Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Why Isn't Zonealarm Showing Blocked Intrusions?


  • Please log in to reply
14 replies to this topic

#1 PCIlliterateGal

PCIlliterateGal

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 02 July 2008 - 09:30 AM

I was looking under "Overview" in ZoneAlarm, and I noticed that it says there've been 3 blocked intrusions, 0 of them high-rated. Only three, none of them high-rated? Should I be worried that it isn't blocking like it should or could it be that the interface is just acting screwy? There are only 3 alerts in the log, also.

BC AdBot (Login to Remove)

 


m

#2 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:14 AM

Posted 02 July 2008 - 12:25 PM

Hello PCIlliterateGal,

Can you post the information about the intrusion attempts?

Are the options in Zone Alarm set up correctly for alerts?
Regards,

Alan.

#3 PCIlliterateGal

PCIlliterateGal
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 02 July 2008 - 06:44 PM

Do you want me to post the alert log?

I've checked everything. I've got it on "Show All Alerts"

Edited by PCIlliterateGal, 02 July 2008 - 06:47 PM.


#4 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:14 AM

Posted 02 July 2008 - 06:46 PM

Yes please.
Regards,

Alan.

#5 PCIlliterateGal

PCIlliterateGal
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 02 July 2008 - 07:54 PM

I don't see how to copy the log info.

#6 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:14 AM

Posted 02 July 2008 - 08:04 PM

Could you provide a screenshot? of the log?
Regards,

Alan.

#7 PCIlliterateGal

PCIlliterateGal
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 02 July 2008 - 08:47 PM

I'm not sure how to do that either.

#8 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:14 AM

Posted 03 July 2008 - 05:10 AM

Thats ok, on the keyboard, there is a button called Prt Scr press this button and then open paint, located in start=>all programs=>Accessories>paint.

once paint has opened, press CTRL and V

the screen shot will appear, then you need to save it and upload the image here or host it on a site like photobucket and provide the link.

This will give us an image of ZoneAlarms error log and from this we can then see if the entries are false alarms or if its something to be concerned with.
Regards,

Alan.

#9 PCIlliterateGal

PCIlliterateGal
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 03 July 2008 - 07:17 AM

Okay, I got screenshot. This might be a dumb question...but is it safe for me to post the log if my IP address is included in the log?

Edited by PCIlliterateGal, 03 July 2008 - 07:18 AM.


#10 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:07:14 PM

Posted 03 July 2008 - 12:39 PM

Doing screen shots is more difficult than just pasting the log.

Zone Alarm readable text files are in C:\Windows\Internet Logs directory.
Just find file that looks like this (from before) ZALog2008.07.01.txt
or today's active file ZALog.txt

Open using Notepad, select all text, copy, then paste into the message here.

If you use a router, the amount of firewall alerts is almost nil unless you're logging every little bit of communication even on the local network. If you have a paid version, there will be operating system alerts.

If you use a router, posting IP address poses zero risk, as your IP cannot be accessed from outside.

If you do not use a router, and your IP is static, i.e. never changes, well, you might then want to suppress it.

If you do not use a router, and your IP address is dynamic, different every day or so, you could publish it, then renew the IP by ipconfig renew or a reboot.

Edited by tos226, 03 July 2008 - 12:46 PM.


#11 PCIlliterateGal

PCIlliterateGal
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 07 July 2008 - 12:19 AM

Is this it?

ZoneAlarm Logging Client v7.0.470.000
Windows XP-5.1.2600-Service Pack 2-SP
type,date,time,source,destination,transport (Security)
type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
type,date,time,source,destination,action,service (IM Security)
type,date,time,source,destination,program,action (Malicious Code Protection)
type,date,time,action,product,file,event,subevent,class,data,data,... (OSFirewall)
type,date,time,name,type,mode (Anti-Spyware)
PE,2008/07/06,05:12:36 -4:00 GMT,ZoneAlarm Client,C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe,66.193.112.50:53,N/A
ZLUpdate,2008/07/06,05:13:56 -4:00 GMT,,,Auto
ZLUpdate,2008/07/06,05:14:00 -4:00 GMT,,,Auto

I'm not sure what a router is, so I guess I don't use one. I'm not really concerned about the lack of alerts but the lack of blocked intrusions. ZoneAlarm used to block hundreds of intrusions a day -- now it's only blocked three since install? I'm wondering if there's just something wrong with the logging feature or if it's truly only blocked three intrusions, and if I should be concerned. Do I need to reinstall?

Also, I recently switched from cable to DSL...could that have something to do with how many attempted intrusions there've been on my computer? When I had cable, ZA would log blocked intrusions seemingly every minute.

#12 PCIlliterateGal

PCIlliterateGal
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 10 July 2008 - 02:56 AM

anyone?

#13 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:14 AM

Posted 10 July 2008 - 05:45 AM

Hello, sorry, I wasn't alerted to your reply.

If you have switched providers you will most likely have a different computer address which might account for the lack of intrusion attempts.

You could reinstall the firewall just to be safe.
Regards,

Alan.

#14 PCIlliterateGal

PCIlliterateGal
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 10 July 2008 - 12:37 PM

I'll try that. Thanks!

#15 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:14 AM

Posted 10 July 2008 - 12:38 PM

No problem, glad to help.
Regards,

Alan.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users