Programs Panel

Transcription

Programs Panel

ZoneAlarm Pro - Table of Contents
GET STARTED
TROUBLESHOOT
Tutorial: *Using ZoneAlarm Pro
Explore: Interactive Tour or
Panel Reference:
Alert Panel
Lock Panel
Security Panel
Programs Panel
Configure Panel
Internet Lock
STOP Button
Desk Band Toolbar
Understanding Alerts
Check for Updates
Press F1 Key for Help
Network Issues
Work with Third-party Software
Play Computer Games
Share Files and Printers
*FAQs
*Installation and Uninstallation
*E-mail Technical Support
FIND ADVANCED FEATURES
Firewall Settings
Program Settings
Lock Settings
MailSafe E-mail Virus Protection
Zones: Local, Internet, and Restricted Zones
ICS/NAT (Sharing an Internet Connection)
VPN Connection
USE THE INTERNET
Internet Components
Search Engines
Surfing the Web
E-mail
Chat
GET SPECIAL INFO
*Print Users Manual
*Privacy Policy
*Visit Our Website
* Articles with an asterisk require
you be connected to the Internet.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/Table_of_Contents.htm [4/12/2001 11:39:08 AM]
Zone Labs: ZoneAlarm Pro Tutorial - Step 1
http://www.zonelabs.com/products/zap/zap_tutorial/ZAP_tutorial_1.html [4/12/2001 11:39:14 AM]
ZoneAlarm Pro - The Lock Panel
The Lock Panel
Click on the "Lock" button to display the entire Lock panel, where you can set
options for the Internet Lock. The Lock button is located at the bottom of the Lock
Icon, shown below. A locked or unlocked padlock is displayed in the middle of the
icon. To immediately turn Internet access on or off for all the applications installed
on your machine that are not set to bypass the lock, click directly on the padlock.
Lock Button
Configuring the Lock
The Lock Button
When the Timer Bar below the Lock button is green, the
Internet Lock is not on. This means that ZoneAlarm Pro is
allowing Internet traffic in and out of your computer. If the
timer bar displays a countdown timer, this is the time
remaining before the Automatic Lock will engage.
When the timer bar is red, the lock is closed and no
in-and-out Internet traffic is allowed. When the lock is
closed, the countdown timer counts upwards, showing the
amount of time the lock has been active.
file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp30.htm (1 of 3) [4/12/2001 11:42:38 AM]
When expanded, the Internet lock settings panel allows you to configure the
Automatic Lock.
You can choose to lock Internet access automatically when your screen saver
activates or after a period of Internet inactivity on your computer.
If Internet access is locked when the screen saver activates, it will be unlocked
when the screen saver is deactivated.
Note, however, that if the Automatic Lock is engaged by the period of inactivity
option, you will need to click on the Lock button to unlock Internet Access.
The Lock Mode for the Automatic Lock can be set so that "Pass Lock programs
may access the Internet". This allows Internet activity for applications that have
been given rights to bypass the lock. Typically programs like e-mail clients will be
set to check for e-mail while other applications are denied Internet Access.
High Security mode will STOP all applications' Internet activity regardless of the
program's access settings. See Programs for more information.
BACK HOME NEXT
Copyright © 1999-2001 Zone Labs, Inc.
All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No.
5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs,
Inc.
ZoneAlarm Pro - The Security Panel
The Security Panel
The Security panel is the best protection tool you can use to screen and
quarantine unwanted Internet visitors and connection attempts. To begin setting
up protection levels for the Local and the Internet Zones, use your mouse to drag
the security level selectors up or down.
Customizing
MailSafe
Security Levels
Customizing
To further customize overall settings at the protocol level, click on the Advanced
button to open the Local Zone Custom Settings or the Internet Zone Custom
Settings panel.
Use those panels to restrict access to each zone by protocol or port type. Which
protocol or port types are you going to allow in or keep out of each zone? You can
define specific restrictions or exceptions here, such as denying access to your
Local Zone via UDP or TCP ports. You are in control against the Internet world!
You can also use the Advanced button to add computers to your Local and
Restricted Zones.
As a shortcut, click on this button to start customizing
your Local Zone.
As a shortcut, click on this button start customizing your
Internet Zone.
MailSafe
Turn on MailSafe by placing a checkmark in the box for "MailSafe e-mail
protection" at the bottom of the panel. After turning on MailSafe, click on the
Configure button to specify the types of e-mail attachments you want ZoneAlarm
Pro to protect you against. MailSafe protects your computer from a wide variety of
e-mail attachments such as VBScript and JavaScript. These e-mail attachments
can do damage by taking control of your system.
Security Levels
The Local and Internet Zone each have a security level selector, which you can
drag up and down to change the security level.
Local Zone security is displayed in green, and Internet Zone security in blue. The
default settings are:
● Medium for the Local Zone
●
High for the Internet Zone
As levels increase, the dynamic firewall places more access restrictions to your
computer to protect you from potential threats.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - The Programs Panel
The Programs Panel
The Programs panel is where programs and their connection options are added. To
get to this panel, click on "Programs" in the main panel.
Program List
Advanced Options
Options
Program List
The main portion of the Programs panel is the Program List. This is the list of
programs installed on your machine that have attempted to connect to the
Internet.
Use this panel to control the connection behavior of any program on the list or to
add programs to the Program List before they try to connect to the Internet.
Adding a program is a good way to prevent a program from connecting to the
Internet except under conditions you establish.
In the Programs panel, you can also specify and differentiate each program's
access rights for the Local Zone and/or the Internet Zone. The Allow server
column lets you control which applications can perform server functions.
ZoneAlarm Pro allows you to place additional programs in the Program List, then
right-click on any program to establish more stringent connectivity permission
rules that prevent connections based on specific ports that you identify using the
Ports tab. You can also STOP your applications from acting as maliciously-listening
servers who will want to get at your files.
Advanced Options
The Advanced button controls first-time access rights for new programs as they
try to access the Internet from your computer. This is very useful for anyone
running a server, for example, who will not be actually sitting in front of the
computer when the server is going to be receiving connections.
Go to the Allow connect column in the main body of the panel to change a
program's basic access rights. Click directly on the . . . to change the access level
from ? to check mark to X. Click on the . . . in the same way in the Allow server
column.
Options
Click on the Options button and then the Ports tab to limit the way a program
connects to specific ports. Use the Access Permissions tab as another way to grant
connection and server rights to a program.
In the Program column, the program's name and version number are displayed.
Run your mouse over the program name to see more statistics:
● Product name
●
●
●
●
The name of the file used to access the Internet
The location of the file
Product version
Creation date and file size
Right-click on a program to remove it or to severely restrict the program's
Internet access permissions. You can also add a new program by right-clicking.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - The DeskBand Toolbar
The DeskBand Toolbar
To activate the toolbar on Windows 98, Windows 2000 or other Windows versions
with the Internet Explorer 4 Shell Update, right-click on the Windows Taskbar
and select "Toolbars" and then "ZoneAlarm Pro Desk Band".
To define what version of Internet Explorer Shell you have on your system,
follow these steps
● Go to Start/ locate the search or Find feature, and then click Files Or
Folders.
●
●
In the search field, type shdocvw.dll, and then click Find Now.
In the list of files, right-click the shdocvw.dll file, and then click Properties.
Click the Version tab.
If the version begins with 4 that means you have Internet Explorer 4 Shell Update.
If the version begins with 5 then you have Internet Explorer 5 Shell.
When running on Windows 95 or Windows NT 4.0 without the Internet Explorer 4
Shell Update, go to the Configuration panel and click on the "Show shell toolbar"
checkbox to activate the DeskBand toolbar. Note that in this configuration, the
toolbar can only float above the desktop and in some instances can cover icons in
the system tray.
The name of the DeskBand can be removed by right clicking on the name and
deselecting the Show Title option. Then you can resize the DeskBand by moving
the left side to the right.
The red and green bars on the leftmost icon indicate whether or not Internet
activity is taking place.
When Internet access has been locked with High Security, the center STOP button
ZoneAlarm Pro - The DeskBand Toolbar
on the DeskBand Toolbar will change to a green GO button, as shown below.
When this happens, you should click on GO to restore Internet access.
Additionally, if the Automatic Lock has been turned on, the Lock icon will show a
red X inside the padlock. Click on the Lock icon to lock/unlock Internet access.
Pressing the ZA logo invokes the "zoom" function of the DeskBand which will
restore full-sized ZoneAlarm Pro. Double clicking on the ZoneAlarm Pro System
Tray Icon in the lower right corner of your computer screen also invokes the zoom
function.
To remove the deskband, follow the instructions at the top to access the Windows
toolbars menu, and deselect ZoneAlarm Pro Deskband.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Check for Update pushbutton
Check for Update
Press the Check for Update button to see if a newer version is available for
download from the Zone Labs web site.
If a response to the affirmative is not provided, that indicates that no update is
available. ZoneAlarm Pro can perform this check automatically by checking the
automatic check for update checkbox.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop...arm_Pro_Help_new_TOC/ZoneAlarmProHelp70_Updates.htm [4/12/2001 11:45:14 AM]
ZoneAlarm Pro - Firewall Settings
Firewall Settings
The Security panel has two work areas: the main Security panel and the Advanced
security properties dialog.
On the main panel, click on the Advanced button to open the dialog. This is
where, among other things, you tell ZoneAlarm Pro which computers and IP
addresses to place in your protected Local Zone.
Main panel
Advanced dialog
Main Security panel
Local Zone: the yellow box
Internet Zone: the blue box
Dragging the Sliders
MailSafe
What is your Local Zone?
Customize your Local Zone
Customize the Internet Zone
Create a totally Restricted Zone
Look at your MailSafe setup
Configure ICS and NAT
The Security panel
The main thing to understand in this panel is the difference between Medium and
High Security as they affect your zones: in the center of the panel, the yellow box
controls the Local Zone and the blue box controls the Internet Zone.
file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (1 of 23) [4/12/2001 11:45:44 AM]
Local Zone: the yellow box
Notice that the slider in the yellow box is positioned half way down the side of the
box. This shows you that we've set your Local Zone security to Medium. You can
change that by dragging the slider up or down.
Medium security means that only the Internet connection permissions you've
granted to specific applications in the Programs panel will be allowed. The firewall
will block all other Internet traffic and keep your machine safe.
For users connected to a LAN, access to Windows services are allowed, as is file
sharing between computers belonging to the Local Zone. You can quickly stop file
sharing and printer sharing for a specific PC by dragging this slider upwards to
High security.
Internet Zone: the blue box
Notice that we set your Internet Zone to High. Our installation program provides
that as the default security setting. You can lower it at any time to Medium, or
even Low, by dragging the slider downwards. But a lower security setting makes
your machine much more vulnerable.
By keeping Internet Zone security set to High, you can be sure that no file or
printer sharing can happen between your PC and computers that are in the
Internet Zone. What that means, in essence, is that the only machines and web
sites that can share files with your PC are those that you have actually put in the
Local Zone.
High security means that Internet connections in and out of your computer will be
prohibited except for the types you've specifically programmed using the
Advanced button and the Programs panel. This is most probably the security level
you will want to have turned on most of the time whenever your computer is on.
Dragging the Sliders
At the top of the Security panel, you'll see this brief message telling you how to
set security for your Local and Internet Zones:
Drag the slider in the Yellow box up or down to set Local Zone security. Drag the
slider in the Blue box to set Internet Zone security.
Notice that the
descriptions
change as you
drag the sliders up
and down. The
Customize
buttons are
shortcuts to the
Advanced security
properties dialog.
MailSafe
If you want ZoneAlarm Pro to protect you against e-mail attachments that might
cause harm to your machine, make sure this checkbox at the bottom of the panel
is selected:
The Configure button opens the MailSafe dialog where you make sure the types of
attachments you want are selected for quarantining. In the dialog, file types with
a checkmark will be quarantined.
What is your Local Zone?
Click on the Advanced button to call the Advanced security properties dialog. This
is where you put computers and networks with trusted subnets and computers
with whom you are sure it is safe to carry on Internet communications and whose
files you trust enough to do file sharing with them.
For LAN users, if you're including a subnet that ZoneAlarm Pro placed in the dialog
at installation time, just click the checkbox next to it. When including other
computers and web sites outside your LAN, first add the computer then place the
checkmark.
The dialog has two sections: Networks and Other Computers.
After you have placed a checkmark in front of any subnet or computer in this
dialog, it becomes a member of your Local Zone. A security setting of Medium or
High will allow secure communications and file and printer sharing between
all components you've added here.
For Single Home Users:
If you are a single user at home, you are not required to use this dialog because
your PC is probably the only machine you are trying to protect. As a single user,
you don't really need to add any more computers in order to work safely.
The Networks section of the dialog will always have an entry in it displaying the
subnet your modem or DSL connection installed on your machine. You don't need
to place a checkmark if you are working by yourself. The Other Computers section
is where you add any trusted web site or the IP address of a computer that you
trust and want to do file sharing with.
For LAN Users:
If you are a user working as part of a Local Area Network (LAN), make sure the
entry in the Networks section has a next to it if it represents the subnet of your
LAN adapter. The red checkmark tells ZoneAlarm Pro that you trust your LAN
connection and that you really want to share connectivity with the users on that
LAN.
If your company or work group has more than one subnet, you need to go to the
Other Computers section to add the subnets that are not identified by the LAN
adapter on your machine. ZoneAlarm Pro picked the adapter subnet up from your
LAN adapter at installation time and placed it in the Networks section.
You have to manually add additional subnets you have in your organization by
clicking on the Add button then entering the IP address and subnet mask in the
Other Computers Section of this dialog:
With ZoneAlarm Pro running, all the IP addresses of
subnets that are not identified in your LAN adapter
have to be included here to be accessed from your
PC whenever Local Zone security is set to Medium or
High.
Steps to Add a Computer:
1. Click on the Add Button
2. You have four choices:
3. Enter a short Description, the IP address, and then click OK:
4. When you see the computer listed under Other Computers, then it is part of the
Local Zone:
Customize your Local Zone
If your Local Zone is set to High
If your Local Zone is set to Medium
Allow other Incoming ICMP
Block Incoming ping (ICMP Echo)
Reset Local Zone to default security settings
The settings in the Local Zone Custom Settings dialog only govern Internet
communications between the computers you include in your Local Zone - in other
words, how you communicate with the other computers you trust.
The Local Zone Custom Settings dialog
lets you refine the overall security you
set using the slider.
The Local Zone Custom Settings dialog is where you tell ZoneAlarm Pro to allow
specific Internet connection protocols to pass through your firewall or to block
specific protocols from passing through it. To do this, place a checkmark next to
one of the Allow or Block options to set up exception to your firewall. This means
that as you work at your computer, the specific types of programs you check will
be allowed in or blocked out. The protocols you check would otherwise be blocked
by your overall security setting, such as multicasts or error checking pings (ICMP).
If your Local Zone security is set to High
High security is extremely secure and blocks services provided by the Windows
operating system. It is so secure that it blocks most everything. It is not
recommended unless you absolutely must be directly connected to an untrusted
network.
If you have Local Zone security set to High, use the top portion of the dialog to set
protocols you want to allow through the very high protection level you've set up.
Notice that each entry begins with the word Allow:
If your Internet Zone security is set to Medium
If you have Local Zone security set to Medium, scroll down to the Medium Security
Settings area of the dialog, shown below:
Medium security is what we suggest for smooth and secure operations. It allows
the services provided by the Windows operating system to work freely, use this
dialog to block the types of protocols you don't want going in or out through your
Medium security firewall. A Medium security firewall is less stringent than High
security. Notice that each entry begins with the word Block.
Allow other incoming ICMP:
If you need to receive ICMP packets other than pings (such as router
advertisement messages) with the Local Zone security set to High, you can place
a checkmark next to Allow other incoming ICMP.
Let's say you've included the router that's forwarding the advertisement messages
in your Local Zone and your Local Zone security is set to High.
Checking the Allow other incoming ICMP checkbox will allow the ICMP
advertisement messages to pass through your High security Local Zone firewall.
However, the sheer quantity of ICMP messages that can be sent to a machine can
be overwhelming, so this checkbox is often left unchecked.
Block Incoming ping (ICMP Echo):
If you keep Local Zone security to Medium, you may want to block incoming
pings so that no one in your Local Zone can receive a response from a ping
command. This is one way to protect your machine if you have doubts about the
trustworthiness of certain parties belonging to your LAN or Local Zone.
To do this, click on the Block Incoming ping (ICMP Echo) checkbox.
Reset Local Zone to default security settings:
If you've been working with the security settings and would like to start from
scratch, you can very easily go back to the Local Zone security settings that were
set at the time you installed the product.
After you've made any changes in the defaults by selecting or deselecting a
protocol, the Reset to Default button becomes active:
Click on the button to return to the way security was set up by Zone Labs. When
default values have not been changed or after you've used the button to reset, the
button is disabled and looks like this:
Customize the Internet Zone
If Internet Zone security is set to High
If Internet Zone security is set to Medium
Allow other Incoming ICMP
Block Incoming ping (ICMP Echo)
Reset Internet Zone to default security settings
The settings in the Internet Zone Custom Settings dialog govern Internet
communications between any computer connected to the Internet around the
world and your PC whenever you are online. Use the dialog to customize the
overall security settings you established using the slider:
The Internet Zone Custom Settings
dialog lets you refine the overall
security you set using the slider.
High security for computers outside your Local Zone is the safest security level for
the Internet Zone. We recommend it, but it keeps most everything out.
Use the Internet Zone Custom Settings dialog to select specific types of protocols
so that you can communicate online with certain types of programs located
outside your Local Zone.
In this dialog, outgoing DCHP, incoming ICMP and incoming IGMP are allowed
because the checkbox next to those entries has a
.
If Internet Zone security is set to High
High security is a secure strategy for your PC while it is connected to the Internet.
It hides the ports on your machine that are not in use. It also prevents your
Windows operating system services from having Internet access.
If you keep Internet Zone security set to the recommend High level, use the top
portion of the dialog to set protocols you want to allow through this high
protection level. Notice that each entry begins with the word Allow:
If Internet Zone security is set to Medium
If you decide to lower Internet Zone security to Medium, scroll down to the
Medium Security Settings area of the dialog to set any exceptions to your firewall:
Medium security will prevent services provided by the Windows operating system
from accessing the Internet. When Medium Internet Zone security is set, use this
dialog to block the types of protocols you don't want going in or out through your
Medium security firewall. Notice that each entry begins with the word Block.
Allow incoming ping (ICMP Echo)
If you keep Internet security set to High, you may want to allow incoming pings if
your ISP would disconnect you if it thinks that you are not connected to the
Internet. An unresolved ping command could cause them to think you are not
online.
High security does not by default allow incoming pings. Therefore, your ISP would
not know you are connected if its business methods require it to ping your PC to
determine if you are currently online.
A ping sends a short data burst (a single packet) from one computer to another,
and listens for a single packet in reply - like an echo. An incoming ping coming
from the Internet onto your PC, allows someone who knows your IP address to
see if you are online.
To do this:
Under High Security Settings, scroll down to Allow Incoming ping (ICMP Echo) and
click on the checkbox.
Then, click on the OK button. Incoming pings will now be allowed and an ISP who
pings you to see if you are online will find you even if your Local Zone is set to
High security.
Block other incoming ICMP
If you have decided that you can do without the ICMP router advertisement
messages, but have lowered your Internet Zone security to Medium during a
limited amount of time, you can prevent these ICMP messages from penetrating
your Medium security firewall.
To do this, go to the Medium security section of the dialog and place a
Block other incoming ICMP:
next to
Reset Internet Zone to default security settings
If you've been working with the security settings and would like to start from
scratch, you can very easily go back to the Internet Zone security settings that
were set at the time you installed the product.
To do this:
After you've made any changes in the defaults by selecting or deselecting a
protocol, the Reset to Default button becomes active:
Just click on the button to return to the way security was set up by Zone Labs.
When default values have not been changed or after you've used the button to
reset, the button is disabled and looks like this:
Create a totally Restricted Zone
Protect your machine by isolating sites and computers you think could be
dangerous online!
The Restricted Zone is an optional zone in ZoneAlarm Pro. It's basically an
isolation tank where you can place web sites and IP addresses that you don't
want your machine to have any Internet communications with.
Machines and web sites you place in the Restricted Zone will be unreachable
over the Internet to and from your PC!
To do this:
First open the dialog by clicking on Advanced, then Restricted Zone
This message at the top of the dialog gives you directions:
Next, click on the
button.
This dialog will be displayed:
Click on Host/Site... then enter a description and web site address as shown
below:
Enter a description for
display purposes, then the
web site address.
This should be a web site,
unlike google.com,
which you have doubts
about.
_
A follow-up dialog displays the IP addresses of the web site. ZoneAlarm Pro finds
the IP addresses for you. Click on Finish to confirm the placement of the web site's
IP addresses into your Restricted Zone.
The site you entered now shows up in the Restricted Computers area of the dialog.
Notice that your
description is displayed
after the
.
Click on the
button then click OK. This places the web site in the
Restricted Zone, meaning that no inbound or outbound Internet communications
can be done with that site from your PC.
Look at your MailSafe setup
Double-click on the e-mail attachment
Try to launch the quarantined attachment
Save the file and view the file type
MailSafe protects you from e-mail attachments by placing any e-mail attachment
in the dialog shown below in a quarantined setting. This makes it
selected
impossible for the e-mail attachment to launch on your machine. Without
launching, it will remain harmless to your PC and to the files on the PC.
To look at your MailSafe setup:
First open the dialog by clicking on Advanced, then MailSafe.
Notice that all the file types are preselected. The ZoneAlarm Pro installation
program selected them all for you so that you have maximum protection.
Double-click on the e-mail attachment:
To find the e-mail attachment that ZoneAlarm Pro has quarantined, you have to
open the e-mail containing an attached file. To be quarantined by ZoneAlarm Pro,
the file type of the attachment must be one of the type selected in the dialog,
such as a help file:
Open an e-mail containing an attachment.
In your e-mail, you'll see that ZoneAlarm Pro has renamed the attachment so
that the file type is .zla. Zla is a ZoneAlarm Pro file type which tells you that the
file has been quarantined.
Double-click on the attachment. This warning is always displayed:
Whether you select Open it or Save it to disk, the STOP WARNING will intervene to
give you a good warning:
Try to launch a quarantined e-mail attachment
Only after ZoneAlarm Pro issues a
warning will you be able to launch an
e-mail attachment that has been quarantined by ZoneAlarm Pro. Here's how it
works:
To launch an e-mail attachment:
Double-click on the attachment in your e-mail program to begin launching the
attachment.
If you feel sure that you trust the attachment, you can launch the file by clicking
on Run.
ZoneAlarm will display this warning to give you a last chance:
Click on Yes to run the file, or No if you change your mind.
Save the file and see the file type
In the
warning dialog, clicking on Save As... not only allows you to save
the file without having to launch it and risk harming your machine. This choice
also lets you see what the file type of the attachment is. Remember that
ZoneAlarm Pro changed the original file type to .zla so that it could not be directly
launched.
Click on Save As to save the e-mail attachment to your hard drive or network.
ZoneAlarm Pro displays this STOP SIGN warning:
Select Save as... to save the file to your hard drive or network. The Save As dialog
shows that the attachment file in this exercise is an .HLP file.
Now that you know what type of file the attachment is, you can either save it to
disk or simply refuse to deal with it, by selecting Do Not Run.
Configure ICS and NAT
How does ZoneAlarm Pro protect an ICS network?
What are ICS and NAT?
Must ICS be installed before using ZoneAlarm Pro ICS support?
Configure ZoneAlarm Pro's ICS / NAT support
How does ZoneAlarm Pro protect an ICS network?
ZoneAlarm Pro protects every machine that it is installed on. Once you have
configured ICS support, the host machine will be uniquely identified by its IP
address. You can configure that machine to receive all Internet connection alerts,
thus shielding all client machines from a barrage of messages.
Or, as you configure client machines, you can pick and chose which ones will
receive alerts. Thus, as the administrator of the network, you can configure it to
handle Internet security the way you want.
All the PCs in an ICS or NAT network should have ZoneAlarm Pro installed on them
to use our support.
What are ICS and NAT?
All the PCs in an ICS or NAT network should have ZoneAlarm Pro installed on them
to use our support. ZoneAlarm Pro protects all the machines on the network and
identifies the host machine by its IP address. You can configure Internet
connection alerts to be managed by the host only, or by the host and client
machines.
ICS
Internet Connection Sharing
NAT
Network Address Translation
Provides users who have networked
computers with the ability to share a single
connection to the Internet.
Enables a local-area network (LAN) to use
one set of IP addresses for internal traffic
and a second set of addresses for external
traffic
Must ICS/NAT be installed to first?
To use ZoneAlarm Pro's ICS or NAT support, you must first have ICS or NAT either
set up on your network or built into it. Windows 98 and 2000 are delivered with
built-in ICS support.
On your network of computers you need to do two things before you configure
ZoneAlarm Pro's ICS/NAT protection layer:
■ designate a host machine and client machines who will connect to the
Internet through the host machine. To do this, use your ICS or NAT software
or your built-in Windows functionality
■
install ZoneAlarm Pro on every machine that belongs to your ICS or NAT
network
BACK HOME NEXT
Inc.
ZoneAlarm Pro - The LOCK Icon & the STOP Button
The LOCK Icon & the STOP Button
If your system shows that an Internet security threat is making its way through
your firewall, the tool bar has two buttons to instantly stop the traffic, the Lock
icon and the Stop button.
The Lock icon
How can you tell if the Lock is ON or OFF?
How to open and close the Lock
The Stop button
The Lock Icon
Click directly on the padlock of the Lock icon to instantly stop all Internet
communications with applications installed on your machine except those that are
set to bypass the lock. When the lock is on, no data can enter or leave your
computer via the Internet.
How can you tell if the Lock is ON or OFF?
You know the Internet
Lock is open when the
Timer Bar below the
padlock is green. While
the lock is open,
ZoneAlarm Pro allows
Internet traffic in and out
of your computer.
When a red Timer Bar is
displayed containing a time
stamp, the Internet Lock is
closed and has been in
effect for the length of time
indicated. No Internet traffic
is allowed.
file:///C|/Documents and Settings/rwilliams/Deskt...ro_Help_new_TOC/Getting_Started_Tutorial_Lock.htm (1 of 3) [4/12/2001 11:46:09 AM]
How to open and close the lock
You can open and close the lock on the Desk Band Toolbar, or on the main
ZoneAlarm Pro toolbar.
To close the lock, simply click on the open lock icon.
To open the lock, click on the closed lock icon.
Or click on the Lock Icon at the top of the ZoneAlarm Pro panel
To close the lock, simply click on the Unlocked icon.
To open the lock, click on the closed lock icon.
The Stop button
Press the STOP button to immediately stop ALL Internet traffic., Including traffic to
programs set to bypass the lock.
The STOP button will stop all Internet access, overriding the Pass Lock settings in
the Programs panel. Use this button if you ever have to stop a Trojan horse. To
reactivate Internet access press the stop button again.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Configuring ICS: A Quick Tutorial
Configuring ICS: A Quick Tutorial
Use ZoneAlarm Pro's one-click ICS & NAT support to protect the gateway and
client machines on your network. The best protection is to have ZoneAlarm Pro
installed on all machines, the gateway machine and all clients.
ZoneAlarm Pro's ICS & NAT support provides protection for your network
machines in a way that takes advantage of Internet Connection Sharing
architecture by using the gateway machine as the Internet point of contact.
Once you set up ZoneAlarm Pro ICS or NAT support, inbound Internet alerts from
Internet Zone machines will be routed through the host machine provided you
have an ICS or NAT implementation set up on your network machines.
Setting up ICS or NAT Support
Requirements Before Setup
On the Gateway Machine
On the Client Machine
Setting up ICS or NAT Support
To set up our ICS or NAT support, simply define each machine as either host or
client and supply the corresponding IP or subnet addresses using the General Tab,
available by clicking on the Advanced button on the Security panel.
file:///C|/Documents and Settings/rwilliams/Des...o_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab5a.htm (1 of 4) [4/12/2001 11:46:53 AM]
Requirements Before Setup
To set up our NAT and ICS support, these two conditions must first be met:
● ICS or NAT implementation software must first be used to set up the host
and client machine relationships on your network
●
ZoneAlarm Pro must be installed on each machine in the network: on the
host machine and on each client machine
On the Gateway Machine
ZoneAlarm Pro needs to know which PC is the gateway machine and which
machines are identified as clients in your ICS nor NAT implementation.
First, open ZoneAlarm Pro on the gateway machine and designate that machine as
the ICS or NAT gateway.
1. Open ZoneAlarm Pro on the gateway machine. Go to the Security panel,
click on the Advanced button then click on the General Tab to open the
General Tab panel.
2. At the top of the panel, in the Internet Connection Sharing area, select the
radio button shown below, then select or enter the IP address of the
gateway machine:
3. Finally, check the second checkbox below if you are forwarding alerts to
client machine and you don't want to view them on the gateway machine.
Not checking this checkbox will implement displaying alert messages on
both machines if they are forwarded to client machines.
4. Set security to HIGH on the gateway machine. The Internet Zone security
setting for your ICS or NAT host machine should be set to High. This setting
will not prevent ICS or NAT clients from initiating outbound communications
to the Internet that the host machine did not initiate.
On the Client Machine
First, open ZoneAlarm Pro on each client machine and designate each of those
machines as ICS or NAT clients.
1. Open ZoneAlarm Pro on each client machine. Go to the Security panel, click
on the Advanced button then click on the General Tab to open the General
Tab panel.
2. At the top of the panel, in the Internet Connection Sharing area, select the
radio button shown below, then select or enter the IP address of the
gateway machine:
3. Finally, select the checkbox below the Gateway Address field if you want the
client machine you are working on to receive alert messages for Internet
alerts on that machine rather than restricting the logging of those alerts to
the gateway machine.
Note: If you use a hardware gateway:
If the network address translation on your ICS or NAT network is done by a
hardware component, such as a server or router, rather than by a host PC, do not
use the General Tab to identify the subnet address. With a hardware gateway
implementation of ICS or NAT, protect your client machines by using the Security
panel and the Programs panel on the copy of ZoneAlarm Pro installed on each
client machine.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - How to manage 3rd party software
How to manage 3rd party software
The topics below can help you quickly understand basic issues about other
software programs on your machine and how they relate to ZoneAlarm.
PCAnywhere
Netmeeting
E-mail Clients
News Reader
Streaming Stock Ticker
Voice Over IP
CallWave
Browsers
FrontPage
FTP
Napster
RealPlayer
ICQ and IRC
Chat
PCAnywhere
For PCAnywhere and ZoneAlarm to work together, make sure you have added the
IP Address of the pcAnywhere client or host to your Local Zone. To add a trusted
Host/Site, IP Address, IP Range, or Subnet to your Local Zone:
■
Go to the Security panel
■
Click on the Advanced button to view the Advanced Security Properties
panel
■
Next, click on the Add button and select "IP/Address"
Under "Description", enter a name or description for the "IP/Address"
Enter the name of the "IP Address" For example, 127.0.0.1.
Click the OK button
■
■
■
With Local Zone security set to medium or low access, the "IP Address" will be
available.
Netmeeting
If you experience problems with Netmeeting when ZoneAlarm is running, you can
temporarily turn off Remote Desktop Sharing via the Netmeeting system tray icon.
E-mail Clients
If your e-mail client cannot make the proper connections for sending and receiving
your e-mail, make sure that the mail server has been added to your trusted Local
Zone. To do this:
■
Go to the Security panel.
file:///C|/Documents and Settings/rwilliams/Des..._Help_new_TOC/ZoneAlarmProHelp_FAQ_Software.htm (1 of 6) [4/12/2001 11:48:12 AM]
■
■
■
■
■
■
Click on the Advanced button.
Click on the Add button, then select Host/Site.
