to installing ZA6 these apps had free reign to launch anyway, but least at since installing ZA6 there are now numerous apps/processes that are restricted or set at least set to ask, so I do feel more secure.

    Also, my initial impression of BOClean is that this is a very neat little program and I think it will be a welcome addition to my kid's PCs too. I hope ZA & BOClean will continue to play nicely together on my PC now that I have overcome these initial probs. :)
     
  5. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    I spoke too soon re: solving the above BOClean issue. It has started coming up with the same error as per my first post despite the super trust to smss.exe. :mad: This time I haven't been able to solve, it short of giving every app that launches super trust status.

    Is anyone else having the same problem??
     
  6. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Email BOClean support. I found them very helpfull regarding a FP I had. Also ZA has a user forum on their site.
     
  7. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Thanks hammer. I'm surprised there haven't been any replies from other BOClean users - surely some of them on this forum have tried the ZA6.

    But yes, I'll try BOClean support first see if they have any suggestions but ultimately it is a ZA triple firewall problem.
     
  8. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    I also get the same the same message.I just allow it when i see that it is a "safe" program.But i don't check the remember (="apply this setting to all dangerous...") button & don't give the "super"trust status.
    Sorry i can't help you more.
     
  9. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Thanks ronny. Just a bit tedious that's all. It's a bit like never fully allowing an app to run with a 'standard' firewall and having a prompt everytime you launch an app.
     
  10. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Indeed it is! :doubt:
     
  11. gpp

    gpp Guest

    Edit: removed unnecessary personal comment. - CrazyM
     
    Last edited by a moderator: Aug 30, 2005
  12. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Then why don't you tell him step by step what he needs to do. :rolleyes:
     
    Last edited by a moderator: Aug 30, 2005
  13. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Crazy M will see this eventually. He can probably advise you if Kevin can't help.
     
  14. TraCKs

    TraCKs Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    36
    Location:
    Australia
    q1aqza, before the new update of ZA, you were automatically giving programs the dangerous behavior fuction! its just now with the new ZA update that ur getting the warning, before hand it just went ahead without any warning...

    oops, i see you already mentioned this in another post! Damn! im just gettin old.. o_O
     
  15. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    This type of component control will always be tedious and give you lots of prompts. Security applications and system services will probably have to be fully trusted. If you restrict trusted applications too much, be prepared for continued prompts. Try configuring it so the prompts will bring your attention to unknown processes, not your day to day activities and use of trusted application.

    Found the following on the ZA forum that may help:
    http://forum.zonelabs.org/zonelabs/board/message?board.id=win_za_msgs&message.id=10068#M10068

    Regards,

    CrazyM
     
  16. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Thank's Crazy M.
     
  17. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    All this worrying about PC security is making us get old :D I really like the new OS firewall and the additional protection it offers but if I have to give super trust status to all the apps then I might just as well use the free version of ZA without the OS firewall!!

    Since my original post I have (reluctantly) given up on ZA Pro 6 until/if zonelabs solve the problem of not recoginising BOClean as 'friendly' app. I've also played with Kerio 4.2 which has a similar function with it's new HIPS feature and that plays nicely with BOClean.

    Crazym, thanks for the link. I had got ZAP alerts to settle down nicely and then I went and bought BOClean and then all went haywire!! I hope zonelabs do fix it as I would like to go back to using it.
     
  18. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Have you contacted BOClean support? I know you said you were going too.
     
  19. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    No I didn't bother in the end. I'd read some thread where Kevin was obviously referring to ZA stupidly seeing BOClean as a malicious app. I've tried BOClean against most other FWs and no problems at all so I do feel it would be unfair to raise this with BOClean support. Afterall it is really a ZA problem, is it not?

    I keep do keep an occassional eye on the zonelabs forum where there are a few posts about this so when I spot some progress on that forum I'll give it another try.
     
  20. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Kevin may have a special build now. But you won't know if you don't ask.
     
  21. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Fair point. I'll send them an email.
     
  22. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Do BOClean and ZoneAlarm work ok together now?
     
  23. unhappy_viewer

    unhappy_viewer Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    259
    ZA and BOClean certainly work together.

    Take note that the dangerous and suspicious alert from ZA is not a false positives. The alert does not indicate that your program is a malware. What it indicates is that the program is trying to do something suspicious like opening up another program etc which is a common way for malware to do their nasty work. In the case of q1aqza, it shows that BOClean is trying to use Windows Messages.

    What you have to do is to determine whether the program in question is then a malware or not. Obviously we can trust BOClean. So q1aqza should put a tick in the box "Remember This Setting" and click "Allow".
     
  24. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Not strictly true. It is all the other programs you launch that you have to allow and you have to give them super trust status. Which then means (my understanding is) if those programs did start doing something suspicious, i.e. something caused by malware, then ZA would not alert you as those programs can do anything.
     
  25. unhappy_viewer

    unhappy_viewer Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    259
    Thats true but you have got to find the right balance between an efficient protection and being bugged about stuff. Thats why it pays to have good common sense and a good layered security. If you know that you practise good surfing habits, have the appropriate security softwares etc. then I don't think a malware would even get the chance to infect your computer. Even if a mware did try to infect your computer, your AV and anti-trojan should have picked it up before hand if you have up-to-date definitions.

    Also remember that there are more symptoms to a malware infection than just disabling security programs. In my many years of removing malwares and monitoring trends, malware suually disables security programs. I have not come across one that actually utilises a security program to do malicious stuff (or at least not that I can remember). Other suspicious activity include modification to the registry, trying to run as at startup etc. One of these would be bound to be picked up by ZA's OSFirewall feature.
     
Loading...
Thread Status:
Not open for further replies.