Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: cartel on May 04, 2005, 10:20:57 AM

Title: ZoneAlarm......final answer
Post by: cartel on May 04, 2005, 10:20:57 AM
?
Title: Re: ZoneAlarm......final answer
Post by: anvil on May 04, 2005, 11:05:01 AM
Could someone please post some screenshots of zonealarm's program control with the avast related programs set properly, please.

Great! This is also what I want to know! And also, why does !Avast report an incompatibility issue with ZA, and ask me to disable a feature of ZA? Sounds suspicious...
Title: Re: ZoneAlarm......final answer
Post by: essexboy on May 04, 2005, 11:36:23 AM
The only features on ZA that need reducing are cookie control and ad blocking both set to medium.  If I knew how to get screen shots I would gladly do it.  The privacy controls on ZA do not actually do much if you have XPSP2 and or FF 1.03.  The question asked at Avast launch is to reduce webshield scanning so that it does not conflict with ZA.  Personally I used RejZor's AEC to put webshield back to full strength and turn off ZA privacy controls. Works perfect for me.  Also the problem only affects ZAPro not (as far as I know) the free version.. 
Title: Re: ZoneAlarm......final answer
Post by: anvil on May 04, 2005, 12:04:17 PM
The only features on ZA that need reducing are cookie control and ad blocking both set to medium.  If I knew how to get screen shots I would gladly do it.  The privacy controls on ZA do not actually do much if you have XPSP2 and or FF 1.03.  The question asked at Avast launch is to reduce webshield scanning so that it does not conflict with ZA.  Personally I used RejZor's AEC to put webshield back to full strength and turn off ZA privacy controls. Works perfect for me.  Also the problem only affects ZAPro not (as far as I know) the free version.. 
I think it is the settings under 'Programme Control' in ZA. (Access, Server, Email =allow, block, ask) that are being asked for. I'm not sure I understand about RejZor's AEC??? What do you mean? Yes, I have ZAPro.
Cheers
Anvil
Title: Re: ZoneAlarm......final answer
Post by: essexboy on May 04, 2005, 12:32:33 PM
The actual firewall controls - internet and Trusted are set at High. The Privacy - main tab has ad blocking and cookie control off. Allow all Avast services to connect to the internet and trusted, additionally allow webscanner full server access (there should be 5 entries under programme control) Allow avast mail scanner mail access

AEC from here http://forum.avast.com/index.php?topic=3021.0

EDIT not a picture but allow( as taken from my programme tab):
File name           D:\Program Files\Alwil Software\Avast4\setup\avast.setup

File name           D:\Program Files\Alwil Software\Avast4\ashServ.exe

File name           D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (allow email rights)

File name           D:\Program Files\Alwil Software\Avast4\ashDisp.exe

File name           D:\Program Files\Alwil Software\Avast4\ashWebSv.exe (allow server rights)
Title: Re: ZoneAlarm......final answer
Post by: cartel on May 05, 2005, 03:13:27 AM
?
Title: Re: ZoneAlarm......final answer
Post by: TedNelly on May 05, 2005, 09:59:52 AM
Ok Cartel here are my ZA settings I hope it is of some help

they seem to work well for me??

Title: Re: ZoneAlarm......final answer
Post by: cartel on May 05, 2005, 12:20:47 PM
?
Title: Re: ZoneAlarm......final answer
Post by: TedNelly on May 05, 2005, 01:01:07 PM
Cartel

as far as I know this is all that is required for Avast to run via ZA

ashServ.exe = Virus Scanner

ashMaiSv.exe = Mail Scanner

ashwebsv.exe= Web Scanner

the fourth as far as I know is the update service as per graphic

What is RPCSS ???
Title: Re: ZoneAlarm......final answer
Post by: TedNelly on May 05, 2005, 01:20:47 PM
Here Cartel you can use a program like this for your screen caps

Best of all FREE



PS use the (modify) feature to ajust your screen capture
Title: Re: ZoneAlarm......final answer
Post by: hetzer on May 06, 2005, 08:26:38 PM
I have my Zonealarm Pro Internet and Trusted zones set to high EXCEPT when using my home LAN (3 PCs:- a P1, a PIII and a PIV interconnected through a Netgear Ethernet Router).

As my internet connection is with Telewest and uses a cable modem & the same ethernet & Router as the LAN, the Firewall Zones section has the individual LAN workstations added and put into the trusted zone. To browse files etc I have to change the Zonealarm Pro TRUSTED zone to MEDIUM and no problems!