In the Description field, enter the product name or a meaningful name.
In the Host/Site field, enter the mail server name.
Click on the Next. ZoneAlarm will look for the mail server name you
provided in the DNS or WINS lookup.
Click OK in both dialogs to confirm your entry.
News Readers
News Reader, like many other applications should have its server added to the
Local Zone. If you are having problems connecting, make sure the news server
has been included in your Local Zone. To do this:
●
●
In the Description field, enter the news server name.
In the Host/Site field, enter the news server name.
●
●
●
●
●
Streaming Stock Tickers
When streaming or push technology is running with with ZoneAlarm, the
application must be assigned server rights.
If you are using BackWeb at medium security settings, check your Communication
method. BackWeb software options are: "Polite Agent"or "HTTP." The correct
BackWeb settings for compatibility with ZoneAlarm are HTTP and Detect Internet
connection.
If you are using Polite Agent, there are two issues:
1. What do you have as your "Network priority"? The available options are:
"Give higher priority to to other networking programs" or "Use the network
normally."
2. What do you have as "Client port"? Options are "Let BackWeb select port
automatically" or a client port number that can be modified by the user. You
can try changing the Internet zone Security level to medium, but only during
the time when you are using Polite Agent.
BackWeb and BackWeb Infocenter should be configured with server privileges. In
BackWeb, options should be set to "Detect connection" to the Internet.
Voice Over IP
Most Voice Over IP programs are compatible with ZoneAlarm. Certain Voice Over
IP programs work simply assigning server privileges to the Voice Over IP
application, thus allowing you to receive phone calls.
Others require that you add the IP Addresses of the servers the Voice over IP
programs use to the trusted Local Zone. Please contact the Voice over IP
programs technical support for their server IP Addresses.
CallWave
For CallWave to work with ZoneAlarm, check that in the Programs panel, the
Internet Answering Machine has the following privileges:
■
allow connect
■
allow server
allow pass lock
■
You can also add the IP addresses of the servers CallWave uses to the trusted
Local Zone. The CallWave web site or technical support can assist you with this.
You can also try the following to find the IP Addresses for the Call Wave servers:
1.
2.
3.
4.
Close the Internet Answering Machine if it is open.
Lock Internet access by pressing the ZoneAlarm "STOP" button
Reopen the Internet Answering Machine.
ZoneAlarm should prompt you with a message that "Internet Answering
Machine tried to connect to the Internet (session#. callwave.com); but it
was denied access by the Internet Lock". The message will display a number
instead of the # symbol. In tests run at Zone Labs, the number 2.
5. Add the address that was displayed in the message -
"session#.callwave.com" - and add it to your Local Zone.
To do add it to your Local Zone:
■
■
■
■
■
■
panel.
Next, click on the Add button and select "IP/Address".
Under "Description", enter a name or description for the "IP/Address".
Enter the name of the "IP Address". For example, 127.0.0.1.
Click the OK button.
Browsers
If you are using Windows 2000, you may need to allow Internet access rights to
Services and Controller App. Versions of Netscape above 4.73 have no problem
being able to browse with ZoneAlarm active.
If you are already using Navigator above 4.73 and still experiencing difficulty
accessing the web with ZoneAlarm active, check the browser Preferences to make
sure you are not configured for proxy access.
FrontPage
If you are having difficulties with FrontPage, make sure that FrontPage is on your
Programs List.
FrontPage will require local server rights and the configuration of the FTP program
you are using needs to have Passive or PASV mode enabled. This tells the client to
use the same port for communication both directions. You need to check that
option in your FTP program. Or, another way to accomplish the same thing is to
add the IP address you are publishing to to your trusted Local Zone.
To do add it to your Local Zone:
■
■
panel.
■
Next, click on the Add button and select "IP/Address".
Under "Description", enter a name or description for the "IP/Address".
Enter the name of the "IP Address". For example, "127.0.0.1" (no quotes).
Click the OK button.
■
■
■
FTP
If you are having difficulties with your FTP program, make sure that the FTP
program is on your Programs List.
FTP programs will require local server rights and the configuration needs to have
Passive or PASV mode enabled. This tells the client to use the same port for
communication both directions. You need to check that option in your FTP
program.
To add a trusted Host/Site to your Local Zone:
■
■
■
■
■
■
■
In the Description field, enter the product name or a meaningful name.
In the Host/Site field, enter the mail server name.
Napster
Napster requires that you let the application accept incoming connections in order
to share files. To assign server rights to Napster, go to the Programs Panel in
ZoneAlarm. Make sure Napster has a checkmark in the area that says "Allow
Server."
Napster has a messaging utility which makes it vulnerable to a buffer overflow.
Napster's default data port is 6699 (TCP) but the program makes use of a number
of ports. The first port it tries to connect to is TCP port 8875, followed by 4444,
5555, 6666, 7777, or 8888. Users can also configure Napster to proxy servers
which will connect them to the Napster servers as well.
RealPlayer
RealPlayer must have server rights to work with ZoneAlarm. Go to the Programs
panel to set allow server permissions.
Always launch Real Player after ZoneAlarm is launched. Real Player may try to see
out to the Internet at times when the application is not even open. This is because
there are options within Real Player for receiving all sorts of updates. To rectify
this, you should check your Real Player preferences and uncheck options that try
to "phone home."
You might also be interested in the following web site:
http://grc.com/downloaders.htm
mIRC and ICQ
mIRC and ICQ require server rights. You can assign these rights in the Programs
panel. If you have configured ZoneAlarm to allow ICQ or mIRC access to the
Internet, these applications will function normally.
Take a look at these web sites for information:
■
http://diamond-back.com/icqhazards.html
■
and http://www.irchelp.org
For mIRC usage, we suggest disabling the IDENT feature located in the IDENT tab
within mIRC.
Chat
All chat software requires server rights. You assign these rights in the Programs
panel. If you have configured ZoneAlarm to allow chat allow server privileges, you
will be able to chat normally with your ZoneAlarm firewall in place.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - File and Printer sharing
File and Printer sharing
What is file and printer sharing (FPS)?
Why implement file sharing?
NetBIOS: example of the risk involved in file sharing
Add computers to the Local Zone for file sharing
What is file and printer sharing (FPS)?
The largest security risk to Windows users in a network setting is caused by the
improper enabling of file and printer sharing (FPS). File sharing is implemented
when files in specific directories are shared between users across a network. This
includes users on the Internet when the computers have a live Internet
connection.
File and Printer Sharing (FPS) is a service that comes with Windows operating
systems. It allows users to share files and printers over a network. To implement
file sharing, certain drives, folders, files or a combination of these are selected to
be shared.
With printer sharing, you have the choice of either sharing the printer(s)
connected to your computer or not sharing them.
Why implement file sharing?
File sharing allows easy collaboration because everyone in a group or network can
share specific files on their computers with everyone else in their trusted group.
File sharing must be activated by your network administrator or in your operating
system. What ZoneAlarm Pro does is to provide the Internet security firewall that
will protect the shared files from Internet intrusions from untrusted computers.
To take advantage of ZoneAlarm Pro's protection, each computer that is sharing
files must be included in the Local Zone.
NetBIOS: an example of the risk involved in File
sharing
file:///C|/Documents and Settings/rwilliams/Desk...Alarm_Pro_Help_new_TOC/How_to_do_Filesshares.htm (1 of 2) [4/12/2001 11:48:41 AM]
ZoneAlarm Pro - File and Printer sharing
When all files on your computer are shared, one of the major risks involved is that
an Internet intruder will find out confidential system information from your
computer. A good example is NetBIOS Names And Share Names.
The NetBIOS name table of your computer is available to anyone who wishes to
query your system directly over the Internet using its IP address.
A utility exists on all Windows machines called NBTSTAT.EXE which performs these
queries. If your name table discloses something you would rather keep secret,
change its entries to something less informative. If you want anonymity, don't list
your personal name or other identifying information in your NetBIOS name table.
If sharing is enabled via the Internet, the shared resources' names and
descriptions are automatically available for anyone to see, regardless of
passwords. To see what others see in your NetBIOS nametable, open a DOS
window while online and type:
nbtstat -n
Add computers to the Local Zone for File sharing
Once ZoneAlarm Pro is installed on the computers in your network, each computer
in the network has a Local Zone.
To set up ZoneAlarm Pro's file sharing protection, the Local Zone on each
computer must include all the other computers with whom secure file sharing
should take place. If you are a single user, you only need to include machines that
you trust in your Local Zone. Once this is done, you can share files knowing that
you are protected by the ZoneAlarm Pro firewall.
At the same time, Internet Zone security should be set to High for maximum
protection.
Click on this link for directions:
Adding computers to your Local Zone.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desk...Alarm_Pro_Help_new_TOC/How_to_do_Filesshares.htm (2 of 2) [4/12/2001 11:48:41 AM]
Zone Labs: Support
Select One...
> Support
Welcome to the Zone Labs Web-Based Technical Support for ZoneAlarm and ZoneAlarm
Pro.
Customer Service
Zone Labs is committed to satisfying the needs of our customers. The technical support group
at Zone Labs provides expertise in technical support to help ensure that our customers'
technical questions and issues are quickly addressed.
● To Solve a Technical Issue
Information
Zone Labs Technical Support
Users of ZoneAlarm and ZoneAlarm Pro who need to solve a technical issue, or have
questions about setting up and properly using ZoneAlarm and ZoneAlarm Pro.
Technical Support
FAQ's
ZoneAlarm
●
To Address a Customer Service Issue
Web-Based Customer Service
Please select this option for all other service related issues such as purchasing and
successfully downloading our products, billing, refunds, and general questions about
ZoneAlarm and ZoneAlarm Pro.
ZoneAlarm Pro
Common Questions
Technical Support
Web-based Support
Form
●
To Obtain Corporate Customer Support
Corporate customers may directly contact their designated support representative.
Additional
Information
Enterprise Sales
Privacy & Legal
About Zone Labs
http://www.zonelabs.com/services/support.htm (1 of 2) [4/12/2001 11:48:58 AM]
Zone Labs: Support
Copyright ©1999-2001 Zone Labs, Inc., 1060 Howard Street, San Francisco, CA 94103, USA.
All rights reserved. All other trademarks are the property of their respective owners.
http://www.zonelabs.com/services/support.htm (2 of 2) [4/12/2001 11:48:58 AM]
Zone Labs: Support
Select One...
Support > Support Info: ZoneAlarm Pro > Installation and Uninstallation
Installation and Uninstallation
If you want to double-check the work of the uninstaller, or if you suspect you may have a broken
installation/uninstallation, this document contains the complete list of files and registry entries to check.
Customer Service
Information
Technical Support
FAQ's
ZoneAlarm
ZoneAlarm Pro
How It Works
Installation and
Uninstallation
Configuration
Operation
The uninstaller should remove all of the ZoneAlarm Pro program files. If ZoneAlarm Pro is your only
client of the TrueVector Internet monitoring service (this is usually the case), the uninstaller should
remove the TrueVector service files also.
The uninstaller does not remove the program information files.
Please select your operating system for the most specific information:
Windows 95
Windows 98
Windows 2000
Windows NT
Windows Me
ZoneAlarm Pro Uninstallation Details for Windows 95
1. Uninstalling ZoneAlarm Pro
2. Files installed with ZoneAlarm Pro
3. Windows files updated by ZoneAlarm Pro
4. Shortcuts created by ZoneAlarm Pro
5. Registry Entries
6. What is the most troublefree way to uninstall or upgrade ZoneAlarm Pro?
7. Missing the "INSTALL.LOG" file?
Registration
LAN Topics
ICS Topics
If you want to uninstall ZoneAlarm Pro, first run the Uninstaller program: click on the Start
menu|Programs|ZoneAlarm|Uninstall ZoneAlarm Pro menu item.
ISP Topics
You can uninstall the program manually by removing the following files and registry entries.
OS Topics
2. Files installed with ZoneAlarm Pro:
C:\Program Files\Zone Labs\ZoneAlarm\
● UNWISE.EXE
● Readme.txt
● License.txt
● zapro.exe
● zonealarm.exe
● zoneband.dll
● INSTALL.LOG is also installed
Full List of FAQ's
ZA Pro Release
History & Updates
Common Questions
Technical Support
Web-based Support
Form
Additional
Information
Enterprise Sales
C:\Program Files\Zone Labs\ZoneAlarm\Help\
● ZoneAlarmProHelp*.htm
● ZoneAlarmProInfo.htm
● Images\*.*
http://www.zonelabs.com/services/support_zap_install.htm (1 of 16) [4/12/2001 11:49:16 AM]
Zone Labs: Support
Privacy & Legal
About Zone Labs
C:\Windows\System\
● vsdata.dll
● vsdata95.vxd
● vsmonapi.dll
● vsnetutils.dll
● vspubapi.dll
● vsutil.dll
C:\Windows\System\Zone Labs
● html.tdr
● minilog.exe
● vsmon.exe
● vsruledb.dll
● vsdb.dll
C:\Windows\Internet logs:
● ZALog.txt
● Iamdb.rdb
● <mycomputer>.ldb (where <mycomputer> is your computer name)
3. Windows files updated by ZoneAlarm Pro (Should NOT be removed during uninstall!)
C:\WINNT\System\
● msvcrt.dll
● psapi.dll
C:\Windows\Profiles\(user name i.e. kivuh)\Start Menu\Programs
● \Zone Labs\ZoneAlarm Pro.lnk
● \Zone Labs\Uninstall ZoneAlarm Pro.lnk
● \Zone Labs\Readme.lnk
C:\Windows\All Users\Start menu\Programs
● \Startup\ZoneAlarm Pro.lnk
5. Registry Entries
Important Advisory: Deleting registry entries incorrectly may cause serious problems to your
operating system (OS) which may necessitate the need to reinstall the OS. Please make sure you are able
to perform these deletions correctly before you decide to edit the entries.
For information about how to edit the registry in Windows 95, type "regedit.exe" from a command
prompt. Click "Help," then "Help Topic." Click "Changing Keys and Values."
Note that you should back up the registry before you edit it.
The following key contains information needed by the uninstaller:
● Key: HKEY_LOCAL_MACHINE\Software\Zone Labs and all its subkeys and values.
● Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm
Pro
If your system is running Windows 95 these registry items start the services required for ZoneAlarm
Pro:
● Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService
● Value: MiniLog and Value: TrueVector
Under Windows 95, these values are added to the Shared DLLs database:
Zone Labs: Support
This is a database that contains a long list of values, but only these values are related to ZoneAlarm Pro
and TrueVector:
● Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs
● Values:
❍ C:\Windows\System\vsdata.dll
❍ C:\Windows\System\vsdata95.vxd
❍ C:\Windows\System\vsmonapi.dll
❍ C:\Windows\System\vsnetutils.dll
❍ C:\Windows\System\vsnetu.dll
❍ C:\Windows\System\vspubapi.dll
❍ C:\Windows\System\vsutil.dll
❍ C:\Windows\System\Zone Labs\html.tdr
❍ C:\Windows\System\Zone Labs\vsdb.dll
❍ C:\Windows\System\Zone Labs\minilog.exe
❍ C:\Windows\System\Zone Labs\vsmon.exe
❍ C:\Windows\System\Zone Labs\vsruledb.dll
For each user who has run ZoneAlarm Pro, there are registry keys in
● Key: HKEY_CURRENT_USER\Software\Zone Labs
The following keys allow the user to modify the sound that is played when there is an alert through use
of the Control Panel Sounds applet:
● Key: HKEY_CURRENT_USER\AppEvents\EventLabels\InternetAlert
● Key: HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\InternetAlert\.current
On Windows 95 systems, the following keys tell Windows the ZoneAlarm Pro Desk Band is a part of
ZoneAlarm Pro:
● Key: HKEY_CLASSES_ROOT\CLSID\{long string of characters}\InprocServer32
● Value: C:\Program Files\Zone Labs\ZoneAlarm\zoneband.dll
The string of characters will vary from system to system.
There is a registry key for the extension of every attachment that ZoneAlarm Pro quarantines (.vbs, for
example). This can be found in:
● Key: HKEY_CLASSES_ROOT
● Value: ZAMailSafeExt: REG_SZ: {renamed extension -- zl9, for example)
The most important step in uninstalling or upgrading is to make sure that ZoneAlarm and its underlying
TrueVector service are not running. If TrueVector is left running, certain files may not be removed or
replaced. Also, if you use the Desk Band feature, this should be disabled before uninstalling or
upgrading ZoneAlarm.
Note that shutting down ZoneAlarm from the tray icon only shuts down the user interface. It may or
may not unload TrueVector, depending on how ZoneAlarm was started.
To unload the TrueVector Service and disable the Desk Band:
1. Go to the Configure panel and uncheck the box labeled, "Load ZoneAlarm at Windows startup" (or
"Load ZoneAlarm Pro at startup")
2. Right click any unused portion of the task bar at the bottom of the screen, select "Toolbars", and
uncheck "ZoneAlarm Desk Band" (or ZoneAlarm Pro Desk Band")
3. REBOOT Windows (very important).
AFTER UNLOADING TRUEVECTOR AND REBOOTING:
To uninstall ZoneAlarm Pro: Click Start | Programs | Zone Labs | Uninstall ZoneAlarm Pro
Zone Labs: Support
To clear your configuration settings in ZoneAlarm or ZoneAlarm Pro:
1. For Windows9x, remove the files in \windows\internet logs
2. For WindowsNT and Windows2000, remove the files in \winnt\internet logs
Note that these files are not deleted by the uninstallation process.
To upgrade ZoneAlarm:
1. It is usually not necessary to uninstall your current version of ZoneAlarm to upgrade to a newer
version or to ZoneAlarm Pro. Just double-click on the self-installing executable file, zonealmxx.exe or
zaproxx.exe. Your configuration settings are saved from your previous installation.
2. If you are upgrading from a very old version of ZoneAlarm (especially from version 2.0 or earlier),
you should uninstall ZoneAlarm and clear your configuration settings in the internet logs directory, as
described above. You may also with to consider doing this if you are upgrading from a beta release of
ZoneAlarm.
3. If you encounter problems, please refer to the ZoneAlarm uninstall FAQ page.
Due to significant differences between ZoneAlarm and ZoneAlarm Pro, it is particularly important to
uninstall ZoneAlarm Pro completely if you wish to go back to using regular ZoneAlarm.
To revert back to ZoneAlarm from ZoneAlarm Pro:
1. Unload TrueVector and disable the Desk Band, as described above.
2. Uninstall ZoneAlarm Pro, as described above.
3. Remove the files in the internet logs directory, as described above.
4. Check for completeness of the uninstallation by referring to this ZoneAlarm Pro FAQ page.
5. Install ZoneAlarm by double-clicking on zonealmxx.exe.
7. Missing INSTALL.LOG file?
If the uninstaller displays the message "Could not open INSTALL.LOG file or prompts you for an
Install.log file but you cant find one in the ZoneAlarm Pro directory, this usually indicates that the
original installation was incomplete. This can occur if you canceled the installation program after it
installed product.
Back to the Top
5. Registry Entries
● UNWISE.EXE
● Readme.txt
● License.txt
● zapro.exe
● zonealarm.exe
Zone Labs: Support
●
●
zoneband.dll
INSTALL.LOG is also installed
● Images\*.*
C:\Windows\System\
● vsdata.dll
● vsdata95.vxd
● vsmonapi.dll
● vsnetutils.dll
● vspubapi.dll
● vsutil.dll
● html.tdr
● minilog.exe
● vsmon.exe
● vsruledb.dll
● vsdb.dll
● ZALog.txt
● Iamdb.rdb
C:\WINNT\System\
● msvcrt.dll
● psapi.dll
5. Registry Entries
For information about how to edit the registry in Window 98, type "regedit.exe" from a command
● Key:
Zone Labs: Support
Pro
If your system is running Windows 98 these registry items starts the services required for ZoneAlarm
Pro:
● Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService
● Value: MiniLog and Value: TrueVector
and TrueVector:
● Values:
On Windows 98 systems, the following keys tell Windows the ZoneAlarm Pro Desk Band is a part of
ZoneAlarm Pro:
Zone Labs: Support
ZoneAlarm.
installed product.
Back to the Top
5. Registry Entries
Zone Labs: Support
●
●
●
●
●
●
●
UNWISE.EXE
Readme.txt
License.txt
zapro.exe
zonealarm.exe
zoneband.dll
INSTALL.LOG is also installed
● Images\*.*
C:\WINNT\System32\
● vsmonapi.dll
● vsnetutils.dll
● vspubapi.dll
● vsutil.dll
C:\WINNT\System32\Zone Labs
● html.tdr
● minilog.exe
● vsmon.exe
● vsruledb.dll
● vsdb.dll
● ZALog.txt
● Iamdb.rdb
C:\WINNT\System32\
● msvcrt.dll
● psapi.dll
C:\Documents and Settings\All Users\Start Menu\Programs
5. Registry Entries
If you are running Windows 2000, type "regedt32.exe" from a command prompt. Click "Help," then
"Contents." Click the "Add and Delete Information in the Registry" and "Edit Registry Information."
Note that you should back up the registry before you edit it. If you are running Windows 2000, you
should also update your Emergency Repair Disk (ERD).
Zone Labs: Support
●
Key:
Pro
Under Windows 2000, these two registry keys, and all their subkeys, denote the TrueVector service and
the TrueVector device driver:
● Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsmon
● Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsdatant
Under Windows 2000, this registry key and its subkeys denote ZoneAlarm Pro's alert logging service:
● Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\minilog
and TrueVector:
● Values:
❍ C:\Windows\System\vsdatant.sys
Zone Labs: Support
ZoneAlarm.
7.Missing INSTALL.LOG file?
installed product.
Back to the Top
ZoneAlarm Pro Uninstallation Details for Windows NT
4. Registry Entries
● UNWISE.EXE
● Readme.txt
● License.txt
● zapro.exe
● zonealarm.exe
● zoneband.dll
Zone Labs: Support
●
install.log
● Images\*.*
C:\WINNT\System32\
● vsdata.dll
● vsdatant.sys
● vsmonapi.dll
● vsnetutils.dll
● vspubapi.dll
● vsutil.dll
C:\WINNT\System32\Zone Labs
● html.tdr
● minilog.exe
● vsmon.exe
● vsruledb.dll
● vsdb.dll
● ZALog.txt
● Iamdb.rdb
● <my computer>.ldb (where <my computer> is your computer name)
C:\WINNT\System32\
● msvcrt.dll
● psapi.dll
C:\Documents and Settings\All Users\Start Menu\Programs
4. Registry Entries
If you are running Windows NT, type "regedt32.exe" from a command prompt. Click "Help," then
"Contents." Click the "Add and Delete Information in the Registry" and "Edit Registry Information."
Note that you should back up the registry before you edit it. If you are running Windows NT, you
should also update your Emergency Repair Disk (ERD).
● Key:
Pro
Zone Labs: Support
Under Windows NT, these two registry keys, and all their subkeys, denote the TrueVector service and
the TrueVector device driver:
● Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsmon
● Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsdatant
Under Windows NT, this registry key and its subkeys denote ZoneAlarm Pro's alert logging service:
● Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\minilog
Under Windows NT, these values are added to the Shared DLLs database:
and TrueVector:
● Values:
❍ C:\Windows\System\vsdatant.sys
Zone Labs: Support
ZoneAlarm.
Back to the Top
ZoneAlarm Pro Uninstallation Details for Windows Me
5. Registry Entries
● UNWISE.EXE
● Readme.txt
● License.txt
● zapro.exe
● zonealarm.exe
● zoneband.dll
● INSTALL.LOG is also installed
Zone Labs: Support
● Images\*.*
C:\Windows\System\
● vsdata.dll
● vsdata95.vxd
● vsmonapi.dll
● vsnetutils.dll
● vspubapi.dll
● vsutil.dll
● html.tdr
● minilog.exe
● vsmon.exe
● vsruledb.dll
● vsdb.dll
● ZALog.txt
● Iamdb.rdb
C:\WINNT\System\
● msvcrt.dll
● psapi.dll
5. Registry Entries
For information about how to edit the registry in Windows Me, type "regedit.exe" from a command
● Key:
Pro
If your system is running Windows Me these registry items starts the services required for ZoneAlarm
Zone Labs: Support
Pro:
●
●
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService
Value: MiniLog and Value: TrueVector
Under Windows Me, these values are added to the Shared DLLs database:
and TrueVector:
● Values:
On Windows Me systems, the following keys tell Windows the ZoneAlarm Pro Desk Band is a part of
ZoneAlarm Pro:
Zone Labs: Support
ZoneAlarm.
installed product.
Back to the Top
ZoneAlarm Pro - Search Engines
Search Engines
Search Engines are where you can enter keywords that are then searched in a
database created automatically, by "spiders" or programs that search the web
without human interaction. Based on the keywords you typed in and the rules of
the search engine, it retrieves Internet documents from its database.
Each search engine has different rules for displaying the results of your search;
therefore, from one search engine to the next, you may get incredibly different
results. Generally, search engines are best used to locate a specific piece of
information, like a document, an image, or a computer program, instead of a
general subject.
Examples of search engines include:
●
●
●
●
●
AltaVista (http://www.altavista.com)
Excite (http://www.excite.com)
Google (http://www.google.com)
HotBot (http://hotbot.lycos.com)
Northern Light (http://www.northernlight.com)
Search Directories
Directories are indexes of subject categories organized from general subjects to
specific. They allow you to browse through lists of Web sites by subject.
Subject directory databases tend to be smaller than search engines' databases, so
generally you will have a smaller result list, which more closely matches the
subject contents from your search criteria. The main difference between a
directory and a search engine is: directories are created by humans and engines
are created by spiders. Directories are better for more generalized subject
searches and search engines are better for keyword searches that are more
specific.
Examples of directories include:
●
●
●
●
●
LookSmart (http://www.looksmart.com)
Lycos (http://www.lycos.com/)
Magellan (http://magellan.excite.com/)
Open Directory (http://dmoz.org)
Yahoo (http://www.yahoo.com)
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Des..._Pro_Help_new_TOC/ZoneAlarmProHelp_Basics_2.htm (1 of 2) [4/12/2001 11:50:00 AM]
ZoneAlarm Pro - Search Engines
ZoneAlarm Pro - The Web
Surfing the Web
Click through the links below to review basic concepts about the World Wide Web.
Web browsers
Web pages
URLs
Web Servers
Internet Explorer
Netscape
Audio
Video
Streaming
Push technology
Web Browsers
There are several varieties of web browsers though the most commonly used on
the Internet are Netscape Navigator and Microsoft Internet Explorer. All browsers
use the same principle of retrieving content from the web. HTTP (Hyper Text
Transfer Protocol) is the standard protocol for retrieving text and images and
serving them through a browser. HTML (Hyper Text Markup Language) is the
current standard for formatting web content so that it readable by browsers.
When a URL is typed into a browser, it looks up the associated web server, which
in turn sends back a web page.
Many web pages contain portions written in languages other than HTML. Language
such as Java, ActiveX, JavaScript and other scripting languages are utilized by
enterprising webmasters. It is commonplace for sound and animation files are
incorporated into web pages, requiring plug-ins or even third party software to be
downloaded. Therefore, multiple components are working in synchronization to
deliver content through browser.
Web Pages
At its foundation, a web page is a document written in HTML.
When you click on a link within a web site or from an e-mail, you are issuing a
request from a web server to display a web page.
URLs
URL stands for Uniform Resource Locator. This is a series of letters separated by
periods that actually represents an IP address. For example: www.cnn.com. URLs
exist so that we can all remember the names of web sites, rather than having to
remember a series of digits that make up an IP address, such as 123.12.123.143.
Your web browser will send the URL request using HTTP. The server then locates
the page (or other document) and sends it to your web browser. The result (what
you see inside your browser) is the graphic interpretation of the Home Page's
HTML.
Web Servers
Web servers are computers that send you a web page when you enter a URL in
your browser. Each web server on the Internet has an IP address and could be
hosting a domain. When you enter this URL in your browser:
http://www.cnn.com/index.html
the web server whose domain name is cnn.com receives the request from your
browser. In response, the web server fetches a web page named index.html,
which it sends to your browser.
Any computer can act as a Web server. All that is required is server software and
a live connection to the Internet.
MS Internet Explorer
With Internet Explorer, Microsoft's web browser, you can place web links directly
as icons on the desktop. These icons can be clicked on in order to directly open a
specific web site inside the Internet Explorer. With the Active Desktop,
applications loading directly from the Internet can be running as minimized icons
on the desktop.
Netscape
Netscape Communicator, like Internet Explorer, is a web browser used to locate
and display Web pages. It displays graphics and text in addition to multimedia
such as sound and video. Plug-ins are required for some video and audio formats.
Audio
To hear a Web page that includes a RealAudio sound file, you need a RealAudio
player or plug-in, a program that is freely available from a number of sites. It's
also included in current versions of both Netscape Navigator and Microsoft
Internet Explorer.
Video
The ability to transmit video, animation and graphics together in an integrated
fashion is often termed multimedia.
Video transmission is commonplace because with high speed connections to the
Internet. However, the quality of video resolution depends on the power of the
computer's video card and CPU.
Streaming
Streaming refers to the transmission of any form of multimedia such as audio and
video.
When streaming is used, the streamed data can start being displayed in your
browser before the whole file has been received. In other words, you are viewing
before data transmission is complete.
If your machine receives streamed data more quickly than required, the excess
data has to be saved in a buffer. However, if the streamed data come into your
machine too slowly, data tends to congest.
Push Technology
Push technology is subscription service technology offering HTML pages, Java
applets, multimedia objects, and ActiveX components, designed to deliver
customized information to users.
Examples of push technology services would be stocks and sports tickers.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - E-mail
E-mail
This section talks about how e-mail works within the infrastructure of the Internet
and your desktop.
Any e-mail software you use requires server rights. You assign these rights in the
Programs panel. For your e-mail programs to work efficiently, set the allow server
option for any e-mail software you use.
How e-mail works
E-mail software
How e-mail gets to its destination
E-mail security
E-mail mailing lists
How E-mail Works
An e-mail message consists of binary data. Most e-mail messages are in the ASCII
text format which is a standard that allows any computer to read it.
E-mail messages are sent in the same way as most other data is sent over the
Internet, via TCP/IP. TCP separates outgoing e-mail messages into IP packets,
then delivers those packets to the destination indicated in the address header.
Upon receipt at its destination, the packets are reassembled.
Most files such as pictures, audio and executables, can be attached to an e-mail
message. When these files are sent over the Internet, an encoding scheme, such
as MIME or uuencode is used to encode the attachment, which will be decoded by
the e-mail system at the destination. Most e-mail packages automatically and
transparently decode attachments.
ZoneAlarm and ZoneAlarm Pro's MailSafe feature protects your e-mailbox by
allowing you to decide which kinds of e-mail attachments you are going to allow to
be opened without protective intervention.
After sending an e-mail message, it usually has to be sent through a number of
networks before reaching its destination. Some of these e-mails use different
e-mail formats. When this is the case, the network gateway will perform the task
of translating from one e-mail format to another. This will allow the message to
make its way through its path from you to the recipient.
E-mail Software
In order to send and receive e-mail, one needs a software package.
E-mail that is sent to you is usually delivered to an e-mail server. When you want
to check for new mail or open mail, your e-mail software logs on to the e-mail
server to find out if there are messages addressed to you.
If you have mail, you will see the list of unopened mail in your e-mail software
after you click on the button or tab you use to see new mail. When you want to
read a specific message in the new unopened mail, your click on the mail which
tells your e-mail software to open it.
How E-mail gets to its Destination
You've just sent an e-mail message from Netscape Messenger or MS Outlook
Express. What happens next?
First, TCP breaks the e-mail message up into IP packets. Next, the packets go to a
router on your LAN where the destination address is examined. If your e-mail is
going to someone whose computer is on your LAN, the packets are reassembled
into the original message and the e-mail is delivered without any further steps.
If the e-mail is going outside your LAN, it will go through whatever firewall may be
set up on your LAN. Next, the e-mail message moves on a router located outside
your LAN, somewhere on the Internet. That router determines the destination
from the address, then sends the e-mail on its way there.
When the e-mail arrives at its destination, the gateway receives it. The gateway
first reassembles all the packets that make up the e-mail using the TCP protocol.
The result is that the separate packets have become an actual message again.
Next, the gateway translates the reassembled e-mail message into the e-mail
protocol that is used on the network. Finally, the gateway sends the message, in
its reassembled and translated format, into the network where it may pass
through another firewall before getting to its final destination inside the receivers
e-mail software.
E-mail Security
The basic security problem surrounding e-mail is the same problem that exists
with any Internet communication. That being, data communications can be
intercepted. Though e-mail piracy is rare and usually is either of two extremes:
one, an interception is confined to specific personal attack, or two, the attack is
traced to a widespread ISP intrusion.
Besides the e-mail message itself, by searching around on the Internet
(chatrooms, etc.) snoopers might be able to find your e-mail address. In the past,
if an Internet snooper only had your name, he or she might not be able to get
ahold of your e-mail address. These days, many directories and query servers
exist to trace e-mail addresses.
Encryption can be used to scramble mail so that only people with the proper
encryption keys are able to descramble e-mail. However, this is an arduous task
and usually not worth the time to invest. The basic rule of thumb is to be careful
who you communicate with and where you divulge your e-mail address on the
Internet.
E-mail Mailing Lists
The purpose of e-mail mailing lists is to connect people who share some kind of
common interest. Once you are a member of an e-mail list, whenever you send an
e-mail to the mailing list, it is automatically sent to everyone on the list.
When you want to get yourself put on an e-mail mailing list, you have to subscribe
to that list. You do this by sending an e-mail to the mailing list administrator or to
a list server. If you send your request to a list server, a computer will read your
request without any human intervention and will automatically put you on the list.
You can also cancel your subscription to the list by list by sending the same type
of e-mail.
A database resides on the computer where the mailing list is administered. When
you send a subscription request, the e-mail list database will send your message
to every address already on the mailing list.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Chat
Chat
This section talks about how chat programs work within the infrastructure of the
Internet and your desktop.
Any chat software you use requires server rights. You assign these rights in the
Programs panel. For your chat programs to work efficiently, set the allow server
option for any chat program you use.
Security Issues with Chat
Webpage Chat
IRC
ICQ Chat
Security Issues with AIM/Yahoo/MSN Messenger
Security Issues with Chat
With the popularity of Internet chat software comes a need for awareness of the
potential pitfalls. The nature of Internet vandalism is such that individuals with
hacking/cracking ability are drawn to areas of the Internet where a large number
of potential targets congregate.
Many people ask the simple question, "What would a hacker want from me if my
machine doesn't have anything interesting on it?" Typically, what they want from
you is your IP address so they can proxy off your machine and perform
anonymous attacks elsewhere. It is also typical for vandals to have no real agenda
and just decide to create confusion and be an annoyance.
The only way someone can get your IP address is if you provide it to them or if
