Security Product FAQ: ZoneAlarm

From CastleCopsWiki

Jump to: navigation, search
Caution The article below is currently in beta and has not been reviewed for factual errors.

Contents

[edit] Introduction

Welcome to Castle Cops Wiki and the ZoneAlarm FAQ!

This document was originally compiled from notes and experience gained by helping others with Zone labs' ZoneAlarm program. See the document history for full details of all contributions. Although not all-inclusive, this FAQ is an attempt to cover the questions raised most frequently. In the event you have a question not answered here, please stop by the ZoneAlarm section at CastleCops online support forum. We will do our best to assist you.

[edit] Installation, Uninstall and Upgrade

Q: Which ZoneAlarm product do I want?

A: http://download.zonelabs.com/bin/media/flash/productSelector/prodselect.html


Q: What if I bought the wrong product for my needs? Can I get a refund?

A: We cannot answer for a certain. You will have to contact the ZoneAlarm Customer Service.


Q: Two ZoneAlarm products can't "merge" together --- Possible scenario:
I recently purchased ZoneAlarm Anti-spyware from the website - and then a few days later purchased ZA anti-virus. When installing the AntiVirus product, I get the message "ZoneAlarm cannot be installed on this computer. You have an incompatible version of ZoneAlarm anti-virus".

A: You cannot install one type of ZoneAlarm product with the other and expect them to merge. The earlier installed ZoneAlarm product will just get overwritten by the new one. If you want the features of ZoneAlarm Antispyware and ZA Antivirus, you should get ZoneAlarm Internet Security Suite. I suggest that you call Zone Labs customer support and tell them that you bought the wrong products, thinking that they could merge. They should be able to help you out. ZoneAlarm Customer Service


Q: Which operating systems do ZoneAlarm support?

A: Windows 98se/ME: Limited support. ZoneAlarm Security Suite V6.1.744.001 is the last version that will run on the Windows ME operating system. However, there are a few new and advanced protection features in current ZoneAlarm products that will not run on this operating system due to technical limitations of this operating system. Furthermore, Microsoft has stopped automatic/proactive updates of this operating system and plans to end support entirely in early 2006. Zone Labs strongly recommends upgrading to a more current and supported version of Windows operating system.

Windows 2000/XP: All currently shipping ZoneAlarm products will run without limitation on the Windows 2000 and XP operating system.

Windows 95 and 98 Original: No longer supported.


Q: Where can I get the current version of ZoneAlarm?

A: http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?dc=12bms&ctry=US&lang=en&lid=zassskulist2_trial


Q: Should a previous version of ZoneAlarm be uninstalled before installing a newer version?

A: Not absolutely required. There is an option when you run the installer to choose "clean install" or "upgrade". We recommend choosing "clean install" for the most trouble-free installation.


Q: When installing, I receive an error message about Admin rights required. How do I fix this?

A: For users who receive an error message that Admin rights are required to Install or Uninstall:

First, verify that you are using an account with Admin rights. If not, use only an Admin account. Otherwise, this is usually due to a failed install or uninstall. The following requires use of the registry editor. WARNING - Improper use of the registry editor can create system problems! If you have any questions or doubts please seek help from someone familiar with these tools! Always make a backup copy first, and TEST that backup, before editing the registry (see the local Windows help files, or see Help from inside the Registry Editor program). XP users can use REGEDIT. W2k users must use REGEDT32; this can be found on the original W2k CD if it not already installed.


When an uninstall or install fails, sometimes Windows does not reset to the default permissions, although the program thinks it is installed.

Click Start -- Run -- type REGEDIT (XP) or REGEDT32 (2000), and click OK.

Navigate to the main Zone Labs registry key at: 

HKEY_LOCAL_MACHINE\SOFTWARE\Zone Labs

Right-click on that key and select Permissions. Make sure that SYSTEM account, and the account you are trying to uninstall with, show that they have FULL and READ permissions, and SPECIAL is not checked. Nothing should be checked in the right column for Deny.

Once you save that change, rerun the installation or uninstall.