As far as the cookie controls etc I have never used Zonealarm Pro for this as I prefer to use Firefox or Mozilla which can block individual sites cookies, and also blocks pop-ups, scripts etc etc. So the ZA pro PRIVACY stuff is all set to OFF and no blues with Avast and its web component!!
Title: Re: ZoneAlarm......final answer
Post by: cartel on May 07, 2005, 02:28:25 AM
?
Title: Re: ZoneAlarm......final answer
Post by: rygle on May 07, 2005, 03:22:37 AM
Screenshots can be done easily by pressing the "Prt Scr" button next to the Scroll Lock button and above the Insert button. Then go to your favourite graphics program (check out www.gimp.org for a good free one) and then paste the screen shot into a new document.

In Microsoft's Photo Editor (comes with Office), you just go to file and select "Paste as New Image", or in Gimp you go to the file menu and select "Acquire" and then "From Clipboard". I think in Photoshop you have to open a new document, which will automatically suggest the dimensions of the image in the clipboard, then go to the edit menu and select "Paste Into" or something like that.

To save the document, the best results will come from cropping the image to show only the relevant details, then saving the image as a jpeg with fairly high compression (GImp or Photoshop do the best job here - Microsoft Photo Editor is awful at compressing). Reducing the resolution and using low compression isn't as good as leaving the resolution high and using high compression.

Rygle.
Title: Re: ZoneAlarm......final answer
Post by: cartel on May 08, 2005, 05:36:36 AM
Please delete this string.......still no settings
Title: Re: ZoneAlarm......final answer
Post by: essexboy on May 08, 2005, 04:17:43 PM
Ok I think I might have a picture now I hope

http://uk.pg.photos.yahoo.com/ph/m.k.n@btinternet.com/detail?.dir=ba9c&.dnm=f499.jpg&.src=ph


If someone could check it out and let me know

Just tried to upload an attachment but it was tooooooooo big
Title: Re: ZoneAlarm......final answer
Post by: cartel on May 08, 2005, 04:47:49 PM
Cool, thanks that did help but 1 more left......
Distributed COM Services ?
Title: Re: ZoneAlarm......final answer
Post by: essexboy on May 08, 2005, 04:50:13 PM
As far as I know there is no requirement for DCOM to access the net you might want to go here to download the decombobulator 
http://www.grc.com/dcom/intro.htm

It also has further data on DCOM

Quote
What does DCOM do for you?

Well let's see . . . it attracts Internet worms and permits your system to be remotely compromised by malicious hackers. Other than that, it's of absolutely no practical use other than to adorn Microsoft's "We Have That Too" chart. There may be some custom corporate application developers who have managed to make some use of it, but mostly no one ever has. Nonetheless, it's there in Windows so that the competitors' CORBA isn't.

The DCOMbobulator will help everyone test
their DCOM patches and finally turn DCOM off.
Title: Re: ZoneAlarm......final answer
Post by: cartel on May 08, 2005, 05:02:23 PM
It is running with "ashserv.exe"
Is the DCOMbobulator for 98se ?
I thought its for XP

Process   PID   CPU   Description   Command Line   Version   Window Status
Idle   0x0   91.81   System Idle Process         
DDHELP.EXE   0xFFFCCB09      Microsoft DirectX Helper   ddhelp.exe   4.09.0000.0900   
RUNDLL32.EXE   0xFFFBAEB5      Run a DLL as an App   rundll32    4.10.0000.1998   
PSTORES.EXE   0xFFF8AF35      Protected storage server   C:\WINDOWS\SYSTEM\PSTORES.EXE   5.00.1877.0003   
KERNEL32.DLL   0xFFCF8691   0.57   Win32 Kernel core component      4.10.0000.2222   
 MSGSRV32.EXE   0xFFFFF22D      Windows 32-bit VxD Message Server      4.10.0000.2222   
  MPREXE.EXE   0xFFFFCFB9      WIN32 Network Interface Service Process   C:\WINDOWS\SYSTEM\MPREXE.EXE   4.10.0000.1998   
   VSMON.EXE   0xFFFE87E5   1.14   TrueVector Service   C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service   4.05.0594.0000   
   ASHSERV.EXE   0xFFFE200D   0.38   avast! antivirus service   "C:\Program Files\Alwil Software\Avast4\ashServ.exe"   4.06.0622.0000   
    RPCSS.EXE   0xFFFC44CD      Distributed COM Services   RPCSS   4.71.2900.0000   
  EXPLORER.EXE   0xFFFECC65   0.19   Windows Explorer   C:\WINDOWS\Explorer.exe   4.72.3612.1700   Running
   SYSTRAY.EXE   0xFFFDDF8D      System Tray Applet   "C:\WINDOWS\SYSTEM\SysTray.Exe"    4.10.0000.2224   
   TASKMON.EXE   0xFFFDC48D      Task Monitor   "C:\WINDOWS\taskmon.exe"    4.10.0000.1998   
   ZLCLIENT.EXE   0xFFFC911D   1.33   Zone Labs Client   "C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe"    4.05.0594.0000   
   ASHWEBSV.EXE   0xFFFC5419      avast! Web Scanner   "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE"    4.06.0652.0000   
   PROCEXP.EXE   0xFFF88F81   4.57   Sysinternals Process Explorer   "C:\Utilities\Sysinternals\process\procexp.exe"    8.06.0001.0000   Running
   IEXPLORE.EXE   0xFFF84675      Internet Explorer   "C:\PROGRA~1\INTERN~1\iexplore.exe"   6.00.2800.1106   Running
  mmtask.tsk   0xFFFE2709      Multimedia background task support module      4.03.0000.1998   