they can engage you in conversation.
Webpage Chat
To start chatting using Webpage chat, all you need is an Internet connection and a
web browser that supports Java. Internet Explorer and Netscape both allow you to
conduct webpage chat.
IRC
IRC (Internet Relay Chat) is the most popular messaging application on the
Internet. To run IRC, you need an IRC client program running on your PC. mIRC is
the most widely used Windows IRC client software.
After IRC software is installed on your machine, you need to connect to the IRC
server. Next, you can join a channel, then you start typing your chat talk which
will be viewable by everyone else "inside the room."
Security Issues: Security threats exist when you are using IRC chat software.
Threats include:
● Hijacking IRC numbers (your identity on their system)
●
●
●
Nuking (blue screen attacks)
Automated scripts that bounce users off servers
Stealing bandwidth to run Eggdrop, which is a secure chat shell, then kill the
"guardian" IRC bots that patrol IRC servers
The strategy hackers use is to scan machines in IRC channels in order to
determine whether or not they are running some sort of Trojan. This server can be
proxied through which is the main objective of the intruder.
The guardian IRC bots are looking for unauthorized scripts and scans that slow
traffic down across their network. Also, the bots track chatrooms in order to see if
any users are proxying (masking their IPs by using another machine for their
connection).
Additionally, as a default, the IRC bots assume if the IP address of where you are
originating supports SOCKS, then it is possible that you are proxying and it hence,
it bounces you off their server.
ICQ Chat
ICQ is another widespread chat program in use on the Internet. Vulnerabilities are
similar to that IRC except there are no automated guardian bots. In inordinate
amount of spam passes through ICQ due to the software's features set, some
people use it to handle their e-mail.
Security Issues: Like IRC, ICQ has a vast userbase where identity hijacking is a
potential threat.
You can configure ICQ so that people are can contact you. You can also configure
ICQ to ensure that you approved those who are contacting you.
The ICQ default is to let anyone contact you. ICQ is equipped with file transfer
capabilities that hackers use to transmit viruses, nukes and Trojans.
You can also send and receive attachments via ICQ's built in e-mail program. In
terms of firewall protection, ICQ randomizes the port numbers it uses on the
operating system, making blocking potential threats difficult. The approach here is
to use common sense in configuring your settings as to what data to allow
through.
Security Issues with AIM/Yahoo/MSN Messenger
If you use these chat programs you would want to make sure the file transfer
capabilities are used with caution. Transferring files through messenger programs
are a typical way Trojan Horses, viruses and worms are transmitted.
BACK HOME
Inc.
Zone Labs: About Us: Privacy
Select One...
Privacy Policy
This privacy statement discloses the privacy practices for www.zonelabs.com.
Zone Labs, Inc. ("Zone Labs") has created this privacy policy to demonstrate our strong
commitment to privacy. The following statement explains our information-gathering and
dissemination practices for our site (the "Site") on the World Wide Web. This policy may
change from time to time so please check back periodically. Zone Labs uses "Digital River,
Inc.," a third party provider of e-commerce solutions, and back-end facilitator to process your
credit card information. Click here to read the Digital River Privacy Statement.
For more information about the Zone Labs privacy statement, please see the following
Frequently Asked Questions (FAQs).
We have established the following guiding principles for our privacy policy and practices:
Principle 1. Zone Labs lets you visit the Site without revealing any information about
yourself. We do, however, keep track of the domains from which people visit us on the World
Wide Web, and log IP addresses for statistical purposes to identify trends and the results of
our marketing efforts in aggregate. IP addresses are not linked to "Personally Identifiable
Information" (see below). We also use this information to help diagnose problems with our
server and to administer the Site.
Principle 2. Some Zone Labs products ask you for "Personally Identifiable Information" as
part of the registration process, including your connection type and number of computers.
You choose whether or not to provide this information without affecting the product's
performance. If you choose to provide us with Personally Identifiable Information, we use
this information to notify you about product upgrades, updates, and new products. Zone Labs
keeps your Personally Identifiable Information confidential and does not sell, trade or
exchange mailing lists with any organization. Zone Labs maintains this information for not
less than two but not more than four years, and will only disclose your Personally Identifiable
Information to third parties if acting under good faith belief that such action is necessary to
(1) conform to legal requirements; (2) protect and defend the rights or property of Zone Labs;
or (3) enforce the Zone Labs Terms of Service.
Principle 3. Zone Labs will not send you any unsolicited information, including email,
except where you authorize us to do so.
Principle 4. At your request, Zone Labs will change or delete your information and not use it
for further contact with you. To request that your information be changed or deleted and not
used for further contact with you, please e-mail us at [email protected] or write to us at
Attn: Privacy Contact, Zone Labs, Inc., 1060 Howard Street, San Francisco, CA 94103.
Principle 5. Zone Labs collects and uses information that can be divided into the following
categories:
Registration Information: This is information that you provide during the ZoneAlarm or
http://www.zonelabs.com/aboutus/privacy.html (1 of 4) [4/12/2001 11:50:58 AM]
ZoneAlarm Pro product registration download process. You provide your first and last name,
email address, and information about your use of ZoneAlarm or ZoneAlarm Pro.
Personally Identifiable Information: This is optional information that you may choose to
provide to us. If you choose to provide Personally Identifiable Information, we will only use
this information to notify you about product upgrades, product updates and new products. In
addition, internal security provides that this information is coded with restricted access, and
our servers are kept in a secure, locked environment.
Credit Card Information: Zone Labs uses "Digital River, Inc.," a third party provider of
e-commerce solutions, and back-end facilitator to process your credit card information. Click
here to read the Digital River Privacy Statement. Your credit card information does not pass
through the Zone Labs Site under the terms of Zone Labs' agreement with Digital River.
Digital River keeps your credit card information confidential and protects your credit card
information through the use of industry-standard Secure Sockets (SSL) encryption
technology.
Use of Information for Analyzing Security Breaches: If the Zone Labs product detects a
security threat to your computer, you can click on the "More Information" button from the
product dialogue box. At that point, the product sends the information about the threat and
your IP address to the Zone Labs Site to be analyzed. Zone Labs will send you more specific
guidance about the security information. Zone Labs will not release your IP address or any
Personally Identifiable Information that could be extracted from your IP address to any third
party.
No-Cookie Policy: "Cookies" are small pieces of information that your browser stores on your
computer on behalf of a Web site that you have visited. The Zone Labs Site does not use
cookies. Digital River's cookies are used only to identify the customer, not to identify any
specific customer traits. This allows Digital River to maintain consistency in the shopping
basket and enable a more pleasant shopping experience. Click here to read the Digital River
Privacy Statement.
Principle 6. Zone Labs' Site contains links to other web sites. Please note that when you click
on one of these links, you are moving to another web site. We encourage you to read the
privacy statements of these linked sites - as well as any site on the World Wide Web - as their
privacy policy may differ from ours.
Principle 7. Zone Labs will post on its home page (www.zonelabs.com) notification of any
changes to this Privacy Policy, with a direct link to the new policy statement(s).
What Constitutes My Acceptance of this Privacy Policy?
By using the Site or any services provided through the Site, you expressly consent to the use
and disclosure of information as described in this Privacy Policy. Zone Labs reserves the right
to change this Privacy Policy at any time by electronic notice posted on our Site. Your
continued use of our Site after the date that such notices are posted will be deemed to be your
agreement to the changed terms.
Contacting the Site
If you have any questions about this privacy statement, the practices of this Site, or your
dealings with this Site, you can contact us:
By Email
[email protected]
By Mail
Attn: Privacy Contact
Zone Labs, Inc.
1060 Howard Street
San Francisco, CA 94103
If at any time, you believe that Zone Labs has not adhered to these principles, please notify us
by email at [email protected] or by writing to Attn: Privacy Contact, Zone Labs, Inc.,
1060 Howard Street, San Francisco, CA 94103, and we will make all commercially
reasonable efforts to promptly determine and correct the problem.
Frequently Asked Questions
What information does Zone Labs collect about me, and how will this information be
used?
Zone Labs collects and uses information that can be divided into the following categories:
Registration Information: This is information that you provide and input during the
ZoneAlarm or ZoneAlarm Pro product registration download process. You provide
your first and last name, email address, and information about your use of ZoneAlarm
or ZoneAlarm Pro.
Personally Identifiable Information: This is opt-in information that you may choose
to provide to us. If you choose to provide Personally Identifiable Information, we will
only use this information to notify you about product upgrades, product updates and
new products.
Credit Card Information: Zone Labs uses "Digital River, Inc.," a third party provider
of e-commerce solutions, and back-end facilitator to process your credit card
information. Click here to read the Digital River Privacy Statement. Your credit card
information does not pass through the Zone Labs Site under the terms of Zone Labs
agreement with Digital River. Digital River keeps your credit card information
confidential and protects your credit card information through the use of
industry-standard Secure Sockets (SSL) encryption technology.
Use of Information for Analyzing Security Breaches: If the ZoneAlarm product
detects a security threat to your computer, you can click on the "More Information"
button from the ZoneAlarm dialogue box. At that point, the ZoneAlarm product sends
the information about the threat and your IP address to the Zone Labs Site to be
analyzed. ZoneAlarm will send you more specific guidance about the security
information. Zone Labs will not release your IP address and any Personally Identifiable
Information that could be extracted from your IP address to any third party.
What about cookies?
"Cookies" are small pieces of information that your browser stores on your computer on
behalf of a website that you have visited. The Zone Labs website does not use cookies.
DigitalRiver's cookies are used only to identify the customer, not to identify any specific
customer traits. This allows DigitalRiver to maintain consistency in the shopping basket and
enable a more pleasant shopping experience. Click here to read the Digital River Privacy
Statement.
Privacy Policies of Other Sites on the World Wide Web
Zone Labs' site contains links to other sites. Zone Labs is not responsible for the privacy
practices or the content of such other websites and recommends that you review the privacy
policies of other sites on the World Wide Web that you visit.
What constitutes my acceptance of this privacy policy?
By using the Site or any services provided through the Site, you expressly consent to the use
and disclosure of information as described in this Privacy Policy. Zone Labs reserves the right
to change this Privacy Policy at any time by electronic notice posted on our Site. Your
continued use of our Site after the date that such notices are posted will be deemed to be your
agreement to the changed terms.
Contacting the Site
If you have any questions about this privacy statement, the practices of this Site, or your
dealings with this Site, you can contact us in the following ways:
By email:
[email protected]
By Mail:
Attn: Privacy Contact
Zone Labs, Inc.
1060 Howard Street
San Francisco, CA 94103
Zone Labs
ZoneAlarm Pro
ZoneAlarm Pro is compatible with Windows
95/98/Me/NT/2000.
Zone Labs
Enterprise
Sales
Hundreds of
thousands of
enterprise
desktops are
secured by
Zone Labs
ZoneAlarm FREE Download
New
ZoneAlarm Pro
Affiliate
Program
Become a
ZoneAlarm Pro
Affiliate
ZoneAlarm™ is essential for DSL and Cable modem users,
providing rock-solid protection against Internet thieves,
vandals and hackers - stopping them dead in their tracks. If
you can't be seen, you can't be attacked! More than 9 million
PC users have downloaded ZoneAlarm. Shouldn't you?
News
Important
update release
for
ZoneAlarm Pro
ZoneAlarm is compatible with Windows
95/98/Me/NT/2000.
Zone Labs
Launches
Security
Resource
Center
"[ZoneAlarm Pro is] Excellent!
Buy it, even if you have a
hardware firewall..." Full article
Announcing
Zone Labs
http://www.zonelabs.com/ (1 of 2) [4/12/2001 11:51:10 AM]
Zone Labs
Integrity
Zone Labs
Teams Up with
VPN Vendors
Zone Labs
Forms
Strategic
Technology
Partnership
with SafeNet
Zone Labs
Teams Up with
NEC
Home Office
Computing
declares
ZoneAlarm a
winner
MSNBC,
CNET, PC
World, and
ZDNET are
some of our
fans
Privacy Policy
http://www.zonelabs.com/ (2 of 2) [4/12/2001 11:51:10 AM]
Zone Alarm Pro Help
The Change Registration button
Click on the Change Registration button to review or modify your ZoneAlarm
Pro registration information. Provide any new information, such as a new name or
e-mail address, in the Registration Information dialog, shown below. If your PC is
not for business use, put your name in the company field.
If you make any changes to the registration information, ZoneAlarm Pro will
automatically reregister for you. ZoneAlarm Pro displays the date and time of your
last registration
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/change_registration.htm [4/12/2001 11:52:30 AM]
Zone Alarm Pro Help
Check for Update
Press the Check for Update button to see if a newer version is available for
download from the Zone Labs web site.
If a response to the affirmative is not provided, that indicates that no update is
available. ZoneAlarm Pro can perform this check automatically by checking the
automatic check for update checkbox.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/check_for_updates.htm [4/12/2001 11:52:31 AM]
ZoneAlarm Pro - Firewall Alerts
More Info Button
Firewall Alerts
There are two types of firewall alerts: Cautious and Urgent, each displayed with a
color code to identify severity. An orange title band means the alert is of a
cautious nature.
Alerts generated by a potentially problematic source are identified by a red title
band.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/firewallalerts.htm (1 of 2) [4/12/2001 11:52:31 AM]
ZoneAlarm Pro - Firewall Alerts
In the example above, a telnet attempt was made from an unknown source.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/firewallalerts.htm (2 of 2) [4/12/2001 11:52:31 AM]
ZoneAlarm Pro - Change Default Settings
Change Default Settings
Go through the ZoneAlarm Pro panels to change default security settings if they
don't suit your needs.
Consider the MailSafe example
What are default settings?
Remove the Deskband Toolbar
Internet Zone Custom setting defaults
Consider the MailSafe example
Consider the way default settings are set for MailSafe. Just like any other default
setting, you can easily change it to fit your specific security needs.
To change a MailSafe default setting, deselect specific e-mail attachment file
types, such as .hlp or .scr, that are selected by default in the MailSafe panel.
Deselecting these file types will allow attachments of the deselected file types to
be opened from within your e-mail system. They will thus not be quarantined by
ZoneAlarm Pro's firewall.
This is a change of the default setting. The default MailSafe setting is that all file
types in the dialog are preselected as quarantined. This gives your machine
maximum protection.
What are default values?
file:///C|/Documents and Settings/rwilliams/Deskto..._Help_new_TOC/Getting_Started_Tutorial_Default.htm (1 of 4) [4/12/2001 11:52:31 AM]
Default values are security options that are set as turned on when ZoneAlarm
Pro is installed.
If you downloaded the product as a single user, the default options that are set at
installation time represent ZoneLabs' judgment of optimal security settings on
your machine. If your system administrator was the person who configured and
installed your copy of ZoneAlarm Pro, those values represent your company's
security strategy.
You can change these options by going into each panel and changing the
selections. Most options are changed by selecting or deselecting the checkboxes
and radio buttons in each panel.
Remove the Desk Band Toolbar from your
desktop
Another default setting you can change is the display of the Desk Band Toolbar.
After installation, the toolbar is hidden by default.
It shows Internet traffic, allows you to easily turn on the Internet Lock, and does
other things.
In Windows 95 and Windows NT:
If you would prefer to have the Deskband Toolbar displayed, go to the the
Configuration panel and deselect the Show shell toolbar checkbox that was
selected by default when ZoneAlarm Pro was installed:
Internet Zone Custom Setting defaults
A more complex default setting concerns incoming UDP through a specific port
number. By default, Internet Zone security is set to High. It can be a bad idea to
lower this default setting unless you have a good reason. This is because the High
security setting gives you maximum protection.
But there's no problem with changing Internet Zone custom settings when you
have a good reason; for example the publisher of the software you are using
specifically recommends that you open a specific port for Internet access.
Let's say the software publisher instructs you to allow incoming UDP from the
Internet through port 139. Remember that, by default, incoming and outgoing
UDP ports are blocked by High Internet Zone Security.
To change the default setting so that incoming UDP is allowed through port 139,
go to the Internet Zone Custom Settings panel, and scroll down a bit. Next, select
the checkbox as shown below:
Next, enter the port number in the Ports field that is automatically created when
you've checked the Allow incoming UDP ports checkbox.
After clicking OK, the port number is listed to the right of the selected checkbox.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Add a Computer to the Local Zone
Add a Computer to the Local Zone
You can access the Local Zone by going to the Security Panel and clicking the
Advanced button.
Steps to Add a Computer
Home Users
LAN Users
Networks
Other Computers
Steps to Add a Computer
To open the dialog:
1. Click on Advanced
2. Choose Local Zone Contents
file:///C|/Documents and Settings/rwilliams/Deskt...lp_new_TOC/How_to_add_sites_to_the_Local_zone.htm (1 of 5) [4/12/2001 11:52:32 AM]
3. To add a computer or IP address, click on the Add button.
4. You have 4 choices:
5. Click on IP Address to add your next door neighbor's computer identified by IP
address.
6. Enter a short description and your neighbor's IP address, then click OK:
You'll see your friend's computer, including the description you entered, displayed
under Other Computers.
This means that it is now in the Local Zone. Therefore, ZoneAlarm Pro will allow
you to communicate with your neighbor over the Internet. Other computers won't
have that privilege because you have not told ZoneAlarm Pro you trust them.
Home Users
If you are a single user at home, you are not required to use this dialog because
your PC is probably the only machine you are trying to protect. As a single user,
you don't really need to add any more computers in order to work safely.
The Networks section of the dialog will always have an entry in it displaying the
subnet your modem or DSL connection installed on your machine. You don't need
to place a checkmark in this area if you are working by yourself.
The Other Computers section is where you add any trusted web site or the IP
address of a computer that you trust and want to do file sharing with.
LAN Users
If you are working as part of a Local Area Network (LAN), make sure the entry in
the Networks section has a checkmark next to it if it represents the subnet of
your LAN adapter. The red checkmark tells ZoneAlarm Pro that you trust your LAN
connection and that you really want to share connectivity with the users on that
LAN.
If your company or work group has more than one subnet, you need to go to the
Other Computers section to add the subnets that are not identified by the LAN
adapter on your machine. ZoneAlarm Pro picked the network subnet up from your
LAN adapter at installation time and placed it in the Networks section.
You have to manually add additional subnets you have in your organization by
clicking on the Add button then entering the IP address and subnet mask in the
Other Computers section of this dialog:
With ZoneAlarm Pro installed and running, all the IP addresses of subnets that are
not identified in your LAN adapter have to be included here so that applications
residing on those subnets can be accessed from your PC whenever Local Zone
security is set to Medium or High.
Networks
The Networks section lists subnets identified by your LAN adapter or by your DSL
or dial-up modem connection to the Internet:
The checkmark identifies the adapter as something you want ZoneAlarm to allow
your PC to communicate with. Once the network is checked, you can access
programs and sites located on the subnet.
Remember that if you are a single user, you don't need to worry about checking
anything in this dialog until you become part of a LAN or for certain VPN
installations.
Other Computers
The Other Computers section is where you add IP addresses representing
computers and web sites located on other LANs or somewhere on the Internet.
You add them because you know enough about them to allow connections with
them over the Internet.
Any web sites and computers you add here will be those that are not specifically
part of the LAN identified by your LAN adapter.
If you are a home user, this is where you add web sites and addresses that you
know well enough to place inside your Local Zone. An individual user would use
this dialog to add any computer other than his or her own PC that is familiar
enough to be trusted.
For LAN users, if your company or work group has more than one subnet, here is
where you add IP addresses of the subnets not identified by your LAN adapter.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - How to Allow or Block Specific Ports
How to Allow or Block Specific Ports
You can open specific ports on your computer in three separate dialogs.
Internet Zone Custom Settings in Security Panel
Local Zone Custom Settings in Security Panel
Options Button in Programs Panel
Internet Zone Custom Settings in Security Panel
Many of the checkboxes in the Internet Zone Custom Settings panel provide the
ability to open a specific port for a specific protocol when Internet Zone security is
set to High.
In the lower portion of the panel, similar checkboxes allow you to block specific
ports when your Internet Zone security is set to Medium.
The checkboxes you check represent exceptions to your Internet Zone security
settings.
file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/How_to_allow_ports.htm (1 of 7) [4/12/2001 11:52:33 AM]
Example: Port 139
There's no problem with changing Internet Zone custom settings when you have a
good reason. For example, the publisher of the software you are using
specifically recommends that you open a specific port for Internet access.
To change the default setting so that incoming UDP is allowed through port 139,
go to the Internet Zone Custom Settings panel, and scroll down a bit. Next, select
the checkbox shown below:
Next, enter the port number in the Ports field that is automatically created when
you've checked the Allow incoming UDP ports checkbox.
Local Zone Custom Settings in Security Panel
Many of the checkboxes in the Local Zone Custom Settings panel provide the
ability to close a specific port for a specific protocol when Internet Zone security is
set to Medium.
In the lower portion of the panel, similar checkboxes allow you to block specific
ports when your Internet Zone security is set to Medium.
The checkboxes you check represent exceptions to your Local Zone security
settings.
Options Button in Programs Panel
In the Programs panel, click on the Ports tab to specify the specific port that an
application is allowed to use for Internet access.
For example, to specify a specific port for Microsoft Outlook, click on the Options
button on the Internet Explorer line in the Programs List.
Allow access to all ports and protocols: allows the program to have Internet
connections via all ports.
Allow access for ONLY the ports checked below: limits the program's
connections to the protocols and ports with checkmarks. The IGMP and ICMP
checkboxes are selected by default as the protocols you will limit the program's
connections to.
Allow access for any port EXCEPT for those checked below: allows
connections to every protocol and port that is not checked in the list. The IGMP
and ICMP checkboxes are selected by default. All protocols and ports not checked
in the list are allowed.
To add a port or range of ports to this list,
1. Click on the Add button
2. When you click on a server-specific choice like Mail Servers, ZoneAlarm Pro
adds the ports used by the server type and each entry is preselected. For
ease of use, three ports are added for Mail Servers. You can deselect any
that you may want to omit from the authorized list. All three mail server
ports remain selected in the list shown below:
Click on Custom to define a single TCP or UDP port, or a range of ports:
Clicking on Custom displays the Add a range of ports dialog:
In the Description field: Type in a meaningful name for the port or range of ports
you're adding. Then, click on OK to add the port(s), which will be displayed in the
Ports panel.
The dialog above mentions that the PC has a total of 65,535 ports. When adding a
port, the first thing to do is to specify whether the port, or range of ports, is TCP,
UDP or both.
For example, DNS uses port 53, which is a TCP port. DHCP uses port 67, which is
a UDP port.
BACK HOME NEXT
Inc.
Zone Alarm Pro Help
Log File Panel
When you instruct ZoneAlarm Pro to save alerts in the Alert Log, every alert you
receive will be entered into a file named ZALog.txt. You can find this file in a folder
called Internet Logs in your Windows install directory.
Archiving Logs
Archiving Logs
The buttons on the left side of the Log File panel allow you to archive your Alert
Log on a daily, weekly or monthly basis. By selecting one of these options, you are
telling ZoneAlarm Pro to create a fresh ZALog.txt file on a daily, weekly or
monthly basis. Whenever the archiving takes place, the previous file is renamed
using the current date. An example of a renamed archived log file created on
February 30, 2001 is ZALog2001.02.30.txt.
When you archive your log file on a regular basis, you'll be able to read the file
more easily and be able to find a specific alert more quickly. On the other hand,
you can retain the default setting and never archive the log.
Archive Log options:
Never: This is the default setting: never archive your log file.
Daily: Refresh your log file every day.
Weekly: Refresh your log file every week.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/log_file_panel.htm (1 of 2) [4/12/2001 11:52:33 AM]
Zone Alarm Pro Help
Monthly: Refresh your log file once a month.
Separate fields options:
Each entry in the log file is a series of characters. Some people prefer to have
these fields separated with spaces for readability. Select your preferred separator:
Tab: Fields in the log will be separated by Tabs
Comma: Commas will separate log fields
Semicolon: Fields in the log will be separated by semicolons.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/log_file_panel.htm (2 of 2) [4/12/2001 11:52:33 AM]
ZoneAlarm Pro - MD5
MD5 Checksum
If you run Netstat or another port monitoring utility, you might notice an unidentified
application listening on a given port. On that same note, you might even notice an application
listening on a port when ZoneAlarm Pro did not request permission for it to access the
Internet. Applications in the Programs List not allowed to connect are the usual culprits here.
On the surface, it is easy to misconstrue listening on a port as a breach of security but in fact,
ZoneAlarm Pro is performing exactly as designed.
ZoneAlarm Pro's dual-layer security architecture actually allows traffic that attempts to bypass
a normal socket layer to pass through to the point where it reaches the firewall. Thus, in a
"listening" state. At that point, having the impression that it successfully bypassed the port,
the application may attempt to communicate to the Internet. ZoneAlarm Pro intercepts that
communication. This design enhances protection of trusted applications as well. ZoneAlarm
Pro has a full stateful inspection firewall enhanced with TrueVector Technology. ZoneAlarm Pro
authenticates applications through an MD5 checksum, a process that detects and prevents
Trojans renamed as legitimate applications from getting through. The full stateful inspection
firewall is enhanced with True Vector to have one main rule: "Don't let anything in or out."
After that rule, it goes on to check whether applications are allowed or disallowed, verifies
ports and protocols, and specifies configurations and so forth.
Many of the other firewalls today, do their application verification process through name
recognition. Hackers can easily exploit this weakness. In a matter of minutes, a hacker can
create his or her own malicious application that has the same name or properties as a
legitimate application and it will glide through the firewall. With ZoneAlarm Pro, even if a
hacker changes the name of an application to make it look legitimate, it will still be stopped
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/md5.htm (1 of 2) [4/12/2001 11:52:33 AM]
ZoneAlarm Pro - MD5
because of the MD5 Checksum verification process.
BACK HOME NEXT
All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611.
Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/md5.htm (2 of 2) [4/12/2001 11:52:33 AM]
Zone Alarm Pro Help
More Info Option
From an alert popup, clicking More Info:
sends information about the alert to the Zone Labs Alert Analyzer. It launches the
user's browser and displays a page with the following information:
● A synopsis of the source and destination IP addresses and ports, the
program name and file name of the program associated with the alert, if
known
●
●
●
A link to query the ARIN whois database for the source or destination IP
address. ARIN is the American Registry for Internet Numbers. You can learn
more about ARIN here. ARIN provides administrative contact information
about the upstream provider for the IP address. It does NOT identify the
computer
For the most common alerts, a brief article explaining what might be
causing the alert
Links to FAQ articles on the Zone Labs web site
Since the More Info button directs your browser to a site on the Internet, users
have the option of hiding their IP address. Select one of the three radio buttons to
indicate whether or not you want to take advantage of the IP address hiding
feature:
●
Don't hide local IP address: Select this radio button if you want to allow
the full display of your IP address in the Analyzer.
●
Hide local IP address: Select this radio button to display a series of
XXXXXXXX instead of your IP address on the Analyzer. This choice prevents
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/more_info_option.htm (1 of 2) [4/12/2001 11:52:33 AM]
Zone Alarm Pro Help
any digit of your IP address from being displayed.
●
Hide last octet of local IP Address: Select this radio button to hide only
the final digits of your IP address. This causes a short series of XXXX to be
displayed at the end of your IP address on the Analyzer. This choice
provides good security also.
BACK HOME NEXT
All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent
No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone
Labs, Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/more_info_option.htm (2 of 2) [4/12/2001 11:52:33 AM]
Network Auto Detection
If you do not know what a network is, you probably don't have one that you would
want to put into your trusted Local Zone. If that is the case, stop reading and
answer NO to this pop-up.
Answering no will not prevent you from accessing the Internet.
How do I answer the New Network popup?
●
Step 1: Determine what type of network or networks you are on.
●
Step 2: Determine which network the pop-up is asking you about.
●
Step 3: Decide if you want to share files and printers over this network
What type of network am I on?
A network is very simply a group of computers your computer connects with, and
you probably have at least one network.
Examples of networks:
1. If you get Internet access through your Internet Service Provider (ISP) via
dial-up or high-speed modem, you are on a remote network with other users of
that ISP.
2. If your home or small business computer is linked to other computers to share
file:///C|/Documents and Settings/rwilliams/Desk...eAlarm_Pro_Help_new_TOC/netdetect_new_dialup.htm (1 of 2) [4/12/2001 11:52:33 AM]
printers, files or other services, you are on a network.
3. If you are linked to other computers in a work or corporate setting to share
company resources, you are on a network. Shortcut: If you know that your only
network is a remote ISP network (#1 above), stop reading and answer No to this
pop up. Otherwise, read on:
Which network is this pop-up about?
ZoneAlarm Pro has determined that the network identified in this pop-up is a
dial-up network. If your only dial-up network is your ISP, answer NO to the
pop-up.
When you have multiple networks, ZoneAlarm Pro detects each of these networks
separately. That means you must determine which network this pop-up is asking
you about.
To do this, find out the IP address of any networks that are NOT your remote ISP
network and see if they match the IP address in the pop-up.
Found a match? If so, go to step 3 to determine if you want to put the network
into your Local Zone.
No match? Then this is most likely your remote ISP network and you should
answer No to this pop-up.
Determine if you want to share files
Determine if you want to share files or printers on this network. By adding this
network into you Local Zone, you will be able to enable file and printer sharing
between you and the other people on this network.
Therefore, if you know and trust the people on this network and you think you
want to share resources on this network, answer YES to this pop-up. Otherwise,
answer NO.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desk...eAlarm_Pro_Help_new_TOC/netdetect_new_dialup.htm (2 of 2) [4/12/2001 11:52:33 AM]
Network Auto Detection
If you do not know what a network is, you probably don't have one that you would
want to put into your trusted Local Zone. If that is the case, stop reading and
answer NO to this pop-up.
Answering no will not prevent you from accessing the Internet.
How do I answer the New Network popup?
●
Step 1: Determine what type of network or networks you are on.
●
Step 2: Determine which network the pop-up is asking you about.
●
Step 3: Decide if you want to share files and printers over this network
What type of network am I on?
A network is very simply a group of computers your computer connects with, and
you probably have at least one network.
Examples of networks:
1. If you get Internet access through your Internet Service Provider (ISP) via
dial-up or high-speed modem, you are on a remote network with other users of
that ISP.
file:///C|/Documents and Settings/rwilliams/Deskt...neAlarm_Pro_Help_new_TOC/netdetect_new_direct.htm (1 of 2) [4/12/2001 11:52:34 AM]
2. If your home or small business computer is linked to other computers to share
printers, files or other services, you are on a network.
3. If you are linked to other computers in a work or corporate setting to share
company resources, you are on a network. Shortcut: If you know that your only
network is a remote ISP network (#1 above), stop reading and answer No to this
pop up. Otherwise, read on:
Which network is this pop-up about?
When you have multiple networks, ZoneAlarm Pro detects each of these networks
separately. That means you must determine which network this pop-up is asking
you about.
To do this, find out the IP address of any networks that are NOT your remote ISP
network and see if they match the IP address in the pop-up.
Found a match? If so, go to step 3 to determine if you want to put the network
into your Local Zone.
No match? Then this is most likely your remote ISP network and you should
answer No to this pop-up.
Determine if you want to share files
Determine if you want to share files or printers on this network. By adding this
network into you Local Zone, you will be able to enable file and printer sharing
between you and the other people on this network.
Therefore, if you know and trust the people on this network and you think you
want to share resources on this network, answer YES to this pop-up. Otherwise,