Q: I'm new to computers. Is there a ZoneAlarm tutorial I can peruse?

A: http://www.zonelabs.com/store/content/support/zasc/gettingStarted.jsp?lid=zasupp_g&AID=9754927&PID=1545075


Q: I want to remove ZoneAlarm entirely from my computer. How do I do this? http://nh2.nohold.net/noHoldCust25/Prod_1/Articles55646/CompleteUninstallNonNT.html For a normal clean uninstallation, http://www.nohold.net/noHoldCust25/Prod_1/Articles55646/clean_install.html

A: We do not recommend using Windows' Add/Remove Programs to uninstall ZoneAlarm as there will still be remnants.


Q: The latest version is not working very well for me. How do I get back to an earlier version?

A: Please perform a Clean uninstall of your copy of ZoneAlarm first.

Depending on which ZoneAlarm product you are using, download an earlier version from here: http://forum.zonelabs.org/zonelabs/board/message?board.id=inst&message.id=39953


Q: When I attempt to install ZoneAlarm, I get one or both of the following error messages: Validation failed for c:\windows\system32\vsint.dll. Probably missing a necessary root certificate
Validation failed for c:\windows\system32\vsdata.dll. Probably missing a necessary root certificate

A: Root Certificates verify whether the file is from the correct publisher or not. It appears that the root certificate on your machine is corrupted and thus cannot validate. Try following these steps first and see if it helps:

Open Your browser and navigate to the following URL.
Once at the web page follow the directions to reset your root certificates.
[https://getca.verisign.com

[edit] IMSecure and ImSecure Pro

Q: What is IMsecure Pro??

A: IMsecure Pro is the first comprehensive instant messaging (IM) security solution for MSN Messenger, Yahoo! Messenger and AOL Instant Messenger, including third-party clients such as Trillian. IMsecure Pro keeps IM conversations private and protects PCs from IM SPAMmers, identity thieves, hackers and predators who exploit vulnerable IM connections.


Q: Can people access information I store in ID Lock?

A: You may encrypt your information so that people who gain access to your machine can not access your sensitive information. In this case, IMsecure Pro stores only an SHA1 one-way hash of your information and does not store the free text data.


Q: Does IMsecure encrypt all my chat sessions?

A: Encrypts instant messaging between any two IMsecure Pro-protected clients that are connected to the same IM service, even if the IM clients are different (for example, IMsecure Pro can encrypt messages between Yahoo! Messenger and Trillian). The free version, IMsecure, will encrypt messages sent from one IM account of the user's choice while the Pro version will encrypt on all services.


Q: Does IMSecure protect GoogleTalk?

A: No. Google Talk has just been released not long ago. Furthermore, Google Talk is a Jabber client and Jabber is not a P2P network. Its more akin to an instant e-mail system than an instant messaging system with messages sent from a Jabber client to a Jabber server which routes it to another Jabber server for delivery to the recipients Jabber client. IMsecure would have to be modified to include Google Talk (and other Jabber clients) in the list of programs with which it interacts for it to work.


Q: ZoneAlarm won't allow to connect to IRC.

A: Go to Settings and press "Advanced". Uncheck "Block IRC".


[edit] Configuration

Q: How do I get Internet Connection Sharing (ICS) to work with free ZoneAlarm?

A: The free version of ZoneAlarm does not support ICS. Your options are to set Internet Zone to Medium setting (on the ICS gateway machine only), or you can upgrade to the paid versions of ZoneAlarm, which fully support ICS, allowing you to keep Internet Zone set to high. Also see here: http://zonealarm.donhoover.net/icssettings.html


Q: How do I get XXXX program to work?

A: The help files in ZoneAlarm cover many of the most common programs. From inside ZA, press F1, and go to the Search tab. Try searching for the program by name; if that doesn't work, try by program type (example: for MSN Messenger, you could search for CHAT).


Q: When should I give a program "server rights" and when should I deny a program server rights?