Process: RPCSS.EXE Pid: FFFC44CD

Type   Name   Handle   Access
Device   WSOCK2    0x60   0x00000000
Event      0x10   0x001F0003
Event      0x18   0x001F0003
Event      0xA0   0x001F0003
Event      0xA8   0x001F0003
Event      0xB0   0x001F0003
Event      0xB8   0x001F0003
Event      0xC8   0x001F0003
Event   RPCSS_Initialized_Successfully   0xD0   0x001F0003
Event      0xD8   0x001F0003
Event      0xE4   0x001F0003
Event      0xEC   0x001F0003
File   C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT   0x7C   0x00000133
File   C:\WINDOWS\COOKIES\INDEX.DAT   0x88   0x00000133
File   C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT   0x94   0x00000133
MappedFile   rpcrt4sharedmem   0x14   0x00000000
MappedFile   fileAllocatorMutex   0x40   0x00000000
MappedFile   DCOMSharedGlobals12321   0x48   0x00000000
MappedFile   fileAllocatorMutex   0x50   0x00000000
MappedFile   C:_WINDOWS_Temporary Internet Files_Content.IE5_index.dat_65536   0x80   0x00000000
MappedFile   C:_WINDOWS_Cookies_index.dat_32768   0x8C   0x00000000
MappedFile   C:_WINDOWS_History_History.IE5_index.dat_32768   0x98   0x00000000
MappedFile   nView Shared Memory   0xF8   0x00000000
Mutex   nView Shared Desk Mutex   0x100   0x001F0001
Mutex   nView Shared Trans Mutex   0x104   0x001F0001
Mutex   MsnSspcPrivatePwdMutex   0x1C   0x001F0001
Mutex      0x20   0x001F0001
Mutex   OleCoSharedStateMtx   0x24   0x001F0001
Mutex   OLESCMSRVREGLISTMUTEX   0x28   0x001F0001
Mutex   OLESCMGETHANDLEMUTEX   0x2C   0x001F0001
Mutex   OLESCMROTMUTEX   0x30   0x001F0001
Mutex   OleDfSharedMemoryMutex   0x34   0x001F0001
Mutex   ScmWIPMutex   0x38   0x001F0001
Mutex   ObjectResolverGlobalMutex   0x44   0x001F0001
Mutex   Winsock2ProtocolCatalogMutex   0x54   0x001F0001
Mutex   Winsock2ProtocolCatalogMutex   0x58   0x001F0001
Mutex   WininetConnectionMutex   0x68   0x001F0001
Mutex      0x6C   0x001F0001
Mutex   WininetProxyRegistryMutex   0x70   0x001F0001
Mutex   _!MSFTHISTORY!_   0x74   0x001F0001
Mutex   c:!windows!temporary internet files!content.ie5!   0x78   0x001F0001
Mutex   RPCSS_RUNNING   0x8   0x001F0001
Mutex   c:!windows!cookies!   0x84   0x001F0001
Mutex   c:!windows!history!history.ie5!   0x90   0x001F0001
Mutex   WininetStartupMutex   0x9C   0x001F0001
Mutex   OLESCMLOCKMUTEX   0xC   0x001F0001
Mutex   MPRMutex   0xD4   0x001F0001
Mutex      0xDC   0x001F0001
Mutex      0xE8   0x001F0001
Mutex      0xF0   0x001F0001
Mutex   nView Shared Memory Mutex   0xFC   0x001F0001
Process   RPCSS.EXE(FFFC44CD)   0x4   0x001F0FFF
Semaphore   DocfileAllocatorMutex   0x3C   0x001F0003
Semaphore   DocfileAllocatorMutex   0x4C   0x001F0003
Semaphore      0xB4   0x001F0003
Semaphore   PowerProfileRegistrySemaphore   0xF4   0x001F0003
Socket      0x64   0x00001130
Socket      0xA4   0x00001130
Thread   RPCSS.EXE(FFFC44CD): FFFC4291   0x5C   0x001F03FF
Thread   RPCSS.EXE(FFFC44CD): FFFA26BD   0xAC   0x00000000
Thread   RPCSS.EXE(FFFC44CD): FFFA26BD   0xBC   0x001F03FF
Thread   RPCSS.EXE(FFFC44CD): FFFA2239   0xC0   0x00000000
Thread   RPCSS.EXE(FFFC44CD): FFFA3949   0xC4   0x00000000
Thread   RPCSS.EXE(FFFC44CD): FFFA2F5D   0xCC   0x00000000
Title: Re: ZoneAlarm......final answer
Post by: essexboy on May 08, 2005, 05:10:08 PM
DCOM is disabled on my system with no adverse affects.  Dcombobulator is for all versions of windows.  Your DCOM appears to be running as a subprocess of rpcss.exe which is not a file held on XP however, I do have a rpcss.dll on my system.