answer NO.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Deskt...neAlarm_Pro_Help_new_TOC/netdetect_new_direct.htm (2 of 2) [4/12/2001 11:52:34 AM]
Zone Alarm Pro Help
Program Permissions
The Access permissions panel is displayed when you select the Options button on
the Programs panel or when you right-click on a program then select Options from
the popup menu.
The radio buttons on this panel allow you define precise permissions for each of
your programs. Use the yellow section of this panel to define, for a specific
program, access permissions to computers or addresses defined in your Local
Zone. Use the blue section to grant programs access permissions to computers
and addresses in the Internet Zone. In addition, the yellow and blue sections allow
you to define whether or not your programs can act as servers listening for
connections from computers from either of those zones: yellow for the Local Zone,
blue for the Internet Zone.
Left-side buttons:
Radio buttons on the left side control whether or not individual programs can
actually make an Internet connection, or whether the program needs your
permission each time.
Right-side buttons:
Radio buttons on the right side control whether or not the program can receive
incoming Internet connections as a server.
If your program changes frequently and it is accessing the Internet, use the
Identify program by full path name only checkbox or the Changes Frequently
popup menu. By selecting one of these choices for a specific program, you are
instructing ZoneAlarm Pro to look only at the path name when it runs its
identification at the time of Internet access.
file:///C|/Documents and Settings/rwilliams/Desk...neAlarm_Pro_Help_new_TOC/program_permissions.htm (1 of 2) [4/12/2001 11:52:34 AM]
Zone Alarm Pro Help
If you don't check either one for a program that you are developing, a new
instance of the program will be added to the program list whenever a new version
connects to the Internet.
You can also click on the Changes Frequently popup to set screening by path
name only by checking the box next to Identify program by full path name
only. This means that ZoneAlarm Pro will not enforce other checking rules. It will
not, for example, check for file size.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desk...neAlarm_Pro_Help_new_TOC/program_permissions.htm (2 of 2) [4/12/2001 11:52:34 AM]
Zone Alarm Pro Help
First-time Settings for Programs
When you click on the Advanced button on the Programs Panel, you are ready to
set up access rights for any of your programs that have not yet accessed the
Internet. This means programs that are not yet on the Program List. The
connection permissions you define here will be in effect for every first-time
Internet connection one of your program's attempts.
Use the two tabs at the top of the dialog to set your first-time permissions,
Access Permissions and Alerts and Functionality.
Access Permissions
Alerts and Functionality
Access Permissions
This dialog gives you the control you need to set separate permissions for
programs passing through Local Zone computers to make their connections, and
those trying to make a connection through Internet Zone. The first row of radio
buttons controls Local Zone connections.
Local Zone buttons: The first set of radio buttons controls whether or not
programs can connect to the Internet when the connection passes through
elements in your Local Zone. Or whether they must ask your permission each
time.
Internet Zone buttons:The radio buttons in the second row control whether
your programs can make an Internet connection when it goes through Internet
Zone computers.
Check the Identify Program by full pathname only checkbox if you feel comfortable
having ZoneAlarm Pro checking only the pathname statistics, such as c:\program
files\cherios. This choice will cause ZoneAlarm Pro not to check program size and
other statistics.
file:///C|/Documents and Settings/rwilliams/Deskt...neAlarm_Pro_Help_new_TOC/right_click_programs.htm (1 of 2) [4/12/2001 11:52:34 AM]
Zone Alarm Pro Help
In this panel, you can have ZoneAlarm Pro alert you when access is denied when
new programs attempt a connection. You can set an option here to protect your
machine if ZoneAlarm Pro is shut down: specifically, you can deny access if you
set the Always Ask Permission option in the first tab of this panel.
Select Show alert when Internet access is denied if you want to see an alert
each time a Internet connection to computers in either zone is attempted for the
first time by one of your programs.
Select Deny access if permission is set to "ask" to stop any new program
from connecting to the Internet if ZoneAlarm Pro is shut down.
Select Require administrative privileges to only allow a program temporary
access to the Internet if administrator privileges are set.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Deskt...neAlarm_Pro_Help_new_TOC/right_click_programs.htm (2 of 2) [4/12/2001 11:52:34 AM]
ZoneAlarm Pro - Installing ZoneAlarm Pro on a Server
Installing ZoneAlarm Pro on a Server
The important concept to bear in mind is that ZoneAlarm Pro is a desktop firewall
designed to protect the computer it is installed on. This can include a server but it
will protect the server itself, not the entire network.
By default, ZoneAlarm Pro treats all IP traffic as untrusted Internet traffic and
therefore shields your PC from potential harm. This shielding will consequently
block users attempting to access the server unless ZoneAlarm Pro is configured to
allow access to trusted users. Allowing trusted users and applications into the
server requires configuring the Local Zone. Installing ZoneAlarm Pro on a server
must take into account the possibility of multiple subnets, DNS, domain
controllers, any software that requires access to the Internet as well as specialized
services such as VPN.
To do this, open ZoneAlarm Pro, and click the Security Panel. Click on the
advanced button and click on the Local Zone contents tab. Click the add button
and enter the following information into the Local Zone:
● All of your internal LAN/WAN subnets that interact with this server. These
can be Class A, B, or C networks, such as 10.0.0.0, subnet 255.0.0.0
●
●
●
DNS servers if they are not on your internal network
Any Gateways or VPN's that are not part of your internal network
Any trusted static external IP addresses
Check here for additional tips on adding computers, domains and IP addresses to
your Local Zone.
Adding trusted IP sources to your Local Zone will ensure that normal internal
network traffic will proceed unhindered, while at the same time protecting the
server from any requests that come in from the Internet.
There is one other very important point that you must address. When a Program
Alert pop-up appears from ZoneAlarm Pro asking for permission for an application
to access the Internet, all network traffic is halted. When traffic is halted,
computers attached to the server risk being disconnected from the LAN. This
situation can be dealt with easily by defining the default application privileges.
Setting Application Permissions
Click on the Programs Panel and select the Advanced button. In the access
permissions tab, select whether you want newly detected applications to be
allowed to access the local network or the Internet as well as act as servers for
either. Do not set any option to ask, or you will be risking a loss of network
connectivity due to a Program Alert popup. Initially it will be best to allow all and
after running the server for a while you will be able to review your program list
and either change the permissions for individual applications, or wholly revoke
permission for any further new applications from accessing the Internet. In either
case, make sure your Program List is defined before changing the default
behavior.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/server.htm (1 of 2) [4/12/2001 11:52:34 AM]
ZoneAlarm Pro - Installing ZoneAlarm Pro on a Server
Server rights are for applications which listen to incoming connections but do not
initiate them. Applications such as IIS and FTP servers work in this way. When an
application is granted server rights it is allowed to receive anonymous incoming
requests intended for that application. An application that is granted server rights
can be probed with a port scan. Unfortunately this cannot be avoided as these are
usually public servers and intended for others to contact. Ports that are not in use
by the server application will continue to be "stealthed." For any other questions
please contact the support staff or your sales contact at Zone Labs.
BACK HOME NEXT
All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone
Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/server.htm (2 of 2) [4/12/2001 11:52:34 AM]
Zone Alarm Pro Help
The Set Password Button
Setting a password ensures that only authorized users have access to each
individual copy of ZoneAlarm Pro.
Use the Set Password pushbutton
If you are not using the established password
Why set up a password?
Use the Set Password pushbutton to enter a password or to change your current
password. After setting a password, use the Login pushbutton to turn on the
administrative privileges controlled by your password. These privileges let you to
use the Advanced pushbuttons in the Security panel and the Programs panel, or to
uninstall the product.
If you try to use a ZoneAlarm Pro function that is password-protected when not
logged on, this dialog will be displayed.
Whenever this dialog is displayed, enter your password directly in the dialog or
click on the Login button in the Configuration panel to enter your password. This
will allow you to to make changes to the Firewall or to uninstall the product.
The checkbox at the bottom of the dialog will always be checked if company policy
establishes centralized control of employees' ZoneAlarm Pro passwords. The
System Administrator of your organization has the exclusive right to maintain
passwords to ensure Internet security in the organization.
In such cases, individual ZoneAlarm Pro users will only be able to enter a
password in this dialog. The ability to change a password will not ba available in
the Set Password dialog.
If you are using the established password
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/set_password.htm (1 of 2) [4/12/2001 11:52:35 AM]
Zone Alarm Pro Help
When a password is set up and you have not logged in with that password, only
the three fields shown below can be modified. All other settings are protected by
the established password:
in the Configuration panel
in the Alerts panel
Establishing a password gives you extra protection against anyone but you making
changes to ZoneAlarm Pro. Password protection gives you these advantages:
■ Keeps unauthorized users from logging on to ZoneAlarm Pro without using
the authorized password
■
Prevents unauthorized users from modifying security levels you've
established for Zones and Programs
■
Keeps anyone except authorized users from shutting down ZoneAlarm Pro
because the password is required to shut down ZoneAlarm Pro
■
Prevents users from changing lock settings on the Lock Panel
■
Prevents users from adding members to or removing members from the
Local Zone or the Internet Zone.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/set_password.htm (2 of 2) [4/12/2001 11:52:35 AM]
Zone Alarm Pro Help
The Alerts Panel
The Alerts icon is located at the top of the panel. Click on the "Alerts" button to
display the entire Alerts panel.
Alerts Icon
Statistics
Advanced
More Info
Alerts Icon
Notice the two sets of UP/DN (Up/Down) graphs inside the Alerts icon. On your
machine, whenever data is being sent to the Internet, red bars are displayed
inside the two UP graphs. Whenever data is being received (downloaded), green
bars are displayed inside the DN graphs.
●
The two graphs in the top portion of the icon display Internet traffic as it
happens.
●
The two graphs in the lower portion of the icon display a chronological
history of Internet traffic as it is generated on your machine.
●
Whenever red or green flashing bars appear in the Alerts icon, the
application receiving or sending traffic is shown as a blinking icon inside the
Programs icon.
Statistics
Use the Alerts panel to see statistics on Internet alerts since you launched
ZoneAlarm Pro. At the top of the panel, Today's Summary shows the total amount
of data sent and received by all applications.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_alerts_panel.htm (1 of 2) [4/12/2001 11:52:35 AM]
Zone Alarm Pro Help
Advanced
Click on this button to:
●
Stop display of your IP address when you use the More Info button
●
Suppress specific alert types
●
Select options about the behavior of the Alert Log.
In the Alert Settings area, at the bottom of the panel, select the first checkbox to
save Alerts to a text file. Click on the Advanced button, then Log File tab to set up
an archiving schedule for the Log file.
More Info
Use this button to submit alert information to the Zone Labs Alert Analyzer.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_alerts_panel.htm (2 of 2) [4/12/2001 11:52:35 AM]
Zone Alarm Pro Help
The Configure Panel
Click on the Configure button to display the Configuration Panel. This button is
located directly below the Help button in the top right corner of ZoneAlarm Pro
Options
Windows 95 and NT
Options
Use the checkboxes and pushbuttons in the Configuration Panel to determine:
● Whether, on your computer screen, ZoneAlarm Pro should be displayed ON
TOP OF other applications when Internet activity is detected
●
Whether the shell tool bar should be displayed
●
Whether ZoneAlarm Pro should load when you start your computer
●
To check for product updates
●
To set your password
●
To change your ZoneAlarm Pro License Key
●
To change the registration information you've submitted to Zone Labs
file:///C|/Documents and Settings/rwilliams/Deskt...oneAlarm_Pro_Help_new_TOC/the_configure_panel.htm (1 of 3) [4/12/2001 11:52:35 AM]
Zone Alarm Pro Help
The first checkbox on the Configuration Panel is On top during Internet activity.
This checkbox controls whether or not ZoneAlarm Pro will be displayed ON TOP of
other applications whenever Internet activity is detected.
The Load ZoneAlarm at Startup checkbox is selected by default. This causes
ZoneAlarm Pro to be loaded when you start your computer. If you uncheck this
checkbox, Internet traffic monitoring will not begin until you start ZoneAlarm Pro
on your machine.
Click on the Set Password pushbutton to set or modify a password. Once your
password is set, use the "Login" pushbutton to login to ZoneAlarm Pro using your
password.
License key
Your License Key is a number that you receive from Zone Labs. It indicates that
you are the owner of a valid license for ZoneAlarm Pro.
If you did not enter your License Key number when you installed the product, you
can do so at any time by clicking on the Change Key button.
When you click on the Change Key button, the License info dialog will be
displayed:
Enter your License key in the dialog, the click on the Go button.
Windows 95 and NT
Older versions of Windows 95 or Windows NT (those without the Windows Shell
Update) let you choose a "Show shell toolbar" checkbox. Under newer versions
and Windows 98 or Windows 2000, this option is part of the Windows Shell. See
the Desk Band Toolbar for more information.
Zone Alarm Pro Help
BACK HOME NEXT
Inc.
Zone Alarm Pro Help
The General Tab
Use the General Tab to set up ZoneAlarm Pro's ICS and NAT support. To set up
our NAT and ICS support, these two conditions must first be met:
●
ZoneAlarm Pro must be installed on all machines in the network: on the host
machine and on each client machine
Overview
General Settings
Network Settings
Overview
In the Internet Connection Sharing area, select one of the buttons to define your
machine as a client machine, a gateway machine, or neither.
In the General Settings area located at the bottom of the panel, you can select
one or more checkboxes to block fragmented IP packets or servers.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_general_tab.htm (1 of 3) [4/12/2001 11:52:35 AM]
Zone Alarm Pro Help
This computer is not on an ICS network - establishes that your PC is not an
ICS gateway. This is the default setting.
This computer is a client of an ICS gateway running ZA Pro - defines your
machine as an ICS client and to activate the Gateway Address selection.
This computer is an ICS gateway - defines your machine as an ICS gateway
and activates the Local Address selection.
Forward alerts from gateway to this computer - Select this checkbox if alerts
generated by the gateway computer should be displayed on the client. With this
checkbox selected, you can keep an eye on Internet connection traffic by viewing
generated alerts.
Suppress alerts locally if forwarded to clients - Select this checkbox to
prevent the gateway PC from forwarding Internet connection messages to ICS
clients.
General Settings
Blocking and managing fragmented IP packets is one of the basic requirements of
a modern firewall. This is because fragmented packets can be used to pass
through firewalls. Select one or more checkboxes to block IP fragments and/or
server connections on the gateway machine for the entire ICS network, or for an
individual machine.
Three checkboxes are located at the bottom of the General panel:
Block all fragments - Use this selection to prevent fragment (smurf) attacks.
Selecting this checkbox to block fragmented IP packets. This will simply cause all
fragmented packets to be dropped.
Even though fragmented IP packets are rare, they can be used to get around
firewalls in the form of a fragment attack. When the Block all Fragments is set on
your machine, you might experience Internet connection problems but you will
enjoy complete protection against fragment attacks.
Block local servers - This checkbox allows you to prevent computers in your
Local Zone from using servers running on your machine. If you select this
checkbox, you can go to the Programs panel to earmark specific programs as
exceptions that will still be Allowed to access servers in the Local Zone.
Selecting the Block local servers option allows you to be certain that no Local Zone
computers can access servers running on your machine. If you want to block the
majority of inbound server connections using this option, but would like to allow
specific programs to access your servers, remember to use the Allow Server
option in the Programs panel.
Block Internet servers - This option allows you to be certain that no Internet
Zone computers can access servers running on your machine. If you select this
exceptions that will still be Allowed to access servers on the Internet.
Network Settings
Zone Alarm Pro Help
The selection for Network Settings controls how ZoneAlarm Pro will react upon
detecting a new network. When ZoneAlarm Pro is first installed, or if the computer
has changed networks, it will detect your network.
Here is where you set how you would like new networks to be handled when
detected: automatically included, excluded, or to be asked each time.
The default and recommended action is that you let it ask each time to be sure it
is correct.
BACK HOME NEXT
Inc.
Zone Alarm Pro Help
Internet Zone Custom Settings tab
When you set up custom settings in this dialog, you are setting up exceptions to
the established rules for High and Medium security.
Even though you used the sliders in the Security panel to establish default
Internet zone security, you can use the checkboxes in this dialog to establish
customized security settings that will either allow or block specific protocols to
your Internet zone:
● Set High Security exceptions by selecting checkboxes that allow incoming
and outgoing protocols. You can select settings like Allow incoming ping or
Allow outgoing ping in this section of the dialog. These selections slightly
lower your high security profile.
●
Set Medium Security exceptions by selecting checkboxes that block
incoming and outgoing protocols. You can select settings like Block incoming
ping or Block outgoing ping in this section of the dialog. These setting
slightly increase the level of security in your Medium security profile.
Before scrolling down the main body of the dialog, you see the High Security
Settings for the Internet Zone. These settings are displayed as checkboxes for
you to turn on or off. Select any exceptions to your high security profile that you
want to allow in or out of your machine.
Scroll down to the area where Medium Security Settings for the Internet Zone
are set. In this section, select any exceptions to your medium security profile that
you want to block from your machine.
file:///C|/Documents and Settings/rwilliams/Desk...rm_Pro_Help_new_TOC/the_internet_zone_custom.htm (1 of 2) [4/12/2001 11:52:35 AM]
Zone Alarm Pro Help
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desk...rm_Pro_Help_new_TOC/the_internet_zone_custom.htm (2 of 2) [4/12/2001 11:52:35 AM]
Zone Alarm Pro Help
Local Zone Contents tab
This is where you populate your Local Zone with the computers and IP addresses
that ZoneAlarm Pro will protect. Use this panel to add any of the following to your
Local Zone:
● Web sites
●
IP addresses or ranges of IPs
●
Subnets
General Configuration
Networks Section
The Local Zone Contents tab lets you add other computers to your Local Zone.
Pressing the Add button gives you the choice to add a host (or site) by name, an
IP address, a range of IP addresses, or an IP subnet.
When a red checkmark appears in the checkbox, this means that the element is
an active member of your Local Zone. Uncheck the checkbox if you want to
remove the element from active membership in your Local Zone, but retain it on
your list for later.
file:///C|/Documents and Settings/rwilliams/Deskt...larm_Pro_Help_new_TOC/the_local_zone_contents.htm (1 of 2) [4/12/2001 11:52:36 AM]
Zone Alarm Pro Help
Add Options:
Host/Site - Adds a computer name to your Local Zone. You'll be prompted to
enter the name of the computer, and you can enter either a domain-style name
(such as "ftp.zonelabs.com") or a Windows-style name (such as "FTPSERVER").
Please note that a single computer name might refer to more than one actual
computer, if two or more servers cooperate to balance their loads. If this is the
case, all the matching computers will be added to the Local Zone.
IP Address - Adds a single IP Address that refers to a single computer to your
Local Zone.
IP Range - Adding an IP range adds a series of consecutive IP addresses to your
Local Zone.
IP Subnet - Adds a subnet to your Local Zone. This is useful in offices where the
Local-Area Network is divided into multiple subnets. For example, if the Network
printer is on a different subnet than your computer, the Dynamic Firewall will
block access to the printer. Adding the printer's subnet to the Local Zone enables
you to use the Network printer from your computer, as well as any other services,
such as file-shares and computers on the printer's subnet.
If you are in a corporate setting, your computer may be part of a larger
corporate network. This network might be divided into smaller networks, or
subnets. ZoneAlarm Pro will not recognize the subnets that your computer is not
on as being part of your Local Zone.
This becomes a problem if your computer is on a different subnet than certain
resources such as a network printer and file-shares. The Advanced Properties of
the Dynamic Firewall enable you to add such a resource to your Local Zone.
Networks Section
The Networks section lists all your network and dialup adapters. Checking an
adapter automatically adds all the other computers in that network adapter's local
subnet to the local zone. If your network is a small local area network, this
automatically adds all the nearby computers to your local zone.
If your computer is part of a Local Area Network, you will need to place a
checkmark next to the network adapter cards under Networks. This will ensure
that you have access to necessary resources of your Local Area Network.
A note for Cable modem users: If you use a network adapter card connected
directly to a cable modem to connect to the Internet, you will want to leave the
cable subnets unchecked, to prevent your neighbors from being able to access
your computer.
If these default settings for the Local Zone don't meet your needs, ZoneAlarm Pro
lets you add computers and networks of computers to your Local Zone.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Deskt...larm_Pro_Help_new_TOC/the_local_zone_contents.htm (2 of 2) [4/12/2001 11:52:36 AM]
Zone Alarm Pro Help
Local Zone Custom Settings tab
The Local Zone Custom Settings dialog enables you to change ZoneAlarm Pro's
default security settings. When you set up custom settings in this dialog, you are
setting up exceptions to your established rules for High and Medium security.
Even though you used the sliders in the Security panel to establish default Local
zone security, you can use the checkboxes in this dialog to establish customized
security settings that will either allow or block specific protocols into your Local
zone:
and outgoing protocols. You can select settings like "Allow IGMP" or Allow
incoming UDP Ports in this section of the dialog. These selections slightly
●
incoming and outgoing protocols. In this section of the dialog, you can select
settings like Block NetBIOS or Block incoming TCP Ports in this section of the
dialog. These setting slightly increase the level of security in your Medium
security profile.
Settings for the Local Zone. These settings are displayed as checkboxes for you
to turn on or off. Select any exceptions to your high security profile that you
Scroll down to the area where Medium Security Settings for the Local Zone are
set. In this section, select any exceptions to your medium security profile that
file:///C|/Documents and Settings/rwilliams/Deskt...larm_Pro_Help_new_TOC/the_local_zone_settings.htm (1 of 2) [4/12/2001 11:52:36 AM]
Zone Alarm Pro Help
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Deskt...larm_Pro_Help_new_TOC/the_local_zone_settings.htm (2 of 2) [4/12/2001 11:52:36 AM]
Zone Alarm Pro Help
The Lock Panel
Click on the "Lock" button to display the entire Lock panel, where you can set
options for the Internet Lock. The Lock button is located at the bottom of the Lock
Icon, shown below. A locked or unlocked padlock is displayed in the middle of the
icon. To immediately turn Internet access on or off for all the applications installed
on your machine that are not set to bypass the lock, click directly on the padlock.
Lock Button
The Lock Button
When the Timer Bar below the Lock button is green, the
Internet Lock is not on. This means that ZoneAlarm Pro is
allowing Internet traffic in and out of your computer. If the
timer bar displays a countdown timer, this is the time
remaining before the Automatic Lock will engage.
When the timer bar is red, the lock is closed and no
in-and-out Internet traffic is allowed. When the lock is
closed, the countdown timer counts upwards, showing the
amount of time the lock has been active.
When expanded, the Internet lock settings panel allows you to configure the
Automatic Lock.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_lock_panel.htm (1 of 2) [4/12/2001 11:52:36 AM]
Zone Alarm Pro Help
You can choose to lock Internet access automatically when your screen saver
activates or after a period of Internet inactivity on your computer.
If Internet access is locked when the screen saver activates, it will be unlocked
when the screen saver is deactivated.
Note, however, that if the Automatic Lock is engaged by the period of inactivity
option, you will need to click on the Lock button to unlock Internet Access.
The Lock Mode for the Automatic Lock can be set so that "Pass Lock programs
may access the Internet". This allows Internet activity for applications that have
been given rights to bypass the lock. Typically programs like e-mail clients will be
set to check for e-mail while other applications are denied Internet Access.
High Security mode will STOP all applications' Internet activity regardless of the
program's access settings. See Programs for more information.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_lock_panel.htm (2 of 2) [4/12/2001 11:52:36 AM]
Zone Alarm Pro Help
MailSafe can be enabled or disabled via the Security Panel
MailSafe identifies potentially harmful scripts in e-mail attachments, then disables
the script's ability to execute by changing the file type. MailSafe does not replace
the functionality of a virus scanner. Rather, it quarantines the potentially harmful
attachments and provides you the opportunity to keep the identified script
program from running. MailSafe works with Internet mail clients that use POP3
and IMAP, the most common Internet e-mail protocols.
Quarantined Files
ZoneAlarm Pro's MailSafe feature renames their extension to .zl* (the *
representing a number or a letter -- either 0-9 or a-z). Options at this point are to
either highlight the attachment within the e-mail itself and rename the extension
to what it should be (if it is known to you as a valid file) or double-click on the
attachment. Double-clicking the quarantined file launches a wizard which provides
options for opening, deleting, renaming or checking further on the validity of the
e-mail and the attachment.
Configuring MailSafe
Clicking on the Configure pushbutton within the Security Panel, opens the MailSafe
options tab. By default, every file type in the list is selected for quarantining. This
provides maximum protection. If you specifically do not want protection against
any of the file types on the list, deselect the corresponding checkbox.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_mailsafe_tab.htm (1 of 3) [4/12/2001 11:52:36 AM]
Zone Alarm Pro Help
You can select from nearly 40 file types that you want MailSafe to quarantine:
● .VBS Visual Basic script: many viruses are sent with this extension
●
.EXE executable file
●
.COM executable file
●
.VB Visual Basic file
●
.JS Java Script file
●
.BAT Batch file
●
.CHM Compiled HTML
●
.COM MS-DOS app
●
.SCR Screen Saver
●
.LNK Shortcut
●
and many more
If the file type you are looking for not in the selectable list shown below, you can
add it yourself by clicking on the Add button.
In the Add e-mail attachment type dialog, enter a description and, in the second
field, the file type you want ZoneAlarm Pro to quarantine.
Useful Tips
●
●
Even when running ZoneAlarm Pro with MailSafe active, it is important to
use an anti-virus scanner. If you use MailSafe, then it is advised to turn off
the e-mail scanner within your anti-virus software.
If you are using McAfee's VShield and ZoneAlarm's deskband:
1. Exit McAfee's VShield from the system tray
2. Right click on the task bar to launch the zone alarm desk band
Zone Alarm Pro Help
3. Load McAfee's Vshield from the McAfee anti-virus's options --->V shield's
properties ------->clicking OK and clicking "yes " when promoted "Do you
want to load V shield now?"
McAfee's Vshield and ZA/ZAP should now function together.
●
●
When using Web-based e-mail, such as Yahoo or Hotmail, MailSafe will not
quarantine e-mail attachments that arrive via those systems.
If you are testing the functionality of MailSafe, keep in mind that if mail is
received from the same MS Exchange server it was sent from, MailSafe will
not register the file. Thus, you cannot test MailSafe by sending yourself a
.VBS or other file intended to test quarantine. For tests not on the same
Exchange server, go to the Security panel, click Configure to ensure that the
extensions coming through are in the list of suppressed attachments.
BACK HOME NEXT
Inc.
Zone Alarm Pro Help
Ports Tab
The Ports tab enables you to specify ports and protocols that an application is
permitted to use. The title bar, at the top of the Ports tab, displays the program
name you are defining port access for, such as Outlook Express or Netscape
Navigator.
Radio buttons on the dialog
Right-hand Options
Adding port access permissions
Adding custom ports
Select Allow access to all ports and protocols to allow your program unlimited
access (all ports and protocols).
Select Allow access for ONLY the ports checked below to place port and
protocol restrictions between each of your applications and the Internet.
Allow access to all
ports and protocols:
Allows the program to have Internet connections via all
ports.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_ports_tab.htm (1 of 3) [4/12/2001 11:52:36 AM]
Zone Alarm Pro Help
Allow access for ONLY Allows the program access only via any protocol or port
the ports checked
that is selected with a check mark
below:
Limits the program's connections to the protocols and
ports with checkmarks. The IGMP and ICMP
checkboxes selected by default as the protocols you will
limit the program's connections to.
Allow access for any
port EXCEPT for those
Allows the program access via all ports and protocols
checked below:
except those checked.
Allows connections to every protocol and port that is
not checked in the list below. The IGMP and ICMP
checkboxes are selected by default as the port types
denied to the program's for Internet access utilization.
Right-hand Options
Click on
to add a port or range of ports for which permission can be
included or excluded for the selected program
Click on
to remove any ports already defined for the application
Clicking on the Add button displays the popup shown below, which has a number
of server-specific entries, such as Web Servers and Mail Servers:
When a server-specific choice such as Mail Servers is selected, ZoneAlarm Pro
adds the most common default ports used by the server type. For example, three
ports are added for Mail Servers, SMTP, POP and IMAP. Though, different mail
server types have their own requirements which you can verify through your mail
server documentation. You might not need IMAP for instance.
Preselected entries are customizable. In the example below, all three mail server
ports remain selected. You would need to know what type of protocol your mail
server uses. In most cases with ISPs, it will be POP. Also, if your mail server uses
IDENT, you might need to open port 113 for example.
Adding Custom ports
Zone Alarm Pro Help
As the dialog mentions, your machine has a total of 65,535 ports. When adding a
UDP or both.
a UDP port.
Description field: Type in any name for the port or range of ports you're adding.
Click on OK to add the port(s), which will be displayed in the Ports panel.
BACK HOME NEXT
Inc.
Zone Alarm Pro Help
The Programs Panel
The Programs panel is where programs and their connection options are added. To
get to this panel, click on "Programs" in the main panel.
Program List
Advanced Options
Options
Program List
The main portion of the Programs panel is the Program List. This is the list of
programs installed on your machine that have attempted to connect to the
Internet.
Use this panel to control the connection behavior of any program on the list or to
add programs to the Program List before they try to connect to the Internet.
Adding a program is a good way to prevent a program from connecting to the
Internet except under conditions you establish.
In the Programs panel, you can also specify and differentiate each program's
access rights for the Local Zone and/or the Internet Zone. The Allow server
column lets you control which applications can perform server functions.
ZoneAlarm Pro allows you to place additional programs in the Program List, then
right-click on any program to establish more stringent connectivity permission
rules that prevent connections based on specific ports that you identify using the
Ports tab. You can also STOP your applications from acting as maliciously-listening
servers who will want to get at your files.
Advanced Options
file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/the_programs_panel.htm (1 of 2) [4/12/2001 11:52:37 AM]
Zone Alarm Pro Help
The Advanced button controls first-time access rights for new programs as they
try to access the Internet from your computer. This is very useful for anyone
running a server, for example, who will not be actually sitting in front of the
computer when the server is going to be receiving connections.
Go to the Allow connect column in the main body of the panel to change a
program's basic access rights. Click directly on the . . . to change the access level
from ? to check mark to X. Click on the . . . in the same way in the Allow server
column.
Options
Click on the Options button and then the Ports tab to limit the way a program
connects to specific ports. Use the Access Permissions tab as another way to grant
connection and server rights to a program.
In the Program column, the program's name and version number are displayed.
Run your mouse over the program name to see more statistics:
● Product name
●
The name of the file used to access the Internet
●
The location of the file
●
Product version
●
Creation date and file size
Right-click on a program to remove it or to severely restrict the program's
Internet access permissions. You can also add a new program by right-clicking.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/the_programs_panel.htm (2 of 2) [4/12/2001 11:52:37 AM]
Zone Alarm Pro Help
Restricted Zone Tab
The Restricted Zone enables you to identify specific web sites and IP addresses
and earmark them as being denied access to and from your computer.
Click on the Restricted Zone tab to relegate any IP address or range of addresses
to a totally isolated zone vis-à-vis your machine or LAN. Any IP addresses you
place in this zone will neither be reachable by your users nor will that IP address
be able to have access your network.
This means complete isolation of any address you place in the Restricted Zone.
Add Options: Clicking Add allows you to define an IP address or a range of IP
addresses that will not be able to have any relationship to your trusted Local Zone
of computers. Once you have entered IP addresses in this zone, ZoneAlarm Pro
will filter out any communications to and from those addresses. The following are
the options under "Add":
Host/Site - Adds a computer name to your Restricted Zone. You'll be prompted
to enter the name of the computer, and you can enter either a domain-style name
Remember that a single computer name might refer to more than one actual
computer. If this is the case, all the matching computers will be added to the
Restricted Zone.