A: You may receive some alerts asking you if a certain program should act as a server and be given "server rights". We recommend that you not give any program server rights unless one of the following is true for you:

  • You are hosting a Web site on your computer
  • You are sharing files with another person(s)
  • You are playing games that require point-to-point connections with other players across the Internet

If any of these situations apply to you, then you should give programs for the activity server rights. If none of the above examples applies to you, it is not recommended that you allow any program to have server rights. Allowing a program to have server rights means that an outside connection can access your computer through that program.

At any time in the future, you can always change the setting of the program to give it "server rights" by going to Program Control (left-hand column) > select the Programs tab > highlight the program you wish to give "server rights" > click on the "X" under "Server" and click "Allow" in the little box that pops up.

[edit] ZoneAlarm Antivirus/Antispyware

Q: Is ZoneAlarm Antivirus developed by ZoneLabs?

A: ZoneAlarm Antivirus is provided by CA; however the software is supported by Zone Labs, and all updates come from Zone Labs' servers, not CA's.


Q: Is ZoneAlarm Antispyware developed by ZoneLabs?

A: Yes.


Q: Do I have to use ZoneAlarm antivirus if I have my own?

A: There is no requirement to use the anti-virus module in ZoneAlarm if you have another antivirus. However, you should use only one antivirus product at a time.


Q: How do I know the latest signature DAT file versions?

A: http://forum.zonelabs.org/zonelabs/board/message?board.id=Antivirus&message.id=5744#M5744


Q: Is there a way to download signature DAT files manually?

A: Unfortunately, currently there is no way to download standalone definition files. The only way to update ZA's AV and AS is to use ZA to download them directly.


Q: I can't get Antivirus to turn on!

A: Please try a database reset to see if it would solve the problem:

  1. Boot your computer into the Safe Mode {Instructions if needed}
  2. Navigate to the c:\windows\internet logs folder
  3. Delete the backup.rdb and iamdb.rdb files in the folder
  4. Reboot into the normal mode


Q: I get a blank Antispyware/antivirus screen!

A: This issue may be due to damaged or out of date XML files.

  1. In the Worldwide Downloads list at http://www.microsoft.com/downloads
  2. In the Keywords box, type "Microsoft XML Parser 3.0 Service Pack 7" and then click Go
  3. In the list of available downloads, click Microsoft XML Parser (MSXML) 3.0 Service Pack 7 (SP7)
  4. Run the file downloaded
  5. Follow the instructions on your screen
  6. Reboot


Q: ZoneAlarm Anti-virus cannot remove trojan!

A: Traditional anti-virus programs have limited capabilities in detecting and removing trojans since they are classified as a sperate malware. You will require a specialized anti-trojan product. Please follow the guide:

Malware_Removal_and_Prevention:_Introduction
You may find other stuff besides trojans. After you have cleaned your computer, take these steps to prevent re-infection:
Malware_Prevention:_Prevent_Re-infection


Q: Anti-virus Monitoring doesn't detect my anti-virus software! Why?

A: Anti-virus Monitoring currently detects the following antivirus products:

  • Norton Antivirus
  • McAfee Viruscan
  • Computer Associates EZ Antivirus

If you use a different antivirus product, Anti-virus Monitoring will not recognize it at this time. This does not mean that your ZoneAlarm product is malfunctioning; your security remains as strong as ever.

ZoneLabs will be adding the ability to recognize more products over time. If your antivirus product is not currently supported, you may simply turn off the Anti-virus Monitoring feature. Do not worry-- Anti-virus Monitoring is monitoring only and has no affect on the firewall and no direct affect on security. The resources saved will be better used by other programs.

MONITORING IN ZONEALARM AND ZONEALARM PRO
In these products, you will see an Antivirus Monitoring panel. From this panel you can view the status of your antivirus product. You can also turn monitoring on or off, or you can turn on or off just the monitoring alerts.

MONITORING IN ZONEALARM WITH ANTIVIRUS AND ZONEALARM SECURITY SUITE
In these products, there is no Antivirus Monitoring panel because the products are equipped with Zone Labs Antivirus. When Zone Labs Antivirus is turned off, the Antivirus Monitoring feature is activated.Monitoring can be turned off from any monitoring alert, or from the Main tab of the Alerts & Logs panel, under Advanced Options. It appears as a checkbox under Antivirus Monitoring Events.


