Thanks for the reply! I'm almost positive things are set up wrong. Do you mind helping me get it all set up right? I really need a dummy's step-by-step, over-explained, version of instructions, I think...
I got a reply from the ZA board, and I will post their instructions further below, but I have some more questions about what you posted, and I really don't understand any of this stuff (and, believe me, I tried reading all the links about all this stuff, and my eyes glaze over), so feel free to reply with instructions/answers as if I were three years old! Note that I have/use dial-up, though my laptop does have a wireless modem (I only occasionally use at a friend's house) and a high-speed internet line, which I don't really ever use. 1.
The first important questions is, has my computer been at risk for anything by how it's set right now? Am I sending any information or allowing access to my computer (or access to my incoming email) to something...?
I have a hunch you do not have DNS servers in the trusted zone, why else would there be requests to so many places, including requests from outlook express. Forgive me if I'm wrong. Just guessing.
I'm 99.9% sure you are correct. So how do I do this exactly? 2a.
So what exactly are all these requests that are being sent out, and is it bad that it's been doing this? (I guess that goes back to #1 above...)
If the router is your DNS server, put that in the trusted zone.
I don't know if this is the case, as I don't understand what that means. How can I check?3a.
And if that's the case, how do I put it in the trusted zone?
Do you have your Firewall/Zones set up properly? Network, Loopback 127.0.0.1, DHCP server, DNS servers all trusted?
Again, I don't know... But I'm attaching a screen cap of Firewall > Zones from ZA below so you can take a look... What do I need to do?
Do you have Generic Host Process with 3 checks from the left and everything else at most two? (I don't recall whether ZA free has a place to check send mail, do so if it does).
I do have it set that way for Generic Host Process. Everything else, for the most part, I have set to "?-Ask" for everything. Some of that is probably wrong, but for stuff that it doesn't matter, I prefer to be asked each time (if that's okay). I'm attaching an image below that shows everything from Program Control > Programs. Take a look and let me know what I should do...
Don't give Windows Explorer internet access, it does not need it. Do give IE internet access but no server rights.
As you can see, I've got Windows Explorer set to all "Ask-?'s" -- should I put any of those columns to "X-Block"? Which columns exactly? (I don't understand Internet Access vs. Server Rights exactly, as there are four columns there, two for Access and two for Server, so let me know which specifically of the four... thanks!)6a.
Why does IE need internet access? I only use it for Windows Updates, and I let it ask me to give it permission each time. Is that bad for some reason?
If you do the edits above and the problem persists (it shouldn't), then I'd be clearing out the bad settings, because it just does not look right (sometimes Windows errors cause the ZA database to be mangled).
Here's the instructions I got from the ZA board on how to completely restart (my comments to you are in BOLD CAPS
throughout), but I'm uncertain about a lot of it:Boot your computer into the Safe Mode
Navigate to the c:\windows\internet logs folder
Delete the backup.rdb and iamdb.rdb files in the folder
Clean the Recycle Bin
Reboot into the normal mode
The Zone Alarm will be cleaned of all previous settings and data and it will appear as when it was first installed
THIS IS THE PART WHERE I START TO GET CONFUSED...
On the restart or reboot into the Normal Mode, the ZA will ask whcih for the new network found. I assume you are home so select the Trusted. Then make sure the DNS and the DHCP server's IP are listed as Trusted in the Zones of the Firewall of the ZA. Like this:
1. Go to Run type in command, hit OK, and type ipconfig /all then press enter. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side
2. In ZA on your machine on the Firewall>Zones tab click Add and then select IP Address. Make sure the Zone is set to Trusted
3. Click OK and then Apply for each one.
4. The loopback must be listed as Trusted. It has the address of 127.0.0.1
5 The Generic Host Process or the svchost.exe listed in the Program list must have both Trusted and Internet access and it must have server rights for the Trusted Zone, but not the Internet Zone.
...AS I DON'T REALLY KNOW EXACTLY WHAT I'M DOING
Then:By not clearing the database and by not setting up the correct DNS servers, it seems things right now are a mess!
Second, only allow the Generic Host Process (svchost.exe) and maybe the AV updater should have server rights for the Trusted Zone and do not have anything with any server rights for the Internet Zone. I'D RATHER HAVE ANYTHING THAT CAN ASK ME FOR PERMISSION TO ASK. AND I DON'T KNOW WHAT THIS MEANS EXACTLY WITH REGARDS TO WHAT GETS A GREEN CHECK, WHAT GETS A QUESTION MARK AND WHAT GETS A RED X -- AND IN WHAT COLUMN(S).
The explorer does not need a green check for either internet access or any server- it should be permanently allowed access to the Trusted Zone and an Ask for the Internet Access and no server rights either for the Trusted or Internet Server. No mail rights. DOES THIS MEAN WINDOWS EXPLORER? SO A GREEN CHECK IN ACCESS-TRUSTED COLUMN, A "?" IN THE ACCESS-INTERNET COLUMN AND RED X'S IN THE TWO SERVER COLUMNS? AND IF THAT'S CORRECT, WHY A GREEN CHECK AT ALL? CAN'T I JUST LET IT ASK FOR PERMISSION IF IT NEEDS IT? OR IS THING SOMETHING THAT GOES ON BEHIND THE SCENES THAT NEEDS TO BE ALLOWED?
The outloook could be the same as the explorer, but with mail rights. By using the correct dns server at least your outlook would go to the correct mail server that you should be using. THERE ARE NO MAIL RIGHTS THAT I KNOW OF IN ZA FREE.
But if you do not put the proper DSHCP or DNS servers in the Zones, then the firewalling is still out of whack. I THINK THAT'S WHAT THE INSTRUCTIONS FURTHER ABOVE WERE FOR, BUT I'M STILL A BIT IFFY ON THEM...
So do you think I should just start from scratch, or just try what you're saying first? Either way, are you up for giving me a dummy's step-by-step on what to do (not using just names of stuff, but things like "put a checkmark in the Access-Internet column", etc.?
What I wanna know is how did you put the big black blocks on that screen shot?
I did multiple screen captures and put them together in Photoshop, then blacked out the various things in Photoshop as well. A total pain in the butt, and very time consuming, but I figure it's worth it to provide good images for the kind people like yourself that are taking the time to help me!
Looking forward to hearing back -- thanks!
Edited by bloomcounty, 10 June 2007 - 11:49 AM.
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010