Restricted Zone.
Restricted Zone.
IP Subnet - Adds a subnet to your Restricted Zone.
file:///C|/Documents and Settings/rwilliams/Deskt...larm_Pro_Help_new_TOC/the_restricted_zone_tab.htm (1 of 2) [4/12/2001 11:52:37 AM]
Zone Alarm Pro Help
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Deskt...larm_Pro_Help_new_TOC/the_restricted_zone_tab.htm (2 of 2) [4/12/2001 11:52:37 AM]
Zone Alarm Pro Help
The Security Panel
The Security panel is the best protection tool you can use to screen and
quarantine unwanted Internet visitors and connection attempts. To begin setting
up protection levels for the Local and the Internet Zones, use your mouse to drag
the security level selectors up or down.
Customizing
MailSafe
Security Levels
Customizing
To further customize overall settings at the protocol level, click on the Advanced
button to open the Local Zone Custom Settings or the Internet Zone Custom
Settings panel.
Use those panels to restrict access to each zone by protocol or port type. Which
protocol or port types are you going to allow in or keep out of each zone? You can
define specific restrictions or exceptions here, such as denying access to your
Local Zone via UDP or TCP ports. You are in control against the Internet world!
You can also use the Advanced button to add computers to your Local and
Restricted Zones.
As a shortcut, click on this button to start customizing
your Local Zone.
As a shortcut, click on this button start customizing your
Internet Zone.
MailSafe
Turn on MailSafe by placing a checkmark in the box for "MailSafe e-mail
protection" at the bottom of the panel. After turning on MailSafe, click on the
Configure button to specify the types of e-mail attachments you want ZoneAlarm
Pro to protect you against. MailSafe protects your computer from a wide variety of
e-mail attachments such as VBScript and JavaScript. These e-mail attachments
can do damage by taking control of your system.
Security Levels
The Local and Internet Zone each have a security level selector, which you can
drag up and down to change the security level.
file:///C|/Documents and Settings/rwilliams/Deskt...ZoneAlarm_Pro_Help_new_TOC/the_security_panel.htm (1 of 2) [4/12/2001 11:52:37 AM]
Zone Alarm Pro Help
Local Zone security is displayed in green, and Internet Zone security in blue. The
default settings are:
●
computer to protect you from potential threats.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Deskt...ZoneAlarm_Pro_Help_new_TOC/the_security_panel.htm (2 of 2) [4/12/2001 11:52:37 AM]
ZoneAlarm Pro - Changed Program Alert
Changed Program
Do you want to allow a specific program to access the Internet?
What is a changed program?
What should I answer?
How do I know what program is trying to gain access?
What else should I know?
For further Information
What is a changed program?
CAUTION! A changed program is a program that has asked you for Internet or
local network access rights in the past but has now CHANGED in some way. When
a program changes, ZoneAlarm Pro requires the program to ask for permission
again so you're best protected.
How should I answer?
A changed program can be safe
If you've updated or reinstalled this program since the last time it accessed the
Internet or local network or if this program automatically updates itself, it could
show up as a changed program. If this is the case, it is probably safe to grant
access rights to this program.
A changed program can be dangerous!
If you did not update this program since the last time it accessed the Internet or
local network, it could be a malicious program planted on your computer that
imitates a legitimate program. If this is the case, do not give this program access
rights.
After you deny access rights, investigate the program as follows:
● Make a note of the program name, file name, and path of this program.
Scan the file with your current virus scanner.
●
If you have a dedicated Trojan scanner, scan with that as well. Make sure
your virus or Trojan definitions are up to date.
file:///C|/Documents and Settings/rwilliams/Des...eAlarm_Pro_Help_new_TOC/zap_changed_program.htm (1 of 3) [4/12/2001 11:52:38 AM]
●
Check with the company Web site or Help support for the changed program,
to see if there are any legitimate reasons why the program might change.
Consider all of the above before deciding if your decision was right. You may
change your decision at any time in the Programs panel.
How do I find out what the program is that that's
asking for access?
Sometimes you can tell what a program is by its name; other times you may not.
An unfamiliar program may be an important component of a known program, and
may be needed by the known program in order to function:
● "Services and controller app" is a Windows component used by Microsoft
Internet Explorer(TM) to access the Internet.
●
"Microsoft Windows(TM) Messaging Subsystem Spooler" is a component of
Microsoft Outlook(TM), used to get e-mail.
Therefore, some unfamiliar programs do need Internet access. Other unfamiliar
programs, however, may be potentially harmful. If you don't recognize a program,
start by reading our FAQ for a list of commonly unrecognized programs. If you
can't find your answer there, try entering the program name into a search engine.
There are a few ways you may answer a pop-up:
● Answer, "Yes," to give a program access rights just this one time. The next
time the program needs to access the Internet , it will ask again.
●
Answer, "No," to deny access rights just this one time. The next time the
program needs to access the Internet, it will ask again.
●
If you check, "Remember this answer the next time I use this program,"
before you click "Yes," or "No," the program will NOT ask you again. Your
answer will be saved and applied each time the program tries to access the
local network or the Internet.
You may change your answer any time in the Programs panel for any program by
clicking on the interface.
A red X = deny access, a green checkmark = allow access, a black ? means ask
me every time.
For further information
Knowledgebase Main Page
Zone Labs Home Page
Zone Labs Support Page
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Server program alert
Server program
ZoneAlarm has detected a program attempting to connect to, or to accept a
connection from, the network.
More Information
Detailed Information
More Information
The AlertAnalyzer is not able to determine whether this is a new, changed, repeat,
or server program. The following general information is offered to help you
understand the alert you received from ZoneAlarm or ZoneAlarm Pro.
Detailed Information
Rest assured, that ZoneAlarm or ZoneAlarm Pro will not permit this application to
communicate with the local network or the Internet, until you give permission.
Some alerts result from not configuring ZoneAlarm or ZoneAlarm Pro optimally for
your applications, your network or your ISP. To assist you in configuring and using
ZoneAlarm, check out our Frequently Asked Questions pages, which are accessible
from http://www.zonelabs.com/support.htm. Technical support is available via
e-mail at [email protected] for questions not answered on the web site.
A wealth of information about firewalls and the interpretation of alerts can be
found on the Internet. The Usenet newsgroup comp.security.firewalls, and the
security-oriented discussion groups in the ShieldsUp section of grc.com, are
particularly good sources of information.
file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/zap_server_program.htm (1 of 2) [4/12/2001 11:52:39 AM]
ZoneAlarm Pro - Server program alert
Zone Labs Home Page
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/zap_server_program.htm (2 of 2) [4/12/2001 11:52:39 AM]
ZoneAlarm Pro - The Internet Lock
The Internet Lock
When you see a potential security problem arising, you can quickly activate the
Internet Lock to completely stop applications on your computer from sending and
receiving data via the Internet. This is a fast and efficient protection method.
When the lock is on, no data can enter or leave your computer through
connections to the Internet, unless they are set to pass lock.
Opening and Closing the Lock
You know the Internet
Lock is open when the
Timer Bar below the
padlock is green.
While the lock is
open, ZoneAlarm Pro
allows Internet traffic
in and out of your
computer.
When a red Timer Bar is
displayed containing a
time stamp, the Internet
Lock is closed and has
been in effect for the
length of time indicated.
No Internet traffic is
allowed, except pass lock
programs.
To close the lock, simply click on the green lock button when it shows
"Unlocked". To unlock it, click on the red padlock.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp11.htm [4/12/2001 11:52:39 AM]
ZoneAlarm Pro - Program Permissions
Program Permissions
When a program attempts to access the Internet for the first time, ZoneAlarm Pro
displays an alert, like the one shown below, and asks if you want to give that
program permission to access the Internet.
Program Permission Options
Program Permission Options
●
●
●
●
Selecting Yes allows the program to access the Internet until you quit the
program.
Selecting No denies the program Internet access until you close the
program and open it again.
The default Internet access mode for all applications is to ask for
permission each time you run the program.
Check Remember the answer each time I use this program checkbox
to enforce your Yes or No decision without ZoneAlarm Pro displaying the
alert again. This is useful for programs that you always grant Internet
access to, like your web browser.
ZoneAlarm Pro - Program Permissions
The Programs panel allows you to specify different access permissions for a
program to each Zone. For example, you can allow an FTP Client access to the full
Internet, but restrict your e-mail program to the Local zone.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - System Tray Alerts and Popups
System Tray Alerts and Popups
ZoneAlarm Pro's System Tray icon displays a flashing blue "a" as a silent alert indicator
letting you know a communication from the Internet has been blocked. The blue "a" will
display with either the ZA logo or....
green/red traffic bars.
An alert display would look like this if the Internet Lock is activated.
The checkbox shown above is at the bottom of the Alerts panel. Leaving the
"Show alert popup window" option box unchecked will prevent popups, but it will
allow the blue flashing 'a'. To suppress the 'a' from flashing you would need to
let ZoneAlarm Pro your alert notification preferences. Click on the Advanced
button in the Alerts panel then go to the Suppress Alerts tab.
Check any boxes for the type of alerts you do not want to see. Bear in mind,
suppressing alerts will also disable the logging of the types of alerts you
suppressed.
When the checkbox shown above is checked, ZoneAlarm Pro will display an alert
popup whenever it blocks an Internet communication.
A sample alert popup is shown here.
This example contains the following
information:
the source and destination of the
communication attempt
●
the port and protocol utilized
● the time and date of the blocked
communication
●
In the case of a blocked outgoing
communication request, the alert will
include the application that was blocked
●
Most alerts will display a More Info
button. Click on the More Info button to
send the alert information to the Zone
Labs Alert Analyzer for in-depth
analysis of the alert.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - More Info Option
More Info Option
From an alert popup, clicking More Info:
sends information about the alert to the Zone Labs Alert Analyzer. It launches the
user's browser and displays a page with the following information:
● A synopsis of the source and destination IP addresses and ports, the
program name and file name of the program associated with the alert, if
known
●
●
●
A link to query the ARIN whois database for the source or destination IP
address. ARIN is the American Registry for Internet Numbers. You can learn
more about ARIN here. ARIN provides administrative contact information
about the upstream provider for the IP address. It does NOT identify the
computer
For the most common alerts, a brief article explaining what might be
causing the alert
Links to FAQ articles on the Zone Labs web site
Since the More Info button directs your browser to a site on the Internet, users
have the option of hiding their IP address. Select one of the three radio buttons to
indicate whether or not you want to take advantage of the IP address hiding
feature:
file:///C|/Documents and Settings/rwilliams/Deskt...Help_new_TOC/ZoneAlarmProHelp20_AlertSettings.htm (1 of 3) [4/12/2001 11:52:40 AM]
●
●
●
Don't hide local IP address: Select this radio button if you want to allow
the full display of your IP address in the Analyzer.
Hide local IP address: Select this radio button to display a series of
XXXXXXXX instead of your IP address on the Analyzer. This choice prevents
any digit of your IP address from being displayed.
Hide last octet of local IP Address: Select this radio button to hide only
the final digits of your IP address. This causes a short series of XXXX to be
displayed at the end of your IP address on the Analyzer. This choice
provides good security also.
BACK HOME NEXT
All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent
No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone
Labs, Inc.
ZoneAlarm Pro - Sample Log Entries
Sample Log Entries
Alerts generated by ZoneAlarm Pro are logged in the file, "ZAlog.txt".
If you are using Windows95, Windows98 or Windows Me, the file is located in the
following folder: (x):\Windows\Internet Logs
If you are using WindowsNT or Windows2000, the file is located in the following
folder: (x):\Winnt\Internet Logs
What ZoneAlarm Pro Logs
Netstat Options
Log Alert Examples
What ZoneAlarm Pro Logs
FWIN - indicates that the firewall blocked an inbound packet of data coming to
your computer. Some, but not all, of these packets are connection attempts.
FWOUT - indicates that the firewall blocked an outbound packet of data from
leaving your computer.
FWROUTE - the firewall blocked a packet that was not addressed to or from your
computer, but was routed through it.
FWLOOP - the firewall blocked a packet addressed to the loopback adapter
(127.0.0.1)
LOCK - the firewall blocked a packet due to a lock violation PE: indicates that an
application on your computer requested access to the Internet.
ACCESS - an application was blocked because it did not have access permission
MS - MailSafe quarantined a file attachment
file:///C|/Documents and Settings/rwilliams/Des..._Help_new_TOC/ZoneAlarmProHelp20_LogSamples.htm (1 of 4) [4/12/2001 11:52:40 AM]
The TCP Flags are:
●
S (SYN)
●
F (FIN)
R (RESET)
P (PUSH)
A (ACK)
U (URGENT)
4 (low-order unused bit)
8 (high-order unused bit)
●
●
●
●
●
●
The SYN-flag is only set in the first packet initiating a TCP connection. It
represents an attempt to make a connection rather than a response to an existing
connection.
The FIN-flag represents an attempt to terminate a connection.
ICMP types:
●
0 - Echo Reply
●
3 - Destination Unreachable
4 - Source Quench
5 - Redirect
8 - Echo Request
9 - Router Advertisement
10 - Router Solicitation
11 - Time Exceeded
12 - Parameter Problem
13 - Timestamp Request
14 - Timestamp Reply
15 - Information Request
16 - Information Reply
17 - Address Mask Request
18 - Address Mask Reply
●
●
●
●
●
●
●
●
●
●
●
●
●
Netstat Options
If you use netstat (from a DOS prompt, type netstat -an) here are some useful
terms to know:
CLOSE_WAIT - Remote shut down: waiting for the socket to close
CLOSED - The connection is disconnected and not being used
CLOSING - Closed, then remote shutdown: awaiting ack. Attempting to shut
down connection
ESTABLISHED - Connection has been established, connection is active
FIN_WAIT_1 - Socket closed, shutting down connection
FIN_WAIT_2 - Socket closed, waiting for shutdown from other computer
LAST_ACK - Remote shut down, then closed: awaiting acknowledgment
LISTENING - Your computer is waiting for an incoming connection
YN_RECEIVED - Initial synchronization of the connection under way, about to
connect
SYN_SENT - Actively trying to establish connection
TIME_WAIT - Wait after close for remote shutdown retransmission
Log Alert Examples
Click on an entry type below to see a log alert example with a brief explanation:
FWIN Sample - Blocked incoming request
FWOUT Sample - Blocked outbound request
PE Sample - An application tried to connect
LOCK Sample - An application tried to connect while the Internet Lock was on
ACCESS Sample - An application tried to connect without Program permissions
MS Sample - You received an e-mail attachment that was quarantined by
MailSafe
BACK HOME NEXT
Inc.
ZoneAlarm Pro - LOCK Sample Log Entry
LOCK Sample Log Entry
LOCK,2000/09/07,16:43:30 -7:00 GMT,Yahoo!
Messenger,207.181.192.252,N/A
The "LOCK" entry informs you that an application on your computer attempted to
access the Internet while the Internet Lock was locked. The entry also includes the
following information:
● Date and Time
● The application on your computer that attempted to access the Internet
● The IP Address that the application was trying to connect to.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop...ro_Help_new_TOC/ZoneAlarmProHelp20_LogSamples_4.htm [4/12/2001 11:52:41 AM]
ZoneAlarm Pro - Restricted Zone Tab
Restricted Zone Tab
The Restricted Zone enables you to identify specific web sites and IP addresses
and earmark them as being denied access to and from your computer.
Click on the Restricted Zone tab to relegate any IP address or range of addresses
to a totally isolated zone vis-à-vis your machine or LAN. Any IP addresses you
place in this zone will neither be reachable by your users nor will that IP address
be able to have access your network.
This means complete isolation of any address you place in the Restricted Zone.
file:///C|/Documents and Settings/rwilliams/Des...ro_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab2.htm (1 of 2) [4/12/2001 11:52:41 AM]
ZoneAlarm Pro - Restricted Zone Tab
Add Options: Clicking Add allows you to define an IP address or a range of IP
addresses that will not be able to have any relationship to your trusted Local Zone
of computers. Once you have entered IP addresses in this zone, ZoneAlarm Pro
will filter out any communications to and from those addresses. The following are
the options under "Add":
Host/Site - Adds a computer name to your Restricted Zone. You'll be prompted
to enter the name of the computer, and you can enter either a domain-style name
Remember that a single computer name might refer to more than one actual
computer. If this is the case, all the matching computers will be added to the
Restricted Zone.
Restricted Zone.
Restricted Zone.
IP Subnet - Adds a subnet to your Restricted Zone.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Local Zone Custom Settings tab
Local Zone Custom Settings tab
The Local Zone Custom Settings dialog enables you to change ZoneAlarm Pro's
default security settings. When you set up custom settings in this dialog, you are
setting up exceptions to your established rules for High and Medium security.
Even though you used the sliders in the Security panel to establish default Local
zone security, you can use the checkboxes in this dialog to establish customized
security settings that will either allow or block specific protocols into your Local
zone:
and outgoing protocols. You can select settings like "Allow IGMP" or Allow
incoming UDP Ports in this section of the dialog. These selections slightly
●
incoming and outgoing protocols. In this section of the dialog, you can select
settings like Block NetBIOS or Block incoming TCP Ports in this section of the
dialog. These setting slightly increase the level of security in your Medium
security profile.
ZoneAlarm Pro - Local Zone Custom Settings tab
Settings for the Local Zone. These settings are displayed as checkboxes for you
to turn on or off. Select any exceptions to your high security profile that you
Scroll down to the area where Medium Security Settings for the Local Zone are
set. In this section, select any exceptions to your medium security profile that
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Internet Zone Custom Settings tab
Internet Zone Custom Settings tab
When you set up custom settings in this dialog, you are setting up exceptions to
the established rules for High and Medium security.
Even though you used the sliders in the Security panel to establish default
Internet zone security, you can use the checkboxes in this dialog to establish
customized security settings that will either allow or block specific protocols to
your Internet zone:
and outgoing protocols. You can select settings like Allow incoming ping or
Allow outgoing ping in this section of the dialog. These selections slightly
●
incoming and outgoing protocols. You can select settings like Block incoming
ping or Block outgoing ping in this section of the dialog. These setting
slightly increase the level of security in your Medium security profile.
ZoneAlarm Pro - Internet Zone Custom Settings tab
Settings for the Internet Zone. These settings are displayed as checkboxes for
you to turn on or off. Select any exceptions to your high security profile that you
Scroll down to the area where Medium Security Settings for the Internet Zone
are set. In this section, select any exceptions to your medium security profile that
BACK HOME NEXT
Inc.
ZoneAlarm Pro - The General Tab
The General Tab
Use the General Tab to set up ZoneAlarm Pro's ICS and NAT support. To set up
our NAT and ICS support, these two conditions must first be met:
●
ZoneAlarm Pro must be installed on all machines in the network: on the host
machine and on each client machine
Overview
General Settings
Network Settings
Overview
In the Internet Connection Sharing area, select one of the buttons to define your
machine as a client machine, a gateway machine, or neither.
In the General Settings area located at the bottom of the panel, you can select
one or more checkboxes to block fragmented IP packets or servers.
This computer is not on an ICS network - establishes that your PC is not an
ICS gateway. This is the default setting.
This computer is a client of an ICS gateway running ZA Pro - defines your
machine as an ICS client and to activate the Gateway Address selection.
This computer is an ICS gateway - defines your machine as an ICS gateway
and activates the Local Address selection.
Forward alerts from gateway to this computer - Select this checkbox if alerts
generated by the gateway computer should be displayed on the client. With this
checkbox selected, you can keep an eye on Internet connection traffic by viewing
generated alerts.
Suppress alerts locally if forwarded to clients - Select this checkbox to
prevent the gateway PC from forwarding Internet connection messages to ICS
clients.
General Settings
Blocking and managing fragmented IP packets is one of the basic requirements of
a modern firewall. This is because fragmented packets can be used to pass
through firewalls. Select one or more checkboxes to block IP fragments and/or
server connections on the gateway machine for the entire ICS network, or for an
individual machine.
Three checkboxes are located at the bottom of the General panel:
Block all fragments - Use this selection to prevent fragment (smurf) attacks.
Selecting this checkbox to block fragmented IP packets. This will simply cause all
fragmented packets to be dropped.
Even though fragmented IP packets are rare, they can be used to get around
firewalls in the form of a fragment attack. When the Block all Fragments is set on
your machine, you might experience Internet connection problems but you will
enjoy complete protection against fragment attacks.
Block local servers - This checkbox allows you to prevent computers in your
Local Zone from using servers running on your machine. If you select this
exceptions that will still be Allowed to access servers in the Local Zone.
Selecting the Block local servers option allows you to be certain that no Local Zone
computers can access servers running on your machine. If you want to block the
majority of inbound server connections using this option, but would like to allow
specific programs to access your servers, remember to use the Allow Server
option in the Programs panel.
Block Internet servers - This option allows you to be certain that no Internet
Zone computers can access servers running on your machine. If you select this
exceptions that will still be Allowed to access servers on the Internet.
Network Settings
The selection for Network Settings controls how ZoneAlarm Pro will react upon
detecting a new network. When ZoneAlarm Pro is first installed, or if the computer
has changed networks, it will detect your network.
Here is where you set how you would like new networks to be handled when
detected: automatically included, excluded, or to be asked each time.
The default and recommended action is that you let it ask each time to be sure it
is correct.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Using Port Scanning Software
Using Port Scanning Software
One way to check for security vulnerabilities is to scan the ports on your
computer. Port scanning software, often available over the Internet, can check
whether or not the ports on your machine are visible to computers on the
Internet.
The function of an ICS or NAT gateway machine is to hide client machines from
the outside Internet world. Because of this, port scanning software will not be able
to see client IP addresses.
Therefore, if port scanning software does not display your client machine's address
in the results the gateway is successfully screening client machines from direct
contact with the Internet.
Port Scan a Client Machine
Port Scan a Gateway Machine
Port Scan a Client Machine
Scanning an ICS or NAT client machine for port protection should result in one of
these status types - provided that the underlying gateway-client relationship is set
up correctly:
●
Stealth status for the IP address
●
IP address is not seen
IP address is unknown
●
If the port scanning software sees or recognizes the client machine's IP address,
or if the results display a status other than Stealth, you should check that Internet
connections are really being routed through the gateway machine.
Port Scan a Gateway Machine
Scanning the gateway machine should result in machine's IP address being visible.
This is as it should be, because it is the protector machine is the computer whose
IP address is visible to other computers on the Internet. The protector machine
stands between the client machine and the Internet. So its address will naturally
be visible to the Internet and to the port scanning software.
file:///C|/Documents and Settings/rwilliams/Des...ew_TOC/ZoneAlarmProHelp50_Adv_Tab5_portscan.htm (1 of 2) [4/12/2001 11:52:42 AM]
ZoneAlarm Pro - Using Port Scanning Software
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Des...ew_TOC/ZoneAlarmProHelp50_Adv_Tab5_portscan.htm (2 of 2) [4/12/2001 11:52:42 AM]
ZoneAlarm Pro - Internet Zone Security Settings
Internet Zone Security Settings
The default security setting for the Internet Zone is High. Just as in the Local
Zone, three levels of security are available. The maximum amount of restrictions
are programmed into the firewall when at High Security, whereas Low Security
provides only basic protection as described below. Low Security is not
recommended for the Internet Zone.
Low Security: Low security only enforces application privileges and Internet Lock
settings, leaving your computer visible to other computers in the Internet Zone.
The firewall does not block file or printer shares or traffic to and from the Internet
Zone.
Medium Security: At this security level, file shares, printer shares and Windows
services are allowed. When Medium security is set, the firewall blocks access from
the Internet Zone to Windows (NetBIOS) services. Also, with security set at this
level, the Automatic Lock is enhanced by the firewall and blocks all ports.
High Security: This is the default security setting for the Internet Zone. At
High security, the firewall blocks access from the Internet Zone to Windows
(NetBIOS) services and file and printer shares. When High Security is set, your
computer is in Stealth Mode. This means that all ports not currently in use by a
program are blocked and at the same time, they are not visible to the Internet
Zone. High security opens ports only when an approved program needs them.
file:///C|/Documents and Settings/rwilliams/Desk...Pro_Help_new_TOC/ZoneAlarmProHelp50_Internet.htm (1 of 2) [4/12/2001 11:52:42 AM]
ZoneAlarm Pro - Internet Zone Security Settings
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desk...Pro_Help_new_TOC/ZoneAlarmProHelp50_Internet.htm (2 of 2) [4/12/2001 11:52:42 AM]
ZoneAlarm Pro - Allow Server
Allow Server
ZoneAlarm Pro controls server applications. Server applications listen for incoming
connection requests and respond to those requests.
By checking the Allow Server checkbox or right-clicking on a program in the
Program List, you can limit server applications to be accessible from your Local
Zone or prevent them altogether.
One example is when you launch an application that wants to accept incoming
connections, i.e. act as a server to the Internet, you will be presented with the
option of allowing this application to act as a server.
Communication applications like ICQ, NetMeeting typically require server rights in
order to function properly with ZoneAlarm Pro. ZoneAlarm Pro now identifies these
applications upon launching them, allowing you to temporarily assign them server
rights when they launch.
Many Trojan horse programs are, in effect, server applications that allow hackers
to control your computer from a remote source. ZoneAlarm Pro lets you control
these applications by letting you specify which programs can act as servers. For
greater control, ZoneAlarm Pro lets you specify whether a server can communicate
with the Internet Zone, or if it is restricted to the Local Zone.
If an application on your computer attempts to respond to a remote request
without prior permission from you, ZoneAlarm Pro will detect this and prompt you
for permission.
file:///C|/Documents and Settings/rwilliams/Des...Alarm_Pro_Help_new_TOC/ZoneAlarmProHelp60_3.htm (1 of 2) [4/12/2001 11:52:43 AM]
ZoneAlarm Pro - Allow Server
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Des...Alarm_Pro_Help_new_TOC/ZoneAlarmProHelp60_3.htm (2 of 2) [4/12/2001 11:52:43 AM]
ZoneAlarm Pro - Adding Programs to the Programs List
Adding Programs to Programs List
Select Add Program from the popup menu to add a program to the Program
List. Adding a program here enables you to control the connection and server
behavior performed by a program that has not accessed the Internet since
ZoneAlarm Pro has been up and running. Once a program is added to the
Program List, you can restrict its ability to connect to the Internet or its ability to
listen as a potentially destructive server.
To add a program to the Program List, right-click on the program entry and
select Add Program. Even before a program is added, ZoneAlarm Pro is
monitoring it for Internet activity. However, once it is added you have the ability
to:
●
●
Prevent the program from connecting to the Internet or from listening as a
server
Severely limit the program's ability to access the Internet by defining
specific ports through which the application absolutely must pass in order to
connect to the Internet. It will not be able to connect via any other port but
the ones you define.
file:///C|/Documents and Settings/rwilliams/Des...arm_Pro_Help_new_TOC/ZoneAlarmProHelp60_Add.htm (1 of 2) [4/12/2001 11:52:43 AM]
ZoneAlarm Pro - Adding Programs to the Programs List
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Des...arm_Pro_Help_new_TOC/ZoneAlarmProHelp60_Add.htm (2 of 2) [4/12/2001 11:52:43 AM]
ZoneAlarm Pro - Right-click on the Programs Panel
Right-click on the Programs Panel
Right-click on a program in the Program List to define access rights or port
restrictions for a specific program or to add or remove a program. The rights you
define will be specific to either the Local Zone or the Internet Zone. You can also
view the version statistics about a program by clicking on Properties for.
Local Network - Access and server rights for programs
Internet - Access and server rights for programs
Pass Lock - Set programs to bypass the Automatic Lock
Changes Frequently - Set up program name only checking
Options... - Set port and protocol restrictions for programs
Properties for ... - Product + version statistics for programs
Remove ... - Remove programs from the Program List
Add program... - Add programs to the Program List
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop...arm_Pro_Help_new_TOC/ZoneAlarmProHelp60_Options.htm [4/12/2001 11:52:43 AM]
ZoneAlarm Pro - Properties For
Properties For
The Properties menu gives you an easy way to view statistics about the program
you've selected. The dialog has two tabs General and Version.
General
Version
General
file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options_2.htm (1 of 3) [4/12/2001 11:52:44 AM]
The General tab lists the main statistics about the program in an easy-to-read
panel. The program name and the official program icon appear in this dialog:
● the program type, such as application
● the program's location, such as c:\Program Files
● the program's size in megabytes and bytes
● the MS-DOS name, such as netscape.exe
● the date the program was installed on your machine
● the date the version you are using was installed on your machine
● the date the version you are using was modified by the software
manufacturer
●
●
the most recent date the program was used on your machine
the remaining attributes: Read-only, Archive, Hidden and System, are
attributes you can assign to the program using the Apply button.
Version
The Version tab contains a convenient selectable list to display the major
version-related statistics about the program:
●
the file's version number, such as 4.4.1.6
●
the file's description, such as Cherios Navigator
the file's copyright date as a software product
in the selectable list, you can easily view the following by selecting each
consecutive statistic in the list:
1. software company name
●
●
2.
3.
4.
5.
6.
the program's internal name, such as iecherio
the language the product is written in, such as English
the executable file name, such as cherios.exe
the product name, such as CheriosPro
the product version number, such as 4.4.1.6 (usually the same as the
file version.)
BACK HOME NEXT
Inc.
ZoneAlarm Pro - First-time Settings for Programs
First-time Settings for Programs
When you click on the Advanced button on the Programs Panel, you are ready to
set up access rights for any of your programs that have not yet accessed the
Internet. This means programs that are not yet on the Program List. The
connection permissions you define here will be in effect for every first-time
Internet connection one of your program's attempts.
Use the two tabs at the top of the dialog to set your first-time permissions,
Access Permissions and Alerts and Functionality.
Access Permissions
Access Permissions
This dialog gives you the control you need to set separate permissions for
programs passing through Local Zone computers to make their connections, and
those trying to make a connection through Internet Zone. The first row of radio
buttons controls Local Zone connections.
Local Zone buttons: The first set of radio buttons controls whether or not
programs can connect to the Internet when the connection passes through
elements in your Local Zone. Or whether they must ask your permission each
time.
Internet Zone buttons:The radio buttons in the second row control whether
your programs can make an Internet connection when it goes through Internet
Zone computers.
Check the Identify Program by full pathname only checkbox if you feel comfortable
having ZoneAlarm Pro checking only the pathname statistics, such as c:\program
files\cherios. This choice will cause ZoneAlarm Pro not to check program size and
other statistics.
In this panel, you can have ZoneAlarm Pro alert you when access is denied when
new programs attempt a connection. You can set an option here to protect your
machine if ZoneAlarm Pro is shut down: specifically, you can deny access if you
set the Always Ask Permission option in the first tab of this panel.
Select Show alert when Internet access is denied if you want to see an alert
each time a Internet connection to computers in either zone is attempted for the
first time by one of your programs.
Select Deny access if permission is set to "ask" to stop any new program
from connecting to the Internet if ZoneAlarm Pro is shut down.
Select Require administrative privileges to only allow a program temporary
access to the Internet if administrator privileges are set.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Local Network Popup
Local Network Popup
Set a program's rights in the Internet Zone
Options
Set program rights to Local Zone computers
Using the Local Network menu on the popup menu is one way to define access
rights and server privileges for the specific program on which you right-clicked to
call the popup menu. Another method is to click directly on the checkboxes in the
yellow area of the Allow Connect or Allow server column shown below.
When you use the popup menu, your change(s) will immediately be reflected in
the checkboxes. As an example, the first green checkmark you see on the Local
line above, corresponds to the first green check you see in the popup menu
directly below. The result in this case is that you are granting access rights to
Microsoft Internet Explorer to computers in your Local Zone.
Options
file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options1a.htm (1 of 2) [4/12/2001 11:52:44 AM]
ZoneAlarm Pro - Local Network Popup
Six choices are available under Local Network:
1st three choices:
Server choices:
Select Allow, Disallow or Ask for the selected program.
When you select Ask, you are instructing ZoneAlarm Pro to
use a popup menu to ask your permission each time the
program attempts to connect to a computer in your Local
Zone.
Select Allow server , Disallow server or Ask server to
allow or disallow the program to act as a server listening for
connections from computers in your Local Zone. When you