[edit] Access

Q: Why is ZA blocking Internet after a while?

A: The most common cause is that you are losing your IP address. Most ISPs use DHCP to assign IP addresses. Many also send a heartbeat to see if you are still connected. ZoneAlarm may have blocked them.

1. Go to Run type in command, hit OK, and type ipconfig /all then press enter. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side
2. In ZA on your machine on the Firewall>Zones tab click Add and then select IP Address. Make sure the Zone is set to Trusted
3. Click OK and then Apply and see if that works to fix it

OR Disable Zone Alarm at start up by clicking on “Overview”, “Preferences” and uncheck box under “General”. This will prevent Zone Alarm from loading when you start your computer. By doing so, your computer will detect your DSL modem, current IP address, etc. Then click on Zone Alarm to load the security suite.


Q: Why did I get a Lockup page?

A: The Lockup pages you are sent to is specific to the situation you are experiencing. Be sure to follow ALL of the instructions on the Lockup page you are sent to, as it explains exactly what is happening, and how to stop it from occurring. Note that if you have a virus that is trying to kill antivirus and firewall software, the firewall is going into Protect mode to save your valuable data. You should make sure your system is free from any infection before fixing the Lockup issue.


Q: I uninstalled ZA, and lost all access!

A: If you uninstalled ZA and lost your access, then the uninstall was not able to remove the firewall driver properly. If your browser goes to a site called lockup.zonelabs.com, there are specific instructions to help you fix this problem. Otherwise you can contact ZoneLabs Support at https://www.zonelabs.com/store/content/forms/tech_support.jsp


Q: I can't connect to ftp sites after installing ZoneAlarm!

A: Go to Program Control > Programs and look for alg.exe in the list.

Switch everything to "?". Try to access the ftp site in question again.

There should be a ZoneAlarm alert window saying that alg.exe wants to access the internet appears, click on "OK".


Q: I've installed ZoneAlarm but cannot see other computers or print files on my home network. What should I do?

A: To share printers and files with other computers on your network, you will need to configure ZoneAlarm to allow access to the computers with which you plan to share resources. To configure ZoneAlarm for file and printer sharing, first make sure that your network is in the Trusted Zone.

To make sure you can connect to your home network and share resources, open the ZoneAlarm user interface > click on Firewall (left-hand column) > and select the Zones tab.

Under the Name column, find your home network (it might be the only listing). Under the Zone column, click one time on Internet.

A little box should appear (as seen in the picture below) that says "Internet" and "Trusted". Click on Trusted.

Close ZoneAlarm.

Next, go to Firewall (left-hand column) > Main tab > and make sure that the Internet Zone setting is on "High" and the Trusted Zone setting is on"Medium".

[edit] Security and Vulnerability Questions

Q: Do I need a PC firewall if I'm already using a hardware firewall?

A: Most home network routers include a built-in hardware firewall that monitors and blocks inbound communications at the network level. By comparison, a PC firewall can monitor and block both inbound and outbound communications at the PC level. For the most complete protection, a PC firewall should be installed on every computer on a network. Combined, a router's firewall and a PC firewall provide multiple layers of protection that a router firewall couldn't provide by itself. And unlike your home network router, a PC firewall can easily go where your computer goes. Only a PC firewall can protect your Internet-connected computer on the road.


Q: vsmon.exe is connecting to the internet!

A: http://forum.zonelabs.org/zonelabs/board/message?board.id=security&message.id=9675#M9675


Q: Why are my ports not stealthed? / 0 intrusions recorded.

A: Anything that has Server rights in ZA will be listening on the port it needs for inbound connections. If you are behind a NAT router or hardware firewall, that is the system being tested in most cases, not your computer. Also, using "netstat" shows what is listening on your system, but if it does not have Server rights in ZA, then it will listen but never receive inbound connections - ZA is doing its job.