select Ask server, you are instructing ZoneAlarm Pro display
the popup menu as a permission request each time the
program attempts to act as a server to a computer in your
Local Zone.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options1a.htm (2 of 2) [4/12/2001 11:52:44 AM]
ZoneAlarm Pro - Internet popup menu
Internet Popup menu
Options
Using the Internet menu on the popup menu is one way to define Internet Zone
access rights and server privileges for the specific program on which you
right-clicked to call the popup menu. Another method is to click directly on the
checkboxes in the yellow area of the Allow Connect or Allow server column shown
below.
When you use the popup menu, your change(s) will immediately be reflected in
the checkboxes. As an example, the first green checkmark you see on the Internet
line above, corresponds to the first green check you see in the popup menu
directly below. The result in this case is that you are granting access rights to
Distribute COM Services to computers in the Internet Zone.
Options
file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options1b.htm (1 of 2) [4/12/2001 11:52:45 AM]
ZoneAlarm Pro - Internet popup menu
Six choices are available when you select Internet:
1st three choices:
Server choices:
Select Allow, Disallow, or Ask for the selected program.
When you select Ask, you are instructing ZoneAlarm Pro to
use a popup menu to ask your permission each time the
program attempts to connect to a computer in the Internet
Zone.
Select Allow server , Disallow server or Ask server to
allow or disallow the program to act as a server listening for
connections from computers in the Internet Zone. When you
select Ask server, you are instructing ZoneAlarm Pro display
the popup menu as a permission request each time the
program attempts to act as a server to a computer in the
Internet Zone.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options1b.htm (2 of 2) [4/12/2001 11:52:45 AM]
ZoneAlarm Pro - The Set Password Button
The Set Password Button
Setting a password ensures that only authorized users have access to each
individual copy of ZoneAlarm Pro.
If you are not using the established password
Use the Set Password pushbutton to enter a password or to change your current
password. After setting a password, use the Login pushbutton to turn on the
administrative privileges controlled by your password. These privileges let you to
use the Advanced pushbuttons in the Security panel and the Programs panel, or to
uninstall the product.
If you try to use a ZoneAlarm Pro function that is password-protected when not
logged on, this dialog will be displayed.
Whenever this dialog is displayed, enter your password directly in the dialog or
click on the Login button in the Configuration panel to enter your password. This
will allow you to to make changes to the Firewall or to uninstall the product.
The checkbox at the bottom of the dialog will always be checked if company policy
establishes centralized control of employees' ZoneAlarm Pro passwords. The
System Administrator of your organization has the exclusive right to maintain
file:///C|/Documents and Settings/rwilliams/Des...ro_Help_new_TOC/ZoneAlarmProHelp70_Password.htm (1 of 3) [4/12/2001 11:52:45 AM]
passwords to ensure Internet security in the organization.
In such cases, individual ZoneAlarm Pro users will only be able to enter a
password in this dialog. The ability to change a password will not ba available in
the Set Password dialog.
If you are using the established password
When a password is set up and you have not logged in with that password, only
the three fields shown below can be modified. All other settings are protected by
the established password:
in the Configuration panel
in the Alerts panel
Establishing a password gives you extra protection against anyone but you making
changes to ZoneAlarm Pro. Password protection gives you these advantages:
■ Keeps unauthorized users from logging on to ZoneAlarm Pro without using
the authorized password
■
Prevents unauthorized users from modifying security levels you've
established for Zones and Programs
■
Keeps anyone except authorized users from shutting down ZoneAlarm Pro
because the password is required to shut down ZoneAlarm Pro
■
Prevents users from changing lock settings on the Lock Panel
■
Prevents users from adding members to or removing members from the
Local Zone or the Internet Zone.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Keyboard Shortcuts
Keyboard Shortcuts
You can use a combination of keystrokes on your keyboard to access many
features of ZoneAlarm Pro. This provides an alternative to using your mouse.
Shortcuts
Shortcuts inside Alert Popups
Shortcuts
A list of features you can activate with keystrokes is provided below. To perform
most shortcuts, you press either the Cntl or the Alt key in conjunction with one of
the letter keys on your keyboard:
Ctrl+L
Ctrl+S
Lock/Unlock
Emergency Stop
Ctrl+H
Zone Labs Information Overview
Alt+A
Alt+L
Alt+S
Alt+P
Alt+C
Alt+Z
ESC
F1
Expand/Close the Alerts Panel
Expand/Close the Lock Panel
Expand/Close the Security Panel
Expand/Close the Programs Panel
Expand/Close the Configure Panel
Zoom/Unzoom -- Expand/Close the current panel
Unzoom -- Close the open panel
Access the help file
Shortcuts inside Alert Popups
In the alert popup dialog, these keys let you navigate multiple alerts:
PgUp
PgDn
Home
End
Previous Alert
Next Alert
First Alert
Last Alert
ZoneAlarm Pro - Keyboard Shortcuts
BACK HOME NEXT
Inc.
ZoneAlarm Pro - The Configure Panel
The Configure Panel
Click on the Configure button to display the Configuration Panel. This button is
located directly below the Help button in the top right corner of ZoneAlarm Pro
Options
Windows 95 and NT
Options
Use the checkboxes and pushbuttons in the Configuration Panel to determine:
● Whether, on your computer screen, ZoneAlarm Pro should be displayed ON
TOP OF other applications when Internet activity is detected
●
Whether the shell tool bar should be displayed
Whether ZoneAlarm Pro should load when you start your computer
To check for product updates
●
To set your password
●
To change your ZoneAlarm Pro License Key
●
To change the registration information you've submitted to Zone Labs
●
●
file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp70.htm (1 of 3) [4/12/2001 4:10:51 PM]
The first checkbox on the Configuration Panel is On top during Internet activity.
This checkbox controls whether or not ZoneAlarm Pro will be displayed ON TOP of
other applications whenever Internet activity is detected.
The Load ZoneAlarm at Startup checkbox is selected by default. This causes
ZoneAlarm Pro to be loaded when you start your computer. If you uncheck this
checkbox, Internet traffic monitoring will not begin until you start ZoneAlarm Pro
on your machine.
Click on the Set Password pushbutton to set or modify a password. Once your
password is set, use the "Login" pushbutton to login to ZoneAlarm Pro using your
password.
License key
Your License Key is a number that you receive from Zone Labs. It indicates that
you are the owner of a valid license for ZoneAlarm Pro.
If you did not enter your License Key number when you installed the product, you
can do so at any time by clicking on the Change Key button.
When you click on the Change Key button, the License info dialog will be
displayed:
Enter your License key in the dialog, the click on the Go button.
Windows 95 and NT
Older versions of Windows 95 or Windows NT (those without the Windows Shell
Update) let you choose a "Show shell toolbar" checkbox. Under newer versions
and Windows 98 or Windows 2000, this option is part of the Windows Shell. See
the Desk Band Toolbar for more information.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - The Automatic Lock
The Automatic Lock
The Automatic Lock will activate at whatever set intervals you select in the
Automatic Lock section of the Lock panel. It is a very useful tool for stopping
Internet traffic at times when you are not using your computer. By simply
selecting a few radio buttons on the Lock panel, you can program the Automatic
Lock to activate in the following situations:
● When you are not using the Internet
●
When your computer has not been used for a preset number of minutes
●
When the screen saver takes control of your desktop
Turning on the Automatic Lock
Select the Enable radio button to turn on the Automatic Lock.
Engage Internet Lock after X minutes of inactivity: Set a time of inactivity at
the end of which the lock is to be activated.
If you have activated the Automatic Lock using the minutes-of-inactivity option,
unlock the lock by clicking on the padlock inside the Lock icon. After clicking on
the padlock to deactivate the lock, the Timer Bar under the padlock will be set to
Green. This means that the lock is no longer stopping Internet traffic.
Engage Internet Lock when screensaver activates: Screen saver activation
turns on the lock rather than a number of minutes.
Pass Lock programs may access the Internet: Choose between this and the
High Security, all Internet activity stopped button by either allowing certain
programs to break through the Automatic Lock, or allowing no exceptions at all.
The Pass Lock button stops all traffic except programs that bypass the Lock. The
High Security radio button stops ALL TRAFFIC, regardless of whether they are set
to bypass the Lock.
Note: ICS & NAT: If you are using ZoneAlarm Pro on an ICS or NAT gateway
machine, the Automatic Lock will not lock Internet access for client computers.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp12.htm [4/12/2001 4:12:04 PM]
ZoneAlarm Pro - The STOP Button
The STOP Button
Pressing the STOP button immediately stops all Internet traffic, including traffic to
programs set to bypass the lock.
Press this button if you think a program might be using the Internet improperly.
The STOP button will stop all Internet access, overriding the Pass Lock settings in
the Programs panel. This is useful for stopping:
● Trojan horses
● Programs that want to gain access to your private information
To reactivate Internet access press the stop button again.
Note: Using the emergency stop button completely cuts off connections to the
Internet. Connections and data transfer by all programs on your computer must
be restarted.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Understanding and Using Alerts
Understanding and Using Alerts
ZoneAlarm Pro gives you all kinds of ways to view alerts and Internet traffic.
New Network alert
Main panel
Advanced button
What is Internet traffic?
What is an Internet Alert?
What will ZoneAlarm Pro block?
Red and green traffic indicators
On top during Internet activity
Bytes sent / received via the Internet
Why did I get that alert?
More info about a particular alert
Where should I put my alerts?
Use the Advanced button for Options
1. Hide your IP Address
2. Suppress a specific alert type
3. Tweak your alert log
What is Internet traffic?
ZoneAlarm Pro keeps an eye on all Internet traffic.
Internet traffic includes all data movement to and from the Internet. It also
includes all connection attempts from your machine to the Internet and vice versa.
The ZoneAlarm Pro firewall only stops undesired traffic. When it does stop an
instance of traffic, ZoneAlarm Pro will issue an alert. The alert can be displayed
and stored in a number of places.
Data movement and connection attempts that are allowed according to your
rules in ZoneAlarm Pro, will be allowed to pass through the firewall. This kind of
traffic is good traffic, in the sense that you are allowing it in and out.
What is an Internet alert?
An alert is basically a blocked Internet connection. When ZoneAlarm Pro blocks
some kind of inbound or outbound Internet traffic, an alert is produced based on
the rules you've set up in the various ZoneAlarm Pro panels.
When we talk about alerts, we are talking about a description of why, in its role
as a firewall, ZoneAlarm Pro has blocked inbound or outbound Internet access to
your computer. By going to the Alerts panel, you can easily find out the basic
information behind an alert.
You can always view the text version of the alerts you received by clicking on this
button, at the bottom of the Alerts panel.
This file is called the Alert log. Each line in the left represents a single alert. Here
are a few sample entries, the first of which indicates a PE alert. PE alerts tell you
file:///C|/Documents and Settings/rwilliams/Deskto...o_Help_new_TOC/Getting_Started_Tutorial_Alerts.htm (1 of 10) [4/12/2001 4:53:23 PM]
that a specific application, which is named in the Alert, tried to access the
Internet.
What will ZoneAlarm Pro block?
What ZoneAlarm Pro blocks is the result of how selections are made in ZoneAlarm
Pro panels in these two ways:
■ Default settings that were installed with the product that you did not change
■
Modifications made to those settings by you or your system administrator
Settings can be changed by clicking on selections in the panels, or by having those
selections automatically made and implemented in your copy of the product by a
system administrator operation from a central console.
The higher the security setting in a zone, the more ZoneAlarm Pro will block. In
the Security panel, if you allow overall security for the Internet Zone to be set to
high, the firewall will block, and create an alert, for the three protocols shown in
the lower part of this screen shot from the Security panel.
Red and green traffic indicators
The most visible Internet traffic indicators are the red and green bars you can see
at any time inside the first box on the left side of the DeskBand Toolbar.
Red bars indicate data being uploaded; green bars indicate data being
downloaded. These indicators don't indicate alerts or illegal traffic, but simply that
Internet traffic is occurring between the Internet and your machine.
When you open the product, you see a larger version of these indicators on the
Alerts icon:
Whenever red or green flashing bars appear in the Alerts
icon, the application receiving or sending traffic is shown as a
blinking icon inside the Programs icon.
On top during Internet activity
If you really want to see Internet traffic every single time it occurs, make sure the
first checkbox below, located on the Configuration panel, is checked:
This means that, in addition to being able to view the red and green bars, you will
also see the main ZoneAlarm Pro panel pop up to be displayed on top of all the
other applications on your desktop.
This will make it obvious that Internet traffic is occurring. Since so much Internet
traffic can occur when you have a live Internet connection, many ZoneAlarm Pro
users uncheck this box and rely on the red and green bars only.
Bytes you've sent and received via the Internet
About Internet traffic, you can always view how many bytes have been sent to
your PC and how many have been received since you launched ZoneAlarm Pro.
These statistics are available at the top of the Alerts panel:
Why did I get that alert?
Just below the Bytes received area in the Alerts panel, statistics are always
available immediately after your ZoneAlarm Pro firewall detects an Internet
connection attempt that is being blocked by the firewall rules you've set up
throughout ZoneAlarm Pro.
The example below shows that a connection attempt by Internet Explorer was
blocked:
A number of rules could be responsible for this alert. One possibility is that, in the
Allow connect column of the Programs panel, you have established a rule to block
Internet Explorer's access to the Zone where the IP address mentioned in the
alert.
In this case, the IP address would be in the Internet zone, because the Red X is in
the Internet Zone area.
More info about a particular alert
Clicking on the More Info button, located to the right of the alert description, gives
you access to the Alert Analyzer, located on the Zone Labs web site.
Where should I put my alerts?
The area at the bottom of the Alerts panel allows you to control whether you want
the Alert Log to be created, and whether or not you want alert popups to be
displayed each time there is an alert.
If you select the second checkbox, you'll get a display like this each time firewall
rules trigger an alert:
This can be helpful unless too many alerts are happening and you don't want to be
interrupted.
Use the Advanced button for options
ZoneAlarm Pro lets you hide part of your IP address when the Alert Analyzer is
used, or to decide how often you want to start a new Alert Log because you may
be receiving many alerts.
Use the Advanced button to call this three-tab dialog which lets you easily set up
alert-related customizations.
1. Hide your IP address
After clicking on the Advanced button, click on the Submitting Info tab if you
want to hide your IP address from the Alert Analyzer.
When you receive an alert then click on the Submitting Info button hoping to
find out something about its source, the web-based Alert Analyzer takes your IP
address into account as one piece of analytical data.
For your protection, you can keep part or all of your IP address from being sent to
the Analyzer (and thus made visible on the Internet) by selecting one of the radio
buttons in the dialog.
2. Suppress a specific alert type
To make things less complicated for you, you can prevent some alerts from being
created and displayed. If there are alert types, such as NetBIOS broadcasts, that
you decide you do not need to go back to examine, you can select them in the
dialog below.
Click on the Suppress alerts tab to open the dialog. Alerts of the type you check
will not appear in the Alert Log and no messages will be displayed about them.
3. Tweak your Alert Log
or
What if your alert log gets so big you'd like to archive its contents? Or what if
you'd like to be able to read it more easily?
The Log File tab or the Log Properties button at the bottom of the Alerts panel will
open the dialog below, where you can determine how often you want to archive
your log file and create a new one. The current log file always has the name
ZALog.txt.
You can also set the fields of each line in the log to be separated with a tab or
semicolon rather than a comma, which is the default setting.
An example of a renamed archived log file created on October 2, 2000 is
ZALog2000.10.02.txt, which you can see in the Internet Logs subdirectory below.
This example is from a Window NT operating system.
ZALog.txt is the current log where alerts that are happening right now are being
stored.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Deskt..._Help_new_TOC/Getting_Started_Tutorial_Alerts.htm (10 of 10) [4/12/2001 4:53:23 PM]
ZoneAlarm Pro - Program Settings
Program Settings
The Programs panel has three work areas: the Programs panel itself, the
Right-click function, and the Options button.
Right-click on a program line as an alternative way to perform main panel
functions or to Add a new program. Click on the Options button to set server
rights or to limit a program's access rights to specific ports.
Main panel
Right-click and Options button
Programs panel as it looks at first
Programs panel with programs in it
Will you allow the program to connect?
Allowing or denying access to a program
What the checkmark and X mean
What a permission message looks like
Allowing the program to be a server
Server permission message example
Right-click to set access & server options
Click on the Options button to set server rights &
specify ports
Access permissions tab
Ports tab
Click on Add to add a port or range of ports
Click on Custom to add a TCP or UDP port
Programs panel as it looks at first
The Programs panel will probably display an empty white area when you first open
it, unless some programs have already accessed the Internet since you opened
the program, or unless the product was configured for you by your System
Administrator. It will probably look like this:
file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Programs.htm (1 of 13) [4/12/2001 4:55:13 PM]
Programs panel with Programs in it
The white area of the Programs panel starts filling up as your applications start
accessing the Internet. A separate line in the white area is reserved for each
program that connects.
Microsoft Outlook is the first program that connected in the panel shown below.
We'll use that example as we quickly look at this panel.
Notice that the version number of Outlook is displayed along with the name and
the Outlook icon:
Will you allow the program to connect?
On each program line, the second column is the Allow connect column. This
column allows you to resolve this issue: Will you allow the program to connect to the Internet?
If you have not changed anything, two
ZoneAlarm Pro will ask your permission:
appear in the column, meaning that
Question marks mean you will always receive a message asking your permission
when the Program on that line, in this case Microsoft Outlook, attempts to connect
to the Internet
Allowing or denying access to a program
Remember that
access the Internet.
means that your permission will be asked for a program to
Click on the
to make any changes.
The leftmost checkbox is for allowing:
denies:
or
What the
or
. Clicking on the middle one
.
and
mean
The top yellow section governs the Local Zone:
The bottom blue section governs the Internet Zone:
Keep those zone-specific distinctions in mind and it will be clear that when you
click on the top section, you are managing the program's access to the Internet
only via locations you have included in your Local Zone.
When you click on the bottom section, you are managing the program's access to
the entire Internet, as described here:
Allows the program to connect to Internet locations in the Local Zone.
Prevents the program from connecting via the Local Zone.
Allows the program to connect to Internet locations outside the Local Zone.
Prevents the program from connecting via the Internet Zone.
Permission message
When ZoneAlarm Pro asks your permission for a program to connect, a message
like this one is displayed, containing the name of the program and your IP
address:
Will you allow the program to be a server?
Programs can play the role of a server, waiting or listening for incoming
connections from the Internet. This column gives you the choice to stop server
behavior for each program if you think it would be wise.
The Allow server column gives you the same choices as in the Allow Connect
column: ZoneAlarm Pro can request your permission each time, or you can allow
or deny server behavior to each program. These permissions also function by
zone.
If a program tries to act as a server to a Local Zone location, permission is asked.
Allows the program to act as a server to Internet locations in the Local Zone.
Prevents the program from acting as a server to a Local Zone location.
If a program tries to be a server to Internet Zone locations, permission is asked.
Allows the program to act as a server to Internet locations outside the Local Zone.
Prevents the program from acting as a server to Internet Zone locations.
Allow server permission message
like this one is displayed, containing the name of the program:
RIGHT-CLICK on the Programs panel
When you right-click on a program in the Program List, all the following choices
are available to you.
Right-clicking on a program lets you define access rights or port restrictions
for the program you clicked on, or to add or remove a program.
The rights you define will be specific to either the Local Zone or the Internet Zone.
You can also view the version statistics about a program by clicking on Properties
for.
Click on
to set server rights & limit program
access specific ports
Click on the Options button to call a dialog with two tabs:
Click on the Access Permissions tab to grant connection and server rights to a
program.
Click on the Ports tab to limit the way a program connects to specific ports.
Access permissions tab
Use the radio buttons on this panel to define precise permissions for each of your
programs.
Use the yellow section of this panel to define, for a specific program, access
permissions to computers or addresses defined in your Local Zone.
Use the blue section of the panel to grant programs access permissions to
computers and addresses in the Internet Zone.
The yellow and blue sections allow you to define whether or not your programs
can act as servers listening for connections from computers from either of those
zones: yellow for the Local Zone, blue for the Internet Zone.
Radio buttons on left side of the panel:
Radio buttons on the right side of the panel:
Ports tab
Use the Ports tab to specify ports and protocols that an application is permitted to
use.
The title bar, at the top of the Ports tab, displays the program name you are
defining port access for, such as Outlook Express or Netscape Navigator.
Use Allow access to all ports and protocols to allow the program to have
Internet connections via all ports.
Use Allow access for ONLY the ports checked below to limit the program's
checkboxes are selected by default as the protocols you will limit the program's
connections to.
Use Allow access for any port EXCEPT for those checked below to allow
connections to every protocol and port that is not checked in the list below. The
IGMP and ICMP checkboxes are selected by default as the port types denied to
the program's for Internet access utilization. All protocols and ports not checked in
the list are fair game.
Click on
to add a port or range of ports
When you click on a server-specific choice like Mail Servers, ZoneAlarm Pro adds
the ports used by the server type and each entry is preselected. For ease of use,
three ports are added for Mail Servers. You can deselect any that you may want to
omit from the authorized list. All three mail server ports remain selected in the list
shown below:
Click on
to define a single TCP or UDP port
In the Description field: Type in a meaningful name for the port or range of
ports you're adding. Then, click on OK to add the port(s), which will be displayed
in the Ports panel.
UDP or both.
a UDP port.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Zones
Definition of Zones
ZoneAlarm Pro uses the concept of zones to protect your computer from unknown
malicious entities on the Internet.
Local Zone
The Local Zone defines permissible traffic through the firewall. The Local Zone
contains domains, IP addresses, IP ranges and subnets of trusted sources.
If you go to the Security Panel and press the Advanced button, locate the Local
Zone Settings tab. This tab defines ports, protocols, and permissions that will
apply rules to protect your computers in the Local Zone.
For help setting up security in the Local Zone, click here. Please go to the Local
Zone Contents Tab for information on how to add computers to your trusted Local
Zone
Internet Zone
The Internet Zone protects against any computer attached to the Internet that is
not on your network.
If you go to the Security Panel and press the Advanced button, locate the
Internet Zone Settings tab. This tab defines ports, protocols, and permissions that
will apply rules to protect your computers in the Internet Zone.
For help setting up security in the Internet Zone, click here.
Restricted Zone
The Restricted Zone is designed to block domains, IP addresses, IP ranges and
subnets that you do not want your computer to access. Essentially, this feature is
a reverse of the Local Zone.
If you go to the Security Panel and press the Advanced button, locate the
Restricted Zone tab. Check here for functionality of the Restricted Zone.
file:///C|/Documents and Settings/rwilliams/Desk...Pro_Help_new_TOC/ZoneAlarmProHelp50_ZoneDefs.htm (1 of 3) [4/12/2001 4:57:07 PM]
Security Levels
The Local and Internet zones each have a security level selector, which you can
slide up and down to change the security level. Local zone security is displayed in
yellow, and Internet zone security in blue.
The default settings are:
●
computer to protect you from potential threats. The security level for the Internet
Zone should be equal or higher than the level selected for the Local Zone.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Networking Issues
Networking Issues
This section provides some direction about specific issues for individual ZoneAlarm
Pro users as well as users working on a local area network.
Detecting a new network
Control Internet Access to Your PC by LAN Computers
Use ICS and NAT to Protect Your Network
Include Network Adapters in the Local Zone
VPN Connections
Server Not Receiving Incoming Connections
Control Internet Access to Your PC by LAN
Computers
You can easily adjust settings in your Local Zone to establish customized Internet
access for computers on your local area network.
You start this overall process by making sure that the computers and web sites
that you trust are members of ZoneAlarm Pro's Local Zone. This sets up
ZoneAlarm Pro's firewall for trusted network components. The default security
setting is medium.
Once this security setting is established, you can customize your overall Local
Zone security by allowing or blocking specific protocols or ports. You can even
allow specific network programs and servers to run via specific ports only.
You can also create a Restricted Zone to isolate IP addresses and web sites so that
they cannot contact your Local Zone computers via the Internet.
Use ICS and NAT to Protect Your Network
file:///C|/Documents and Settings/rwilliams/Desk...Help_new_TOC/ZoneAlarmProHelp_FAQ_Networking.htm (1 of 4) [4/12/2001 4:58:07 PM]
Most firewalls only protect the system where it is installed. Using the ICS and NAT
support bundled into ZoneAlarm Pro, you can protect your entire network you
have the product installed on the computer you're using to share your Internet
connection.
Once you have defined a gateway and client machines on your network, you can
use ZoneAlarm Pro's ICS or NAT support to define the gateway and client
definitions to ZoneAlarm Pro. This will allow the gateway machine to handle
Internet security for all client machines.
Include Network Adapters in the Local Zone
By default, ZoneAlarm Pro includes the network adapter subnets that correspond
to your network cards as part of your Local Zone.
You can check to make sure that the subnets of network adapter cards are
included in your Local Zone by following these steps:
●
Click on the Advanced button in the Security panel
●
Click on the Local Zone Contents tab
●
Under Networks, the network adapter that corresponds to your network is
checked by default
If you have resources such as printers attached to your computer that others
working on the network need to access, we recommend that you disable the
Automatic Lock feature. When engaged, the Automatic Lock will block access to
these resources from the Local Zone.
DHCP for Dial-Up Internet Users
If you are using dial-up or a broadband connection with a non-static IP address,
your ISP uses DHCP to allocate IP addresses. This probably mean that your ISP
will periodically renew your non-static IP address.
To make sure that Internet connections are configured to accept DHCP renewals,
review the settings in the Local Zone Custom Settings panel. Here's how you
review the settings:
●
Go to the Security Panel
●
Click on the Advanced button and click on Local Zone Custom Settings.
●
Make sure these two checkboxes are checked:
When these two checkboxes are checked, all Internet connections are configured
to accept DHCP renewals.
VPN connections
There are many kinds of VPN connections. Not all VPN connection methods are the
same. If you are not able to make a connection via your VPN while running
ZoneAlarm Pro, check the following settings:
● Make sure that the VPN server has been added to Local Zone
●
Make sure the network subnet you are connecting to via VPN is included in
your Local Zone
If you are experiencing a connection problem, the VPN initiation and
authentication may be running into a conflict. Some users have lowered their
Internet Zone security from High to Medium during VPN initiation and
authentication only. They then immediately reset security to HIGH.
Server Not Receiving Incoming Connections
If your server application, such as an FTP or Web server, is not accepting incoming
connections, check these settings:
1. Make sure your server application has "Allow Server" permission: in the
Programs panel, click on the Options button for the server application. In the
Access permissions panel, make sure that server permission is not denied.
The permission can be set to Always allow or Always ask, as shown below:
2. Make sure the "Block Local Servers" and "Block Internet Servers" option is
not checked.
To do this, go to the Security panel and click on the Advanced button. Under
the General tab, go to the bottom of the panel and make sure these two
checkboxes are not checked:
3. Make sure that the Automatic Lock is not enabled, or that your server
application has permission to bypass the lock. Go to the Programs panel to
find this option.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Computer Games
Computer Games
Many games run in "exclusive" full screen mode. This prevents the display of
ZoneAlarm Pro alerts as well as normal windows error messages on your screen. If
you are not able to see ZoneAlarm Pro alerts while you are playing a full screen
game, you can try to rectify the problem in one of the following ways:
Set the game to run in a window
Change the rendering mode
Press Alt+Tab to toggle
Set the game to run in a window
Setting your game to run in a window will allow you to see the alert if the game is
running in a resolution lower than your desktop.
If your mouse is locked to the game, try pressing the windows key, and you
should be able to use the mouse to click on the alert. Then reset the game to run
full screen after allowing it Internet access.
Change the rendering mode
Changing the rendering mode to "Software Rendering" will allow Windows to
overlay the ZoneAlarm Alert on top of your game screen.
After allowing Internet access, you can change back to your preferred rendering
device.
Use ALT + TAB to toggle
Pressing Alt + Tab to toggle back into windows will allow the game running, but it
will allow you to respond to the alert.
Once you have allowed Internet access you press Alt-Tab again to restore your
game. This may cause some applications to crash, especially if you are using Glide
or OpenGL; however, the problem should be corrected the next time you run the
game. Sometimes you can use Alt-Enter in the place of Alt-Tab.
file:///C|/Documents and Settings/rwilliams/Des...Pro_Help_new_TOC/ZoneAlarmProHelp_FAQ_Games.htm (1 of 2) [4/12/2001 4:58:58 PM]
ZoneAlarm Pro - Computer Games
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Des...Pro_Help_new_TOC/ZoneAlarmProHelp_FAQ_Games.htm (2 of 2) [4/12/2001 4:58:58 PM]
ZoneAlarm Pro - QuickTour of ZoneAlarm Pro
QuickTour of ZoneAlarm Pro
This QuickTour won't take long. But it will save you the trouble of figuring things
out for yourself.
Basic Tour
Panels
Where is the main panel?
Main panel
Black bar along the top of the main panel
Five main Icons
Buttons below the Icons
Icon display without panels
Alerts panel
Lock panel
Security panel
Programs panel
Configuration panel
WHERE IS the main panel?
After you install ZoneAlarm Pro on your machine, only a portion of the main panel
will be displayed, the Control Center:
To display the entire panel, click on one of the five buttons in the lower portion of
the Control Center, such as the Alerts buttton.
Another way to open the main ZoneAlarm Pro panel, whenever it is not fully
displayed, is to double-click on the ZA icon in your system tray, directly below the
Desk Band Toolbar:
file:///C|/Documents and Settings/rwilliams/Deskto...elp_new_TOC/Getting_Started_Tutorial_QuickTour.htm (1 of 11) [4/12/2001 5:01:03 PM]
As shown below, the ZA icon also lights up with red and green bars whenever
Internet traffic is happening. Double-clicking on this icon will still open the main
ZoneAlarm Pro panel even though Internet traffic is showing:
*
As long as ZoneAlarm Pro is installed on your machine and has not been shut down, the ZA icon will
remain in the System Tray. You cannot remove it.
Main ZoneAlarm Pro panel
ZoneAlarm Pro has five different panels. Each one has a different function. The
panel shown here is the Configuration panel where you set your password and
check for upgrades. You can also set some general behavior options in the
Configuration field at the top of this panel.
The checkboxes at the top of the Configuration panel also allow you to determine
overall behavior:
■
should this panel be on top of all applications during Internet activity?
■
should the deskband toolbar be visible?
should you load ZoneAlarm Pro at startup time?
■
Black bar along the top of the panel
A black bar with the name ZoneAlarm Pro spans the very top of the main panel.
At the extreme right of the black bar, you can use the
ZoneAlarm Pro.
tool to minimize
Five main icons
Directly below the black bar you have a row with five icons. Each icon has a
specific function. The first one lights up when Internet traffic is occurring on your
PC.
Watch this icon! It contains four small bars: two UP rows and two
DOWN rows. These bars show a graphic display of uploading &
downloading. The top two bars show real time Internet traffic on
your PC; the lower two bars show Internet traffic over a period of
time.
Click on this icon to block Internet traffic! When you do, the
padlock will close and the green text will change to this:
This is the Stop button! Click on it when you think trouble has
arrived. It will immediately stop all Internet Traffic and, unlike
the Lock button described directly above, it will allow now
exceptions, thereby not respecting the passlock.
Watch this icon to get a quick graphical look at which
applications are currently connected to the Internet. Inside this
icon, ZoneAlarm Pro displays the icon for each program on your
PC that has a current Internet connection
Click on this icon to open the Help file. The Help file not only
provides reference material, but also Internet basics, information
on how other software programs interact with ZoneAlarm Pro,
and much more.
Buttons below the Icons
Use these buttons to navigate between ZoneAlarm Pro panels. This means that
the entire display in lower portion of the panel changes. Click on the buttons
below to see how it works.
If you are already using the panel represented by a button, like the Configuration
panel we looked at briefly above, and you click on the Configuration button, notice