Q: ZoneAlarm blocked thousands of intrusions and still blocking. Is someone targeting me specifically?

A: Possibly. But most of it all is just what we call internet background noise. In whatever case, you are safe with ZoneAlarm protecting you.


Q: ZoneAlarm is one of the last to start up. Won't my computer be unsafe until it loads?

A:By default, ZA starts running as a service when the computer starts. Once you log in, you will see the User Interface (zlclient.exe) start up, but the firewall (vsomon.exe) is already in place.


[edit] Windows and ZoneAlarm™ Messages and Alerts

Q: What are ICMP, DHCP or DNS alerts?

A: These are usually alerts that ZA is blocking some of your ISP's servers. You should contact your ISP to find out how they handle ICMP, DHCP and DNS - some will be an IP address, others may be by site (e.g. ns1.attbi.com). Add these to your Trusted Zone, and make sure that it is set to Medium or lower. If you add by site name, you MUST be connected when adding it so that ZA can determine the proper IP addresses to add.


Q: What are VSDATA files?

A: These are the actual firewall driver files (can be VSDATA95 or VSDATANT or both). If an uninstall or upgrade fails, in some cases it may leave registry entries or files, which can block Internet access, or generate error messages at startup. In these cases you will need to reboot into Safe Mode to remove the file. On Windows 98/Me, the startup warning can be ignored by hitting the ENTER key. If you reinstall ZA, the warning will disappear. If you don't plan to reinstall ZA, you will need to make a note of the exact registry key listed, and remove that key.


Q: Why am I getting an error in WSOCK32, or ZA crashes on shutdown?

A: Sometimes, another program may install its own version of the Winsock file. However, ZA products are designed to be used only with the Winsock file that ships with all current Windows versions. Try searching your entire system for the file name WSOCK32.DLL. If you find multiple copies, right-click on each filename, select Properties, then Version. The official version should be found in your SYSTEM or SYSTEM32 folder. Try renaming the unofficial versions found elsewhere to WSOCK32.OLD (don't delete them until you are certain that all of your programs work properly!).


Q: Why am I getting a lot of pop-up alerts?

A: Pop-up alerts are designed to advise you on what programs are trying to get in and out of your computer. This allows you to ensure that nothing harmful is getting into your computer, and no malicious programs are sending out your personal information.

This is part of the initial ZoneAlarm security process. When you check the box next to "Remember this setting", you will not see a pop-up for that program again (unless the program changes on your computer).


Q: XXX.exe is trying to access the internet.

A: When you receive a New Program alert, check the Application field to see what the program is. If you recognize the program, click the box next to Remember this setting, and then click Allow. If you do not recognize the program, you can do one of two things:
1)If you do not recognize the program name, you can click the More Info button which will guide you to the Zone Labs Web site. Zone Labs provide descriptions for many programs to help their users make safe decisions.
2)If you need more information than what is offered at ZoneLabs.com, search the Microsoft Support site or use a search engine like Google for information on the program in order to determine what the program is and what it is used for. You can then decide to allow or deny access to this program.
When in doubt, it is prudent to deny access.


Q: What should I do when I receive a Firewall blocked access alert?

A: When you receive a "Firewall has blocked access alert," all you need to do is click OK. This is an informational alert to let you know that ZoneAlarm has blocked access to your computer.

If you do not wish to see these alerts anymore, click the box next to Don't show this dialog again, then click OK.


Q: Windows explorer wants to connect! Should I allow it?

A: http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&message.id=32784#M32784


[edit] General

Q: How do I access the ZoneAlarm help files?

A: Restore ZoneAlarm Control Center and press F1. The help files is a massive database of information. It is however universally distributed for all versions of ZoneAlarm, meaning some information you see there may not be related if you are using the free version.


Q: ZA (vsmon) is using up all my resources!

A: Many, many possibilities.