that the lower part of the main panel is removed, leaving only the icons and
buttons:
The Alerts Panel
Use this panel to see statistics about Internet traffic alerts on your PC and to
minimize the display of alerts if you find there are so many that the displays
become distracting.
To find out the IP address, the time and, when appropriate, the application
involved in an Internet traffic alert, look in the Current alerts box in the middle of
the panel:
Go to the checkboxes at the bottom of the panel to instruct ZoneAlarm Pro to save
alerts to a text file that you can comfortably read at any time. You can also initiate
the alert popup window from here, so that each time an alert occurs, a balloon
alert is displayed with pertinent information.
The Advanced button lets you stop the display of specific types of alerts, like
NetBIOS broadcasts or blocked applications. You can also use this button to set
log file options to prevent your alert log file from getting too large.
Lock Panel
ZoneAlarm Pro has a programmable lock to stop Internet traffic. Use the Lock
panel to determine whether the lock should be turned on after a time of inactivity
on your PC or whether your screen saver should turn it on.
Passlock, the ability for a program to disregard the lock and access the Internet, is
enabled or disabled in this panel. If pass lock is enabled, individual applications
that you select in the Programs panel will be able to break through the lock. This
is useful for programs like e-mail.
Security Panel
This panel is where you set up your zones. Use the yellow and blue boxes in the
middle of the panel to set overall security for your Local Zone and your Internet
Zone.
For maximum security, it is a good idea to keep security in the Internet Zone set
to High. Once High security is set, you can allow protocols through the firewall, or
allow specific programs access through specific ports. This panel also controls
MailSafe.
The Advanced button puts you more in the driver's seat. This button takes you to
a dialog with six tabs.
Each tab takes you to a different panel. Four of the panels let you define and
customize your zones. The Local Zone Contents tab is very important because that
is where you define which computers and addresses are allowed to be members of
the trusted and protected area called the Local Zone.
The General tab lets you further define MailSafe by adding specific file types you
do not want to be opened when they come as attachments to an e-mail. The
Restricted tab lets you create an isolation tank zone, where no Internet traffic is
allowed.
Programs Panel
Use the Programs Panel to see which programs have been connecting to the
Internet and also to restrict or broaden a program's ability to access the Internet.
Every line in the panel is dedicated to one of your programs that has been
accessing the Internet.
file:///C|/Documents and Settings/rwilliams/Deskt...lp_new_TOC/Getting_Started_Tutorial_QuickTour.htm (10 of 11) [4/12/2001 5:01:03 PM]
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Deskt...lp_new_TOC/Getting_Started_Tutorial_QuickTour.htm (11 of 11) [4/12/2001 5:01:03 PM]
ZoneAlarm Pro - How to add a program to the Program List
How to add a program to the
Program List
Any program that is installed on your computer will be added to the Programs List
at the time ZoneAlarm Pro detects that it is accessing the Internet.
For LAN users, your system administrator may have preconfigured your Programs
List to include specific programs. If so, these will appear on the list.
Why add programs to the Programs List?
Empty Programs List?
Programs List showing programs
How to add a program
Why add programs to the Programs List?
If one of your programs has not yet accessed the Internet since ZoneAlarm Pro
has been running, you can set up security behavior for that Program by adding it
to the Program List. Once a program is added to the Program List, use the
Programs panel to restrict its ability to connect to the Internet or its ability to
listen as a potentially destructive server.
To add a program to the Program List, right-click anywhere in the main area of
the Programs panel.
Empty Programs List?
Unless a system administrator configured the installation on your network, the
Programs panel will probably display an empty white area when you first open it:
file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/How_to_add_program.htm (1 of 5) [4/12/2001 5:02:07 PM]
Programs panel with Programs in it
The white area of the Programs panel starts filling up as your applications start
accessing the Internet. A separate line in the white area is reserved for each
program that connects. Microsoft Outlook is the first program that connected in
the panel shown below. We'll use that example as we quickly look at this panel.
How to add a program
Right-click anywhere in the Program List to add a Program to the Program List.
In the popup menu, a number of choices are available. Select Add Program... to
add a program to your Programs List:
After selecting Add program..., select the program you want to add from the list
displayed in the Add Program dialog.
After you've added the program to the Program List, you have the ability to:
● Prevent the program from connecting to the Internet or from listening as a
server
● Severely limit the program's ability to access the Internet by defining
specific ports through which the application absolutely must pass in order
to connect to the Internet. It will not be able to connect via any other port
but the ones you define.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Using the Programs List
Using the Programs List
The Programs List is your tool for controlling the Internet connection behavior of
your applications. What are they allowed to do and what are you going to prevent
them from doing on the Internet?
Right-click Options
Allow Connect
Allow Server
Options
Adding Ports
Right-click Options
When you right-click on a program in the Program List, all the following choices
are available to you. For more information on these options, click here.
Right-clicking on a program lets you define access rights or port restrictions
for the program you clicked on, or to add or remove a program.
The rights you define will be specific to either the Local Zone or the Internet Zone.
You can also view the version statistics about a program by clicking on Properties
for.
Unless your System Administrator has preconfigured your copy of ZoneAlarm Pro,
there are no programs in your Programs List.
Right-click anywhere in the main area of the Programs panel to Add a new
program. After adding the program, you can establish how a program will interact
with the Internet.
file:///C|/Documents and Settings/rwilliams/Deskt...ZoneAlarm_Pro_Help_new_TOC/Using_program_list.htm (1 of 7) [4/12/2001 5:02:55 PM]
Allow Connect
On each program line, the second column is the Allow connect column. This
column allows you to resolve this issue: Will you allow the program to connect to
the Internet?
If you have not changed anything, two question marks appear in the column,
meaning that ZoneAlarm Pro will ask your permission:
Allow Server
like this one is displayed, containing the name of the program:
Programs can play the role of a server, waiting or listening for incoming
connections from the Internet. This column gives you the choice to stop server
behavior for each program if you think it would be wise. For more information on
the allow server function, click here.
The Allow server column gives you the same choices as in the Allow Connect
column: ZoneAlarm Pro can request your permission each time, or you can allow
or deny server behavior to each program:
● The ? means it will ask permission each time
●
The checkmark means it will allow the program to act as a server
●
The X means it will not allow the program to act as a server
Options
Click on the Options button to call a dialog with two tabs:
Click on the Access Permissions tab to grant connection and server rights to a
program.
Use the radio buttons on this panel to define precise permissions for each of your
programs. Use the yellow section of this panel to define, for a specific program,
access permissions to computers or addresses defined in your Local Zone. Use the
blue section of the panel to grant programs access permissions to computers and
addresses in the Internet Zone.
The yellow and blue sections allow you to define whether or not your programs
can act as servers listening for connections from computers from either of those
zones: yellow for the Local Zone, blue for the Internet Zone.
Click on the Ports tab to limit the way a program connects to specific ports.
Use the Ports tab to specify ports and protocols that an application is permitted to
use. The title bar, at the top of the Ports tab, displays the program name you are
defining port access for, such as Outlook Express or Netscape Navigator.
The radio buttons are arranged as follows:
● Allow access to all ports and protocols - allows the program to have
●
●
Internet connections via all ports.
Allow access for ONLY the ports checked below - limits the program's
checkboxes are selected by default as the protocols you will limit the
program's connections to.
Allow access for any port EXCEPT for those checked below - allows
connections to every protocol and port that is not checked in the list below
it. The IGMP and ICMP checkboxes are selected by default as the port types
the program cannot use for Internet access. All protocols and ports not
checked in the list are allowed.
Adding Ports
When you click on a server-specific choice like Mail Servers, ZoneAlarm Pro adds
the ports used by the server type and each entry is preselected. For ease of use,
three ports are added for Mail Servers. You can deselect any that you may want to
omit from the authorized list. All three mail server ports remain selected in the list
shown below:
In the Description field: Type in a meaningful name for the port or range of ports
you're adding. Then click on OK to add the port(s), which will be displayed in the
Ports panel.
UDP or both.
a UDP port.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - How to use the Restricted Zone
How to use the Restricted Zone
How to add an element to the Restricted Zone
The Restricted Zone is a place for enemies. As soon as you determine that a web
site, server, IP addresses or subnet is dangerous to your network:
You can immediately open the Restricted Zone panel to add the dangerous
element to it. Once the dangerous element is added to the Restricted Zone, no
Internet traffic can take place between it and your Local Zone.
Everything you add to the Restricted Zone will be isolated from your Local Zone
computers. This a way to keep out hacks and intrusions from identified dangerous
sites.
How to add an element to the Restricted Zone
Step 1
Click on the Advanced button in the Security panel, then on the Restricted Zone
tab.
This message at the top of the dialog gives you directions:
Step 2
file:///C|/Documents and Settings/rwilliams/Deskt...eAlarm_Pro_Help_new_TOC/Using_restricted_zone.htm (1 of 4) [4/12/2001 5:04:15 PM]
Click on the Add button
This dialog will be displayed:
Step 3
In this example, we're adding a web site. So, we've clicked on Host/Site...
Next, enter a description and web site address as shown below:
Enter a description
for display
purposes, then the
web site address.
This should be a
web site, unlike
google.com, which
you have doubts
about.
Step 4
A follow-up dialog displays the IP addresses of the web site. ZoneAlarm Pro finds
the IP addresses for you.
Click on Finish to confirm the placement of the web site's IP addresses into your
Restricted Zone.
Step 5
The site you entered now shows up in the Restricted Computers area of the
dialog.
Notice that your
description is displayed
after the
.
Step 6
Click on the OK button. This places the web site in the Restricted Zone, meaning
that no inbound or outbound Internet communications can be done with that site
from your PC.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - New Program Alert
New Program
What is a new program?
What is a new program?
A new program is a program that is requesting to access the Internet or local area
network for the first time. In other words, you haven’t yet told this program
whether it can or cannot access the Internet or local network.
There are many programs that may ask for Internet access. A Web browser, such
as Internet Explorer, must have Internet access for you to surf the Internet. An
e-mail client must have Internet access for you to get e-mail. If you are on a local
network, your e-mail client may request local network access to retrieve your
e-mail.
Follow the rules below and you'll be able to answer program alerts with
confidence.
The rule of expectancy: If you're using a program for the first time that requires
Internet access, you should expect to receive a pop-up alert as soon as the
program tries to initiate Internet access. In this case, it's probably safe to grant
the program access rights.
● Example: You've just opened your Web browser to surf the Internet, and
you immediately receive a pop-up alert asking if your Internet browser may
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/zap_new_program.htm (1 of 3) [4/12/2001 5:04:57 PM]
The rule of logic: For some programs such as Web browsers and e-mail clients,
it's only logical that they need Internet access. But for other programs, it's not
always so obvious. Take your word processor, for example. There are times when
it's logical for it to access the Internet, and other times when it is not:
● You're not even using your word processor and it suddenly asks for Internet
access. Logic: Why would it need Internet access? Be suspicious.
●
You're doing nothing more than typing a document and your word processor
asks for access. Logic: Why would it need Internet access? Be suspicious.
●
You've just clicked a link to the Internet within your document, or you've
told your word processor to import a graphic from the Internet. Logic: It
now makes sense for it to need Internet access. It's probably safe.
●
You've just cut and pasted formatted text from a web page into your
document, and your word processor asks for Internet access. Logic: Your
word processor may be trying to get the formatting information from the
Internet. It makes sense for it to need access. It's probably safe.
The rule of caution: If you're not sure whether a program should have access
rights, start by denying it access rights. Then, investigate the program by asking
● Is the program you've denied access to one you recognize? If not, you may
want to research the program to try and identify it as legitimate or
illegitimate.
●
●
Is it reasonable this program needs Internet access to perform its funtions?
Is the program you've denied access to still able to perform the functions
you want it to without Internet access? Consider all of the above questions
before deciding if your decision was right. You may change your decision at
any time in the Programs panel.
How do I know what program is trying to gain
access?
●
●
●
me every time.
Zone Labs Home Page
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Repeat Program Alert
Repeat Program
What is a repeat program?
What is a repeat program?
A repeat program is a program that has previously asked you for permission to
access the Internet or the local network. When it did, you either allowed or denied
the program access for that instance only.
If you would like to allow or deny this program access for every future instance,
check the box, "Remember this answer each time," before you click "Yes" or "No" .
Some people like to make their programs ask permission every time they try to
access the network. That way, for example, they will know when some other
application is launching their browser. You don't have to do anything special to be
asked each time. Asking is ZoneAlarm's default behavior.
Follow the rules below and you'll be able to answer program alerts with
confidence.
The rule of expectancy: If you're using a program for the first time that requires
Internet access, you should expect to receive a pop-up alert as soon as the
program tries to initiate Internet access. In this case, it's probably safe to grant
the program access rights.
file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/zap_repeat_program.htm (1 of 3) [4/12/2001 5:05:31 PM]
●
Example: You've just opened your Web browser to surf the Internet, and
you immediately receive a pop-up alert asking if your Internet browser may
The rule of logic: For some programs such as Web browsers and e-mail clients,
it's only logical that they need Internet access. But for other programs, it's not
always so obvious. Take your word processor, for example. There are times when
it's logical for it to access the Internet, and other times when it is not:
● You're not even using your word processor and it suddenly asks for Internet
access. Logic: Why would it need Internet access? Be suspicious.
●
You're doing nothing more than typing a document and your word processor
asks for access. Logic: Why would it need Internet access? Be suspicious.
●
You've just clicked a link to the Internet within your document, or you've
told your word processor to import a graphic from the Internet. Logic: It
now makes sense for it to need Internet access. It's probably safe.
●
You've just cut and pasted formatted text from a web page into your
document, and your word processor asks for Internet access. Logic: Your
word processor may be trying to get the formatting information from the
Internet. It makes sense for it to need access. It's probably safe.
The rule of caution: If you're not sure whether a program should have access
rights, start by denying it access rights. Then, investigate the program by asking
● Is the program you've denied access to one you recognize? If not, you may
want to research the program to try and identify it as legitimate or
illegitimate.
●
●
Is it reasonable this program needs Internet access to perform its funtions?
Is the program you've denied access to still able to perform the functions
you want it to without Internet access? Consider all of the above questions
before deciding if your decision was right. You may change your decision at
any time in the Programs panel.
How do I know what program is trying to gain
access?
●
●
●
me every time.
Zone Labs Home Page
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Overview
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp.htm (2 of 2) [4/12/2001 5:06:24 PM]
ZoneAlarm Pro - Troubleshooting and Tech Support
Troubleshooting and Tech Support
Deciphering a technical problem on your computer can be a complex task but
there are a few methods of making the process easier. The first one is to carefully
note specifics to what is occurring as the problem occurs. The sequence of events,
the type of software and operating system in use as well as the limitations of
hardware on the system all play a factor. Checking your available RAM, what
software you have running as a service play in an influential role in articulating a
troubleshoot. If you have too many items loading at startup, this can cause
complications as well.
Most desktop problems occur as a result of Operating System malfunctions. If
more than one program is attempting to use the same resources, errors are likely
to occur. If you experience a blue screen, make note of the error and match it
against known problems reported in the software manufacturer's FAQ or
KnowledgeBase. It's also a good idea to check Microsoft's web site as well as other
Internet resources for known issues with particular operating systems and
software.
There are anomalies on the Internet which also need to be paid attention to. For
suspected problems with your Internet service, bookmark the web page for
system status of your ISP and routinely check for outages and disruptions in
service.
If you run into a technical problem using ZoneAlarm Pro, please visit our
convenient ZoneAlarm Pro Support Site.
BACK HOME
Inc.
ZoneAlarm Pro - Server Activity
Server Activity
A server is defined as an application requiring access to the Internet in order to
perform certain functions. When an application is given server rights via
ZoneAlarm Pro's Programs Panel, the application is essentially waiting or listening
for connections and instructions from remote file servers or in some cases, a
manual response from a host.
Examples of server programs include chat programs, FTP, and e-mail software.
The Programs Icon highlights Internet servers and applications listening for
connections with a hand holding the program icon.
The Programs panel lets you choose which programs are allowed to act as servers.
ZoneAlarm Pro will deny connection, and display a popup warning when a program
to which you have not given server permission tries to establish a connection.
When ZoneAlarm Pro detects server activity, the firewall will block the incoming
connection for any program that is already on your Programs List where a red X
appears in the Allow Server column. You can configure these settings via the
Advanced button.
Communication applications such as ICQ or NetMeeting require server rights in
order to function properly with ZoneAlarm Pro. You will need open port access to
any application, including programs that need to listen and accept incoming
requests to connect to the Internet.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp15.htm [4/13/2001 11:33:45 AM]
ZoneAlarm Pro - Current Alerts
Current Alerts
The large display area on the Alerts panel is Current Alerts. This area displays
the following information about current connection alerts on your machine:
● the IP address
● the port
● the protocol
● the time and date of the connection attempt
● whether the connection attempt was incoming or outgoing
● possibly, but not always, the name of the application causing the alert
Getting More from More Info
Similar Topics
Getting More from More Info
You can submit a request to the Zone Labs Alert Analyzer to get detailed
information about the block by clicking on the More Info button. When you click
on the More Info button, your alert statistics are submitted to the Zone Labs web
site where our knowledge base will determine as accurately as possible the reason
why the firewall blocked your Internet communication. Results are displayed
directly on the web page in your browser.
If you wish to track the IP address of a blocked incoming connection, you can use
products such as whois or traceroute to attempt to find the owner of the IP
address.
Similar Topics
Here are some similar topics if you are interested in more information:
● Alert Settings
●
Sample Log Entries
●
FWIN Sample: An incoming request was blocked
●
FWOUT Sample: An outbound request was blocked
●
PE Sample: One of your applications tried to connect
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/...larm_Pro_Help_new_TOC/ZoneAlarmProHelp20_Current.htm [4/13/2001 11:45:12 AM]
ZoneAlarm Pro - Log File Panel
Log File Panel
When you instruct ZoneAlarm Pro to save alerts in the Alert Log, every alert you
receive will be entered into a file named ZALog.txt. You can find this file in a folder
called Internet Logs in your Windows install directory.
Archiving Logs
Archiving Logs
The buttons on the left side of the Log File panel allow you to archive your Alert
Log on a daily, weekly or monthly basis. By selecting one of these options, you are
telling ZoneAlarm Pro to create a fresh ZALog.txt file on a daily, weekly or
monthly basis. Whenever the archiving takes place, the previous file is renamed
using the current date. An example of a renamed archived log file created on
February 30, 2001 is ZALog2001.02.30.txt.
When you archive your log file on a regular basis, you'll be able to read the file
more easily and be able to find a specific alert more quickly. On the other hand,
you can retain the default setting and never archive the log.
file:///C|/Documents and Settings/rwilliams/Deskt...Help_new_TOC/ZoneAlarmProHelp20_LogProperties.htm (1 of 3) [4/13/2001 2:48:59 PM]
Archive Log options:
Never: This is the default setting: never archive your log file.
Daily: Refresh your log file every day.
Weekly: Refresh your log file every week.
Monthly: Refresh your log file once a month.
Separate fields options:
Each entry in the log file is a series of characters. Some people prefer to have
these fields separated with spaces for readability. Select your preferred separator:
Tab: Fields in the log will be separated by Tabs
Comma: Commas will separate log fields
Semicolon: Fields in the log will be separated by semicolons.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - FWIN Sample Log Entry
FWIN Sample Log Entry
ZoneAlarm Pro blocked an incoming request
FWIN,2000/03/07,14:44:58,-8:00 GMT, Src=192.168.168.116:0,
Dest=192.168.168.113:0, Incoming, ICMP
FWIN indicates that the firewall blocked an incoming request to connect to your
computer. The entry also includes the following information:
● Date and Time
●
●
●
Source IP Address and port number
Destination IP Address and port number
Transport-Indicates that the transport was either TCP, UDP, ICMP, or IGMP
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop...ro_Help_new_TOC/ZoneAlarmProHelp20_LogSamples_1.htm [4/13/2001 2:50:53 PM]
ZoneAlarm Pro - FWOUT Sample Log Entry
FWOUT Sample Log Entry
FWOUT,2000/03/07,14:47:02,-8:00 GMT,QuickTime Player Application
tried to access the Internet. Remote host: 192:168:1:10
ZoneAlarm Pro blocked an outbound request.
FWOUT indicates that the firewall blocked an outbound request from your
computer. The entry also includes the following information:
● Date and Time
●
●
●
Source IP Address and port number
Destination IP Address and port number
Transport-Indicates that the transport was either TCP, UDP, ICMP, or IGMP
BACK HOME NEXT
Inc.
ZoneAlarm Pro - PE Sample Log Entry
PE Sample Log Entry
PE,2000/03/22,17:17:11 -8:00 GMT,Netscape Navigator application
file,192.168.1.10
The "PE" entry informs you that an application on your computer attempted to
access the Internet. The entry also includes the following information:
● Date and Time
●
●
The application on your computer that attempted to access the Internet
The IP Address and Port number that the application was trying to connect
to.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - ACCESS Sample Log Entry
ACCESS Sample Log Entry
ACCESS,2000/09/07,16:45:57 -5:00 GMT,Microsoft Internet Explorer was
not allowed to connect to the Internet (64.55.37.186).,N/A,N/A
The "ACCESS" entry informs you that an application on your computer attempted
to access the Internet when the Allow connect setting in the Programs List was set
to X (denied) for the application named in the Alert. At the same time, the Blocked
applications checkbox was not checked on the Suppressed Alerts panel.
The combination of these two permissions settings caused this alert to be
generated. When a checkbox on the Suppressed Alerts panel is not checked, an
alert will be generated in the Alert Log for the type of connection named on the
checkbox.
The entry also includes the following information:
● Date and Time
● The application on your computer that attempted to access the Internet
● The IP Address that the application was trying to connect to.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - MS Sample Log Entry
MS Sample Log Entry
MS,2000/09/08,09:45:56 -5:00 GMT,Microsoft Windows(TM) Messaging
Subsystem Spooler,Renamed email attachment of type .HLP to .zla,N/A
The "MS" entry informs you that an e-mail containing an attachment of a file type
that you have asked MailSafe to quarantine was received by your e-mail client. At
the same time, the MailSafe quarantined attachments checkbox was not checked
on the Supressed Alerts panel.
The combination of these two settings caused this alert to be generated. When a
checkbox on the Supressed Alerts panel is not checked, an alert will be generated
in the Alert Log for the type of connection named on the checkbox.
The entry also includes the following information:
● Date and Time
●
The system that handles e-mail delivery on your system, like Microsoft
Windows(TM) Messaging Subsystem Spooler in the message above
●
The name of the file, including file type, that was renamed by MailSafe to a
.zla filetype for quarantining purposes.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Alert Settings
Alert Settings
The Alert settings section in the Alerts panel lets you control where ZoneAlarm Pro
sends firewall alerts.
The options are located at the bottom of the Alerts panel:
●
Log Alerts to a text file: saves alerts to a text file in CSV format.
●
Show the Alerts Popup window: either displays the Visual Alert window
or turns it off altogether.
Log Properties: lets you change the directory of the log file and archive the
file daily, weekly or monthly. This allows you to keep the file readable and of
a manageable size.
●
●
●
Log Properties: establishes where on your network you want to save the
log file.
View Log: opens your Alert log.
The log file is called ZALog.txt by default and is located in a folder called Internet
Logs in the Windows install directory on your machine. The size of the log is
displayed next to the location, and the log can be deleted when you feel it is
appropriate so it does not get too big.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/...arm_Pro_Help_new_TOC/ZoneAlarmProHelp20_Settings.htm [4/16/2001 9:44:34 AM]
ZoneAlarm Pro - Local Zone Contents tab
Local Zone Contents tab
This is where you populate your Local Zone with the computers and IP addresses
that ZoneAlarm Pro will protect. Use this panel to add any of the following to your
Local Zone:
● Web sites
●
●
IP addresses or ranges of IPs
Subnets
Networks Section
The Local Zone Contents tab lets you add other computers to your Local Zone.
Pressing the Add button gives you the choice to add a host (or site) by name, an
IP address, a range of IP addresses, or an IP subnet.
When a red checkmark appears in the checkbox, this means that the element is
an active member of your Local Zone. Uncheck the checkbox if you want to
remove the element from active membership in your Local Zone, but retain it on
your list for later.
file:///C|/Documents and Settings/rwilliams/Desk...Pro_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab1.htm (1 of 3) [4/16/2001 9:45:25 AM]
Add Options:
Host/Site - Adds a computer name to your Local Zone. You'll be prompted to
enter the name of the computer, and you can enter either a domain-style name
Please note that a single computer name might refer to more than one actual
computer, if two or more servers cooperate to balance their loads. If this is the
case, all the matching computers will be added to the Local Zone.
Local Zone.
Local Zone.
IP Subnet - Adds a subnet to your Local Zone. This is useful in offices where the
Local-Area Network is divided into multiple subnets. For example, if the Network
printer is on a different subnet than your computer, the Dynamic Firewall will
block access to the printer. Adding the printer's subnet to the Local Zone enables
you to use the Network printer from your computer, as well as any other services,
such as file-shares and computers on the printer's subnet.
If you are in a corporate setting, your computer may be part of a larger
corporate network. This network might be divided into smaller networks, or
subnets. ZoneAlarm Pro will not recognize the subnets that your computer is not
on as being part of your Local Zone.
This becomes a problem if your computer is on a different subnet than certain
resources such as a network printer and file-shares. The Advanced Properties of
the Dynamic Firewall enable you to add such a resource to your Local Zone.
Networks Section
The Networks section lists all your network and dialup adapters. Checking an
adapter automatically adds all the other computers in that network adapter's local
subnet to the local zone. If your network is a small local area network, this
automatically adds all the nearby computers to your local zone.
If your computer is part of a Local Area Network, you will need to place a
checkmark next to the network adapter cards under Networks. This will ensure
that you have access to necessary resources of your Local Area Network.
A note for Cable modem users: If you use a network adapter card connected
directly to a cable modem to connect to the Internet, you will want to leave the
cable subnets unchecked, to prevent your neighbors from being able to access
your computer.
If these default settings for the Local Zone don't meet your needs, ZoneAlarm Pro
lets you add computers and networks of computers to your Local Zone.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Advanced Security Properties
Advanced Security Properties
The tabs on this dialog can make your protection levels much more powerful. They
can help you: set up protocols and ports that are allowed in on High Security or
that are blocked on Medium Security, enable protection against malicious e-mail
attachment file types such as VBScript and JavaScript files, and much more.
If the message You are not logged in to ZoneAlarm Pro. Any changes you
make will not be realized until you log in is displayed when you click on the
Advanced button, you have an established ZoneAlarm Pro password but have not
yet logged in.
General - Enable or disable the PC as an ICS or NAT gateway or client
Local Zone Contents - Add computers to your Local Zone
Restricted Zone - Add computers to your Restricted Zone
Local Zone Custom Settings - Customize security settings for your Local Zone
Internet Zone Custom Settings - Customize security settings for your Internet
Zone
MailSafe - Define e-mail attachment file types you want to block and allow
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop...rm_Pro_Help_new_TOC/ZoneAlarmProHelp50_Advanced.htm [4/16/2001 9:46:45 AM]
ZoneAlarm Pro - Local Zone Security Settings
Local Zone Security Settings
The default security level for the Local Zone is Medium. One difference between
Medium and High security levels is that High security instructs the Dynamic
Firewall to block access to the network and system services.
The security levels you set in this panel will not conflict with, or override, access
privileges you have assigned to specific programs in the Programs panel. The
same is true for your Internet Lock settings. Low, Medium and High security levels
are described below:
Low Security: Low security only enforces application privileges and Internet Lock
settings, leaving your computer visible to other computers in the Local Zone. The
firewall does not block file or printer shares or traffic to and from the Local Zone.
Medium Security: This is the default Local Zone setting. At this security level,
the computer is visible to the Local Zone and file shares, printer shares and
Windows services are allowed for computers in the Local Zone. At Medium
security, the Automatic Lock is enhanced by the firewall and blocks all ports.
High Security: This is the highest security level available providing strong
application flexibility. At High security, the firewall blocks access from the Local
Zone to Windows (NetBIOS) services and file and printer shares.
When High Security is set, your computer is in Stealth Mode. This means that all
ports not currently in use by a program are blocked and at the same time, they
are not visible to the Local Zone. High security opens ports only when an approved
program needs them.
By default, no computer belongs to the Local Zone. Please see the Local Zone
Contents Tab for information on how to add computers to your trusted Local Zone.
file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp50_LocalZone.htm (1 of 2) [4/16/2001 9:47:46 AM]
ZoneAlarm Pro - Local Zone Security Settings
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp50_LocalZone.htm (2 of 2) [4/16/2001 9:47:46 AM]
ZoneAlarm Pro - The Programs Icon
The Programs Icon
This is the Programs icon. To display the entire panel which contains the Program
List, click on the Programs button.
The Programs icon gives you a bird's eye view of the most recent instance of
Internet access by one of your applications. A blinking application icon means that
the program is actually sending or receiving Internet data. A server application
that has been listening for connections is displayed with a hand under the icon.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp60_1.htm [4/16/2001 9:48:49 AM]
ZoneAlarm Pro - Setting Program Access Rights
Setting Program Access Rights
Programs installed on your computer have access rights to computers in two
different zones. According to the security rules set up in ZoneAlarm Pro, no
program is allowed to have greater access to the Internet Zone than it has to the
Local Zone.
Setting Access Rights
Access Rights Symbols
Setting Access Rights
You can set access rights in three different ways from the Programs panel:
●
clicking directly on the checkboxes on the Program List, shown below
●
clicking on the Options button on the Programs panel then making choices in
the Access Permissions panel
●
selecting the Options popup menu, then clicking on the Access Permissions
tab
This makes it easier for you choose the easiest way for you to quickly set access
rights once you are used to ZoneAlarm Pro.
Access Rights Symbols
A program's access rights are identified by a check mark, X
or ?. You can easily change a program's access rights by
going to the Program List and making a selection in the
Allow connect column or by right-clicking on the program
name. If you right-click, select Local Network to define
Local Zone settings. Select Internet to define Internet Zone
settings.
file:///C|/Documents and Settings/rwilliams/Desk...eAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp60_2.htm (1 of 2) [4/16/2001 9:49:22 AM]
ZoneAlarm Pro - Setting Program Access Rights
A green check mark means that the program always has permission to connect
without asking for your explicit permission. SECURITY RULE: When you grant a
program the permission to access the Internet Zone at this level, ZoneAlarm Pro
automatically allows the program to have the same access to the Local Zone. You
will see this when a green check mark is automatically added to the Local Zone
area.
● A red X means that the selected program is denied Internet access until you
reset the permission. SECURITY RULE: When Local Zone access permission
is denied using the red X, the selected program will automatically inherit the
same access restrictions to the Internet Zone. You will see this when a red X
is automatically placed in the Internet Zone area of the Program List. This is
the result of the following security rule: the Internet Zone cannot have
greater access rights than the Local Zone.
●
A green ? means that the program will ask permission each time it tries to
connect. The permission will be displayed on your computer screen as a
popup window. In response, you decide whether or not to grant the
requested permission by clicking on Yes or No. This is the default permission
level assigned to all programs when they are added to the Program List.
SECURITY RULE: For any given program, you cannot enter a green check
mark for Internet Zone access if that program's Local Zone access is only
established as green ?.
Example: A web browser cannot have access to the Internet Zone if it does not
have access to the Local Zone. If you place a green check mark in the Internet
Zone area of the Program List for your web browser, ZoneAlarm Pro will
automatically place one in the Local Zone area. Conversely, you can place a green
check mark in the Local Zone area without increasing the program's access rights
to the Internet Zone.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Pass Lock
Pass Lock
Select the Pass Lock popup menu for a specific program to allow that program to
connect to the Internet even though the Automatic Lock is engaged.
The Pass Lock menu is located on the popup menu. This feature is very useful to
allow a program like your e-mail client to check for mail when access to all zones
is locked for other programs.
To enable Pass Lock, right-click on any application in the Programs panel and
select Pass Lock.
By default, the pass lock feature is deactivated for every program on the Program
List. When the lock is deactivated, there is no check mark to the left of the word
Pass Lock.
To turn on the feature, thus allowing the program where you right-clicked to
bypass the Automatic Lock, simply select Pass Lock. After making your selection,
a check mark will be displayed to the left of the Pass Lock selection. You can view
this check mark to verify that the Program has pass lock turned on by going back
to the popup menu. You will see a check mark to the left of Pass Lock, as shown
below:
ZoneAlarm Pro - Pass Lock
You can also use this feature to allow server applications to bypass the Automatic
Lock. If you have an FTP, or Web server application running on your computer,
the Pass Lock button will allow you to let those applications remain connected to
the Internet when the Automatic Lock activates.
Note: When the Emergency STOP button is pressed, Internet access will be
denied to all applications including those that have been given Pass Lock rights.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Removing Programs from the Programs List
Removing Programs from the
Programs List
To remove a program from the Program List, right-click on the program entry and
select Remove from the popup menu. Removing a program from the list does not
prevent ZoneAlarm Pro from monitoring the application. ZoneAlarm Pro will detect
the program next time it attempts to access the Internet.
You can also change a program's Internet access rights using the right-click menu.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp60_5.htm [4/16/2001 9:50:51 AM]
ZoneAlarm Pro - Options
Options
The Options menu displays a dialog with two tabs: the Access and Server
Permissions tab and the Ports tab. These tab provide powerful security tools that
help you to set up rules that very precisely govern the way your applications
In ZoneAlarm Pro, you apply these rules by zone so that you have varying degrees
of protection throughout your fortress. The protection available here is set for the
Local Zone and the Internet Zone independently.
This extraordinary degree of control lets you allow or deny the following for any
application:
Overall connections for each application:
●
Allow the connection
●
Deny the connection
Don't deny it but have ZoneAlarm Pro ask permission each time
●
Port and Protocol connections for each application:
●
No restrictions - allow all connections to occur
●
Limit connections to the list you specify
Limit connections to everything that is not specified on your list
●
Ability to be a listening server:
ZoneAlarm Pro - Options
●
●
●
Always allow the application to act as a server
Never let the application act as a server
Don't deny server behavior but have ZoneAlarm Pro ask permission each
time
You could theoretically use the Options menu to keep everyone out of your Local
or Internet zone except two or three applications using ports you define using the
Ports tab.
Or else, instead of categorically denying access, you could instruct ZoneAlarm Pro
to send a message asking your permission for each Internet connection attempted
by the two or three applications whose connection properties you've set up using
the Options menu.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Access Permissions
Program Permissions
The Access permissions panel is displayed when you select the Options button on
the Programs panel or when you right-click on a program then select Options from
the popup menu.
The radio buttons on this panel allow you define precise permissions for each of
your programs. Use the yellow section of this panel to define, for a specific
program, access permissions to computers or addresses defined in your Local
Zone. Use the blue section to grant programs access permissions to computers
and addresses in the Internet Zone. In addition, the yellow and blue sections allow
you to define whether or not your programs can act as servers listening for
connections from computers from either of those zones: yellow for the Local Zone,
blue for the Internet Zone.
file:///C|/Documents and Settings/rwilliams/Desk...new_TOC/ZoneAlarmProHelp60_Options_AccessTab.htm (1 of 2) [4/16/2001 9:52:47 AM]
ZoneAlarm Pro - Access Permissions
Left-side buttons:
Right-side buttons:
If your program changes frequently and it is accessing the Internet, use the
Identify program by full path name only checkbox or the Changes Frequently
popup menu. By selecting one of these choices for a specific program, you are
identification at the time of Internet access.
If you don't check either one for a program that you are developing, a new
instance of the program will be added to the program list whenever a new version
connects to the Internet.
You can also click on the Changes Frequently popup to set screening by path
name only by checking the box next to Identify program by full path name
only. This means that ZoneAlarm Pro will not enforce other checking rules. It will
not, for example, check for file size.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desk...new_TOC/ZoneAlarmProHelp60_Options_AccessTab.htm (2 of 2) [4/16/2001 9:52:47 AM]
ZoneAlarm Pro - Ports Tab
Ports Tab
The Ports tab enables you to specify ports and protocols that an application is
permitted to use. The title bar, at the top of the Ports tab, displays the program
name you are defining port access for, such as Outlook Express or Netscape
Navigator.
Right-hand Options
Adding custom ports
Select Allow access to all ports and protocols to allow your program unlimited
access (all ports and protocols).
Select Allow access for ONLY the ports checked below to place port and
protocol restrictions between each of your applications and the Internet.
file:///C|/Documents and Settings/rwilliams/Desk...new_TOC/ZoneAlarmProHelp60_Options_Ports_Tab.htm (1 of 5) [4/16/2001 9:53:18 AM]
Allow access to all
ports and protocols:
Allows the program to have Internet connections via all
ports.
Allow access for ONLY Allows the program access only via any protocol or port
the ports checked
that is selected with a check mark
below:
Limits the program's connections to the protocols and
ports with checkmarks. The IGMP and ICMP
checkboxes selected by default as the protocols you will
limit the program's connections to.
Allow access for any
port EXCEPT for those
Allows the program access via all ports and protocols
checked below:
except those checked.
Allows connections to every protocol and port that is
not checked in the list below. The IGMP and ICMP
checkboxes are selected by default as the port types
denied to the program's for Internet access utilization.
Right-hand Options
Click on
to add a port or range of ports for which permission can be
included or excluded for the selected program
Click on
to remove any ports already defined for the application
When a server-specific choice such as Mail Servers is selected, ZoneAlarm Pro
adds the most common default ports used by the server type. For example, three
ports are added for Mail Servers, SMTP, POP and IMAP. Though, different mail
server types have their own requirements which you can verify through your mail
server documentation. You might not need IMAP for instance.
Preselected entries are customizable. In the example below, all three mail server
ports remain selected. You would need to know what type of protocol your mail
server uses. In most cases with ISPs, it will be POP. Also, if your mail server uses
IDENT, you might need to open port 113 for example.
Adding Custom ports
As the dialog mentions, your machine has a total of 65,535 ports. When adding a
UDP or both.
a UDP port.
Description field: Type in any name for the port or range of ports you're adding.
Click on OK to add the port(s), which will be displayed in the Ports panel.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Changes Frequently
Changes Frequently
For application developers whose program stats change
Example of how it works
For developers whose program stats change
The identifying statistics about a program change each time it is compiled. These
statistics include date and time of program compilation, program size, version
number, and path name. ZoneAlarm Pro uses these statistics to identify a program
when it accesses the Internet. If the statistics of a program don't match any other
program on the Program List, a new entry will be made for the program on the
Program List even if a prior version of that program is already on the list.
Example of how it works
Directly below you can see two instances of the ZoneAlarm Pro program on the
Program List. For developers, using the Changes Frequently popup will prevent
you from accumulating additional instances of the same program on the Program
List.
This additional instance on the Program List will be added unless you select the
Changes Frequently popup or, alternatively, unless you check the Identify
program checkbox, shown below. This checkbox is located at the bottom of either
the Program options or the Advanced Programs options panel.
The checkbox performs the same function as the Changes Frequently popup. By
selecting either the popup menu or the checkbox for a specific program, you are
identification at the time of Internet access. If you don't check either one for a
program that you are developing, a new instance of the program will be added to
the program list whenever a new version connects to the Internet.
file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options1c.htm (1 of 2) [4/16/2001 9:53:56 AM]
ZoneAlarm Pro - Changes Frequently
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options1c.htm (2 of 2) [4/16/2001 9:53:56 AM]
ZoneAlarm Pro - The Change Registration button
The Change Registration button
Click on the Change Registration button to review or modify your ZoneAlarm
Pro registration information. Provide any new information, such as a new name or
e-mail address, in the Registration Information dialog, shown below. If your PC is
not for business use, put your name in the company field.
If you make any changes to the registration information, ZoneAlarm Pro will
automatically reregister for you. ZoneAlarm Pro displays the date and time of your
last registration
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/...arm_Pro_Help_new_TOC/ZoneAlarmProHelp70_Register.htm [4/16/2001 9:54:41 AM]
ZoneAlarm Pro - Trojan Horses
Trojan Horses & Portscanning
"Why would hackers single me out of all the computers attached to the Internet?"
Unfortunately, it's not usually a matter of choice when a hacker comes calling,
especially if you are using a broadband connection that is "always on." One
method used to identify potential hack targets is through the widespread practice
of portscanning.
In a nutshell, portscanning is a tool that allows for information gathering on
computers attached to a network. Online vandals will regularly portscan vast
blocks of IP addresses. By doing so, they are able to determine what services are
currently listening for connections on a computer and what specific ports they are
listening on. Thus, providing clues to form an attack strategy.
How ZoneAlarm & ZoneAlarm Pro Handle Portscans
ZoneAlarm & ZoneAlarm Pro handle portscans by simply dropping the packets as
they hit your machine. You might see a string of alerts, letting you know there
have been X attempts to access your computer and the alerts run sequentially by
port number. That is a portscan in progress. ZoneAlarm/ZoneAlarm Pro will log up
to 500 alerts and will not report the scans after that point. However,
ZoneAlarm/ZoneAlarm Pro does continue to block the scans. The 500 alert
maximum is in effect because there are over 65,000 ports on a Windows
Operating System, it would not make sense to consume such a large quantity of
disk space to report blocked scans so that is why ZoneAlarm/ZoneAlarm Pro stops
at 500.
You can break a portscan just by shutting off your Internet connection but bear in
mind, most portscans are run by automated commands so there is no predicting
when they could return.
What Happens If I Don't Have ZoneAlarm or ZoneAlarm Pro Protecting My
Computer?
Once an unprotected computer is singled out as worthy of an attack, a common
means to gain control of the computer is via a Trojan Horse - also known as a
Remote Administration Tool (RAT). Trojan Horses are easy for even the most
rudimentary of programmers to create and are therefore very common on the
Internet. If installed correctly, Trojans can be highly intrusive because they 1) can
cause consternation and mayhem, 2) can establish a direct mechanism for
stealing data stored on the PC and 3) can serve as a launching pad for attacks
directed elsewhere on the Internet.
How do Trojan Horses get distributed?
Trojan Horses can come from seemingly innocent sources, typically as e-mail
attachments, file transfers or downloads. Since Trojans can be bundled with a
legitimate file, there is no obvious tip-off of a bundled Trojan but such a file must
retain an .exe or .scr extension. The objective is for the victim to unwittingly
launch the file believing it to be legitimate. In this manner, a Trojan will extract in
stealth and attempt to take over your machine at a later time when you least
expect it. Thus, you can see why the Trojan Horse analogy is used to describe the
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/trojan.htm (1 of 2) [5/23/2001 2:13:18 PM]
ZoneAlarm Pro - Trojan Horses
phenomena.
The best bet to avoid Trojan Horses in the first place is to not launch .exe or .scr
files from an untrusted source. ZoneAlarm Pro users can configure MailSafe to
catch files with these extensions coming through e-mail.
There is another dimension to acquiring Trojan Horses and it involves safe surfing
habits. It is possible to acquire Trojans through a browser but only if you are
tricked into clicking on a self-extracting payload. Pop-up banners and similar
enticements can be Trojans so be careful! Use good judgment in deciphering what
is a legitimate click-through and what falls under the category of suspicious.
How ZoneAlarm & ZoneAlarm Pro Recognize Trojan Horses
Once installed on the target machine, a Trojan Horse can be difficult to identify
because it can have cryptic a file name or even masquerade as a legitimate file
name.
You'll be able to recognize a cryptic application trying to access the Internet
simply by examining your Programs List. ZoneAlarm & ZoneAlarm Pro will detect
and prevent Trojans re-named as legitimate applications from accessing the
Internet.
Many of the other firewalls today, do their application verification process through
name recognition. Hackers can easily exploit this weakness by creating a Trojan
Horse that has the same name or properties as a legitimate application, enabling
it to bypass a firewall. With ZoneAlarm and ZoneAlarm Pro, even if a hacker
changes the name of an application to make it look legitimate, it will still be
stopped because of an MD5 Checksum verification process.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/trojan.htm (2 of 2) [5/23/2001 2:13:18 PM]
ZoneAlarm Pro - The Alerts Panel
The Alerts Panel
The Alerts icon is located at the top of the panel. Click on the "Alerts" button to
display the entire Alerts panel.
Alerts Icon
Statistics
Advanced
More Info
Alerts Icon
Notice the two sets of UP/DN (Up/Down) graphs inside the Alerts icon. On your
machine, whenever data is being sent to the Internet, red bars are displayed
inside the two UP graphs. Whenever data is being received (downloaded), green
bars are displayed inside the DN graphs.
●
The two graphs in the top portion of the icon display Internet traffic as it
happens.
●
The two graphs in the lower portion of the icon display a chronological
history of Internet traffic as it is generated on your machine.
●
Whenever red or green flashing bars appear in the Alerts icon, the
application receiving or sending traffic is shown as a blinking icon inside the
Programs icon.
Statistics
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/ZoneAlarmProHelp20.htm (1 of 3) [5/23/2001 2:14:38 PM]
Use the Alerts panel to see statistics on Internet alerts since you launched
ZoneAlarm Pro. At the top of the panel, Today's Summary shows the total amount
of data sent and received by all applications.
Advanced
Click on this button to:
● Stop display of your IP address when you use the More Info button
●
Suppress specific alert types
●
Select options about the behavior of the Alert Log.
In the Alert Settings area, at the bottom of the panel, select the first checkbox to
save Alerts to a text file. Click on the Advanced button, then Log File tab to set up
an archiving schedule for the Log file.
More Info
Use this button to submit alert information to the Zone Labs Alert Analyzer.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Web Browser Preconfiguration
Preconfiguration of your Web
Browser in the Installer
This feature is for new users who have never run ZoneAlarm Pro before. As part of
the installation process, you will be asked if you want to automatically give your
default browser (and services and controller app for Windows 2000 users) Internet
access.
If you choose Yes
What is the purpose of this feature?Two
If you choose Yes
If you choose Yes, your browser will have permission to access the Internet. If you
choose No, you will be asked to give Internet access rights to your browser the
first time you try to access the Internet. Note: If the installer cannot locate your
default browser or if you've run ZoneAlarm previously, you will not see this
feature.
What is the purpose of this feature?
By automatically giving your default browser Internet access rights in the installer,
you won't have to do it yourself later. This feature, then, is for your convenience
and ensures that you will have immediate Internet access after installing
ZoneAlarm Pro.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/zap_default_browser.htm (1 of 2) [5/23/2001 2:17:09 PM]
ZoneAlarm Pro - Web Browser Preconfiguration
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/zap_default_browser.htm (2 of 2) [5/23/2001 2:17:09 PM]
ZoneAlarm Pro - MailSafe
MailSafe
MailSafe can be enabled or disabled on the Security Panel.
MailSafe identifies potentially harmful scripts in e-mail attachments, then disables the
script's ability to execute by changing the file type. MailSafe does not replace the
functionality of a virus scanner. Rather, it quarantines the potentially harmful attachments
and provides you the opportunity to keep the identified script program from running.
MailSafe works with Internet mail clients that use POP3 and IMAP - the most common
Internet e-mail protocols.
Configuring MailSafe
Clicking on the Configure pushbutton within the Security Panel, opens the MailSafe options
tab. By default, every file type in the list is selected for quarantining. This provides
maximum protection.
If you specifically do not want protection against any of the file types on the list, deselect
the corresponding checkbox. If the file type you are looking for is not in the selectable list
shown below, you can add it yourself by clicking on the Add button.
file:///C|/Documents and Settings/rwilliams/Desk...Pro_Helps_Source/ZoneAlarmProHelp50_Adv_Tab6.htm (1 of 6) [5/23/2001 2:27:34 PM]
You can select from nearly 40 file types that you want MailSafe to quarantine.
● .VBS Visual Basic script: many viruses are sent with this extension
●
.EXE executable file
●
.COM executable file
●
.VB Visual Basic file
●
.JS Java Script file
●
.BAT Batch file
●
.CHM Compiled HTML
●
.COM MS-DOS app
●
.SCR Screen Saver
●
.LNK Shortcut
●
and many more
In the Add e-mail attachment type dialog, enter a description and, in the second field, the
file type you want ZoneAlarm Pro to quarantine.
Quarantined Files
ZoneAlarm Pro's MailSafe feature re-names the attachment's extension to .zl* (the *
representing a number or a letter -- either 0-9 or a-z).
Double-clicking the quarantined file launches a dialog box asking if you want to open or
save the attachment.
If you choose the "Save it to disk" option, then the file extension can be re-named and
placed in a directory of your choice. If you select "Open it", a wizard will launch which
provides additional options.
If you select "Run", MailSafe will prompt you for an assurance that you really want to open
the file.
If you have configured MailSafe to block the types of files you do not want to allow, then
there would be no reason to run the file. Take heed if the file is something you genuinely
want to open. As previously described, you can also select the "Save As" option. This brings
up a dialog box to save the file. The default location is your Temp folder.
You can re-name the file extension to something harmless such as .txt for closer
examination
Alternatively, you can also select the "Inspect with Notepad" option which opens the
attachment in a textual format. This option is probably best for advanced users who would
like to closer examine the contents of the attachment. The safest option is to simply select
"Do not run" and delete the file if you do not recognize the sender and you do not recognize
the file name as something you want on your system.
Useful Tips
●
●
●
●
Even when running ZoneAlarm Pro with MailSafe active, it is important to use an
anti-virus scanner. If you use MailSafe, then it is advised to turn off the e-mail
scanner within your anti-virus software.
If you are using McAfee's VShield and ZoneAlarm's deskband:
1. Exit McAfee's VShield from the system tray
2. Right click on the task bar to launch the zone alarm desk band
3. Load McAfee's Vshield from the McAfee anti-virus's options --->V shield's
properties ------->clicking OK and clicking "yes " when promoted "Do you want to
load V shield now?"
McAfee's Vshield and ZA/ZAP should now function together.
When using Web-based e-mail, such as Yahoo or Hotmail, MailSafe will not
quarantine e-mail attachments that arrive via those systems.
If you are testing the functionality of MailSafe, keep in mind that if mail is received
from the same MS Exchange server it was sent from, MailSafe will not register the
file. Thus, you cannot test MailSafe by sending yourself a .VBS or other file intended
to test quarantine. For tests not on the same Exchange server, go to the Security
panel, click Configure to ensure that the extensions coming through are in the list of
suppressed attachments.
BACK HOME NEXT
All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611.
Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc.
ZoneAlarm Pro - Internet Components
Internet Components
Click through the links below to review some basics of the the Internet and how
ZoneAlarm/ZoneAlarm Pro serve as protectors of individual machines.
The Internet
Connections
TCP/IP
Firewall Protection
The Internet
The Internet is a worldwide infrastructure that allows millions of computers, each
of which is part of a smaller network, to communicate with each other.
Participants on the Internet include individual users, corporations, government
agencies, universities, ISPs and various online services.
Data traffic between networks is managed by routers. The primary function of a
router is to make sure that data traffic in the form of packets arrive at their
destination.
The concept of a firewall is to be a sentry, allowing authorized network traffic
through while blocking unauthorized network traffic through the network.
However, many threats and vulnerabilities exist on the Internet which makes
having protection only on the network impractical. Since time and experience have
proven that unseen threats can penetrate a network, additional protection has
become a necessity at the desktop, especially for users with "always on"
connections to the Internet.
ZoneAlarm and ZoneAlarm Pro are desktop firewalls, ensuring a secure
environment while connected to the Internet by allowing the user to dynamically
control traffic in and out of the PC. Unseen threats to the desktop include viruses,
worms, Trojan horses, denial of service attacks, various direct intrusion methods
and many other forms of privacy invasion. ZoneAlarm and ZoneAlarm Pro are
equipped with sophisticated means of reporting suspicious activity to log files as
well as alert notifications. Since Internet activity is unpredictable, ZoneAlarm and
ZoneAlarm Pro arm users with the ability to protect their PCs from unwanted and
potentially damaging occurrences.
Connections
Networks can be connected by a variety of transports. The most common
file:///C|/Documents and Settings/rwilliams/Deskt...armPro_Helps_Source/ZoneAlarmProHelp_Basics_1.htm (1 of 3) [5/23/2001 2:28:42 PM]
examples of Internet access include ordinary telephone lines (dial-up), broadband
services such as DSL and cable modems, ISDN, T1 and T3 lines.
Either a modem or leased lines are the most common methods of transport.
Traditional dial-up modems provide Internet access via the public telephone
network at up to 56 Kbps.
ISDN modems are capable of speeds up to 10 Mbps.
DSL modems transmit and receive data as digital with a capacity of 1.544 Mbps.
Cable modems provide high-speed Internet access through a cable television
network at more than 1 Mbps. This is approximately 20 times faster than dial-up
modems.
T1 lines don't require a modem and can transmit and receive data with a capacity
of 1.544 Mbps.
T3 lines don't require a modem and can transmit and receive data with a capacity
of 45 Mbps.
TCP/IP
TCP/IP is the standard protocol for data traffic on the Internet. An IP address is a
unique identifier for each computer or device on the Internet and any TCP/IP
network. An example of an IP address would be 127.0.0.1.
All data moving through the Internet is comprised of segmented packets. Routers
read the IP packet headers to determine their appropriate destination for the
traffic. Once the packets reach their destination, they are re-assembled and read
by the receiving computer.
The known and verifiable IP addresses of computers that you trust can be input
into your Local Zone so that ZoneAlarm and ZoneAlarm Pro recognize them. In
ZoneAlarm Pro Clicking the Add button on the Local Zone Contents panel allows
you to add a single IP address or a range of IP addresses.
If you are on a network, please go here for instructions on adding your subnet
adapter to your local zone.
Firewall Protection
Many firewalls use a packet filtering method for distinguishing permissible traffic.
This type of protection only examines the IP packet headers. A packet filtering
firewall does not protect against attacks directed at the application layer. For
instance, if a packet filtering firewall was set to allow incoming e-mail from the
Internet, then an attack on the SMTP service would pass through the firewall
without a problem. In other words, as long as the rule set is passed, a connection
is made directly from outside the firewall to inside the firewall.
One step up from packet filtering is the Stateful Inspection model of firewall. This
type of firewall will analyze incoming packets until it has enough information
(using information such as TCP sequence numbers) to determine the state of the
connection. Then, if the packets pass the rules set, they're forwarded to the
correct interface. Using this information, the firewall builds dynamic state tables.
It uses these tables to keep track of the connections that go through the firewall,
rather than allowing all packets that meet the rule set's requirements to pass, it
allows only those packets which are part of a valid, established connection.
Like packet filtering, a Stateful Inspection does not guard the application layer
where many types attacks are focused.
A core feature of ZoneAlarm and ZoneAlarm Pro is providing protection at the
application layer, ensuring nefarious applications such as Trojan horses and
spyware are unable to achieve their purpose of reaching the Internet from your
computer.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Configuring a VPN Connection
Configuring a VPN Connection
When using a VPN, the primary objective of ZoneAlarm Pro is to protect your
computer and/or network from malicious activity when an IPSec, PPTP or L2TP
tunnel is established from a VPN client to the VPN server. Outgoing packets are
examined by ZoneAlarm Pro before encryption and incoming packets are
examined by ZoneAlarm Pro after decryption. This allows the combined product to
take full advantage of the capabilities of the firewall.
There are many varieties of VPNs and all have unique components and
configurations. In all scenarios, it is necessary to configure ZoneAlarm Pro to allow
trusted traffic to pass through it. This is accomplished by populating the Local
Zone. with trusted IP addresses, IP ranges, subnets and domains.
Add to the local zone:
VPN server IP address
● All of the LAN/WAN subnets that interact with the internal network you are
connecting to. This would include your POP and SMTP servers for e-mail
●
If you are using a RADIUS server, add it's IP address
● DNS servers used that are not on your internal network
● Depending on the operating system the VPN client is installed on, it may be
necessary to add the local host address (NIC loopback): 127.0.0.1
●
You'll know if the loopback address needs to be added to your local zone if you
receive an alert such as this:
Note: Make sure there is no proxy software running on the local host if the
loopback address needs to be added.
file:///C|/Documents and Settings/rwilliams/Deskt...oneAlarmPro_Helps_Source/How_to_configure_VPN.htm (1 of 5) [5/23/2001 2:29:43 PM]
How To Populate the Local Zone
●
●
●
Go to the Security Panel and select the Advanced button
In the Local Contents tab, select the "Add button"
Select the appropriate field (Host/Site, IP address, IP range, Subnet)
Under "Description", enter a name or description for entry. This description is
for display purposes only
●
Enter the Host/Site, IP address, IP range or Subnet. Note: A server name can
be resolved by entering the name or IP address. ZoneAlarm Pro will automatically
resolve and confirm the domain as reachable before accepting the entry. Though,
when adding a subnet, the subnet mask must be known.
●
●
Press OK or Finish as prompted
You will now see the element you've added, including the description you entered,
displayed under Other Computers.
Configuring Interoperability with a VPN Client
ZoneAlarm Pro will recognize services and applications on the machine when they
are launched or a related service is invoked. For example:
Upon the prompt, if the tick box asking to remember the program is checked, the
Programs List entry will look like this:
Some applications require server rights in order to listen for and receive incoming
connections from the Internet. Ordinarily, the VPN Client will prompt for server
rights. For example:
You can confirm server status in ZoneAlarm's Programs Panel.
In a VPN environment, some network configurations require ZoneAlarm Pro to be
configured with medium security settings. Medium security enforces full
application control. To access security settings, go to the Security panel.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Program Alerts
Program Alerts
There are four types of program alerts: New, Changed, Repeat, and Server.
When a program asks for permission to access the Internet or private LAN or act
as a server for the first time (i.e. it is not listed in the Programs Panel), it will be
labeled as "New Program." Once the program does either, it is no longer a new
program.
The "New Program" alert will be displayed whenever one of the applications on
your computer attempts to access the Internet. The example shown below
indicates that TCP/IP Ping Command, which has never accessed the Internet from
the the user's machine before, is attempting to reach an IP address on the
Internet.
By selecting Yes on this pop-up, you are indicating that the application is allowed
to contact the Internet destination indicated under Technical Information in the
pop-up.
At the time you receive a pop-up message like the one above, you can easily
instruct ZoneAlarm not to bother sending any more messages about that
particular application. Do this by selecting the "Remember this answer the next
time I use this program" box, located at the bottom of the pop-up message.
If you do not select the "Remember this answer the next time I use this program"
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/programalerts.htm (1 of 4) [5/23/2001 2:33:08 PM]
box, you will receive a message like the one shown below the next time TCP/IP
Ping Command tries to reach an Internet destination:
If the application is already in your Programs List and has server rights, you will
receive a Server Program Alert.
If you do not mark the "Remember this answer the next time I use this program"
box, then ZoneAlarm Pro will still recognize the application and put it into your
Programs List. It will not however, have access to the Internet (allow connect will
not be checked). Once in your Programs List, you can either allow it access or
remove it.
Changed Program
If a program that already has a rule listed in the programs panel tries to access
the Internet or LAN and/or act as a server and any of the following events happen,
the alert will be labeled "changed program."
●
The
The
The
The
The
The
●
The certificate has changed
●
●
●
●
●
MD5 or CRC checksum has changed
version number of the program has changed
name of the program has changed
name of the executable has changed
path/directory of the program has changed
file size has changed
For additional information on MD5 Checksum, go here.
Alert Content
ZoneAlarm Pro program alerts will contain the following information:
●
●
●
●
●
●
the IP address
the port
the protocol
the time and date of the connection attempt
whether the connection attempt was incoming or outgoing
possibly, but not always, the name of the application causing the alert
More Info Button
The More Info button is the way to find out additional information about the
meaning of a specific Program alert pop-up you have received. The information
displayed when you click on the More Info button comes from the Zone Labs
knowledge base.
BACK HOME NEXT
Inc.
ZoneAlarm Pro - Easy Online Help
Interactive Tour of ZoneAlarm Pro
Click on graphics in the online help system for quick help and cross-referencing:
Overview of ZoneAlarm Pro
Default web browser
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/ZoneAlarmProHelp_Online_1.htm [5/23/2001 2:34:46 PM]
ZoneAlarm Pro - Overview
ZoneAlarm Pro Overview
ZoneAlarm Pro provides Internet security for the individual computer it is installed
on. This can include any network transport using TCP/IP. ZoneAlarm Pro fully
supports the most common Internet transports available such as DSL, Cable,
T1/T3, ISDN along with specialized network configurations such as ICS and NAT.
ZoneAlarm Pro protects a computer from malicious or unwanted programs such as
Spyware and Trojan horses, by allowing the user to control what applications are
allowed access to the Internet.
ZoneAlarm Pro provides users the ability to establish protection levels for several
zones. The Local Zone serves to identify and recognize permissible traffic such as
file-sharing and print-sharing operations within your LAN. If the Internet Zone is
set to High Security, this puts your computer in stealth mode, meaning it is
invisible to other computers throughout the Internet.
You can customize security settings by clicking on the Advanced button in the
Security Panel or apply application-specific security by right-clicking on a program
name in the Programs Panel.
ZoneAlarm Pro appears as a panel on your Windows desktop. You can also make
use of the ZoneAlarm Pro DeskBand Toolbar.
Use the Interactive Tour of ZoneAlarm Pro to get a quick overview of how
ZoneAlarm Pro works.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/ZoneAlarmProHelp.htm [5/23/2001 2:39:20 PM]
ZoneAlarm Pro - Press the F1 key
Press F1 Key for specific help
All ZoneAlarm Pro panels and dialogs are linked to a specific topic in the help
system.
To display help information about a panel or dialog in the product where you are
currently working, press the F1 key. In response, help information will be
immediately displayed in your browser.
BACK HOME NEXT
Inc.
file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/ZoneAlarmProHelpF1.htm [5/23/2001 2:41:04 PM]

Programs Panel

Transcription

Similar documents

WHY THE YAKTRAX PRO WORKS

SCAG 12.cdr

InStyle September, 2008 - New York Dermatology Group

dixie chopper pro bagger

VEKAdeck PDF - Courtland Vinyl Windows Ltd.

ocean pro - Hewescraft

Outlaw Drag Racing Association (ODRA) at U.S. 19 Dragway

Sponsor Us - LMBSS.net

method of payment

Power Pick Global Communicator Pro

ZoneAlarm - Table of Contents