Please first make sure that you do not have MailSafe enabled and also have your antivirus scanning email attachments. They may be conflicting.
If this does not solve the problem, go to Program Control > Programs. Do any entry have a tick under Server? Mark it a "?" instead.
Also scan your computer for trojans: http://scan.sygatetech.com/pretrojanscan.html
http://www.windowsecurity.com/trojanscan
Trojans, which require server access, may have sneaked through ZoneAlarm and cause ZoneAlarm to constantly monitor the ports.
Another possibility is that you are using a peer-to-peer (P2P) program. Running a P2P program like Limewire or Kaazaa may cause ZA to constantly monitor the ports, adding on to its memory usage. You should cease using these P2P file-swapping programs. In fact, most of them have spyware bundled in it.


Q: ZoneAlarm is not remembering settings!

A: Your database is corrupted

  1. Boot your computer into the Safe Mode (Instructions if needed}
  2. Navigate to the c:\windows\internet logs folder
  3. Delete the backup.rdb and iamdb.rdb files in the folder
  4. Reboot into the normal mode


Q: What is zalog.txt? It seems to be a bunch of gibberish characters!


A: http://zonealarm.donhoover.net/logfile.html


Q: I have just installed free Zone alarm 6.0.667.000 on a new compaq laptop. After startup, an explore window pops up named zone.com, with one folder Zone Deluxe games, with sever Oem.exe games (I believe) inside. Zone alarm firewall will not startup unless I do it manually.


A: This seems to be fairly common with Compaqs.

Create a new folder named ZoneGames (for example).

Drag the contents of the Zone.com folder to the new folder then delete the Zone.com folder.
<br If you cannot delete this folder, start up in Safe Mode (keep tapping F8 until a menu appears and select Safe Mode from there). You should be able to delete it then.

[edit] Common Program Settings

Q: How do I block or unblock specific ports?

A: All paid versions of ZoneAlarm provide complete flexibility for customization in the "Expert Rules" tab of the Firewall panel. This feature is not available in the free ZoneAlarm. Using the Expert Rules form, you can block or unblock specific ports, sources, or destinations.


Q: How do I set up Expert Rules For Common Programs?

A: Expert Rules For Common Programs part 1

Expert Rules For Common Programs part 2

[edit] MailSafe, Privacy and Web Filtering

Q: How does Mailsafe work?

A: MailSafe and How It Works


Q: Where does ZA move the attachments?

A: ZA does not move the attachments at all. It quarantines the attachments by changing the file extension on potentially dangerous files. If you are sure that a file is safe, simply go to that email, and double-click on the file attachment. ZA will ask what you want to do with it.

Q: It says Outlook Express denied me access to the attachment!

A: Security updates from Microsoft change Outlook Express settings to protect you from some file types as well. This message means that Outlook Express, NOT ZA, is blocking the attachment. See your Outlook Express help files for information on how to access these.


Q: How do I adjust Privacy settings for a site?

A: Be sure that the Privacy Advisor is turned under Privacy -- Cookie Control -- Custom. Then, whenever a site is affected by your Privacy settings, it will appear in the Privacy Panel -- Sites list, where you can adjust settings for that specific site. http://zonealarm.donhoover.net/privacy.html


Q: Is Privacy turned on for all programs, browsers included?

A: Privacy is turned on for browser by default. It is NOT turned on for other programs. Therefore, if you use something like RealOne Player and want to protect the browser-like part that it loads, go to Programs, click on the program name, click options, and turn on Privacy for that program. In the case of RealOne Player, watch the sites list. There will be several showing up. Adjust security settings by site for those (one is important and must have Privacy turned off for it, or RealOne Player won't work at all). Adjust by site, until you get what works best for you.


Q: I have trouble accessing sites since I installed ZoneAlarm!

A: If you have problems accessing any site that you need to log into, turn Privacy off for that site. Also, you may need to add the site to your Trusted Zone. And lastly, reduce privacy settings in your browser if necessary.




This article is part of the Security Product FAQ series

The series was developed as independent
efforts by dedicated contributors

Ad-Aware ewido ZoneAlarm
edit this template
Retrieved from "http://wiki.castlecops.com/Security_Product_FAQ:_ZoneAlarm"
Personal tools