Info about RPCSS.exe here  http://www.cexx.org/rpc.htm
Title: Re: ZoneAlarm......final answer
Post by: cartel on May 08, 2005, 05:15:03 PM
I took ashserv.exe out of the startup and rebooted and rpcss is gone.........


Process   PID   CPU   Description   Command Line   Version   Window Status   Window Title   Company Name   Path
Idle   0x0   93.93   System Idle Process                  
RUNDLL32.EXE   0xFFFC860D      Run a DLL as an App   rundll32    4.10.0000.1998         Microsoft Corporation   C:\WINDOWS\RUNDLL32.EXE
DDHELP.EXE   0xFFFC7F21      Microsoft DirectX Helper   ddhelp.exe   4.09.0000.0900         Microsoft Corporation   C:\WINDOWS\SYSTEM\DDHELP.EXE
KERNEL32.DLL   0xFFCF867D   0.78   Win32 Kernel core component      4.10.0000.2222         Microsoft Corporation   C:\WINDOWS\SYSTEM\KERNEL32.DLL
 MSGSRV32.EXE   0xFFFFF2C1      Windows 32-bit VxD Message Server      4.10.0000.2222         Microsoft Corporation   C:\WINDOWS\SYSTEM\MSGSRV32.EXE
  MPREXE.EXE   0xFFFFCF55      WIN32 Network Interface Service Process   C:\WINDOWS\SYSTEM\MPREXE.EXE   4.10.0000.1998         Microsoft Corporation   C:\WINDOWS\SYSTEM\MPREXE.EXE
   VSMON.EXE   0xFFFE6BC9   0.39   TrueVector Service   C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service   4.05.0594.0000         Zone Labs Inc.   C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
  EXPLORER.EXE   0xFFFEA44D   0.39   Windows Explorer   C:\WINDOWS\Explorer.exe   4.72.3612.1700   Running   Program Manager   Microsoft Corporation   C:\WINDOWS\EXPLORER.EXE
   ASHWEBSV.EXE   0xFFFDED99   0.20   avast! Web Scanner   "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE"    4.06.0652.0000         ALWIL Software   C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
   SYSTRAY.EXE   0xFFFD451D      System Tray Applet   "C:\WINDOWS\SYSTEM\SysTray.Exe"    4.10.0000.2224         Microsoft Corporation   C:\WINDOWS\SYSTEM\SYSTRAY.EXE
   TASKMON.EXE   0xFFFD44C1      Task Monitor   "C:\WINDOWS\taskmon.exe"    4.10.0000.1998         Microsoft Corporation   C:\WINDOWS\TASKMON.EXE
   ZLCLIENT.EXE   0xFFFC1285   0.59   Zone Labs Client   "C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe"    4.05.0594.0000         Zone Labs Inc.   C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
   PROCEXP.EXE   0xFFFBBCED   3.72   Sysinternals Process Explorer   "C:\Utilities\Sysinternals\process\procexp.exe"    8.06.0001.0000   Running   Process Explorer - Sysinternals: www.sysinternals.com   Sysinternals   C:\UTILITIES\SYSINTERNALS\PROCESS\PROCEXP.EXE
  mmtask.tsk   0xFFFE27E5      Multimedia background task support module      4.03.0000.1998         Microsoft Corporation   C:\WINDOWS\SYSTEM\mmtask.tsk
Title: Re: ZoneAlarm......final answer
Post by: essexboy on May 08, 2005, 05:17:55 PM
OK must be a 98SE thing hopefully someone else who runs 98se can provide you with an answer.  Although I used to run 98 without dcom and avast with no probs but that was a few years back.
Title: Re: ZoneAlarm......final answer
Post by: cartel on May 08, 2005, 05:36:14 PM
1 other thing........it says ashserv and web scanner aren't running ????????
Title: Re: ZoneAlarm......final answer
Post by: cartel on May 08, 2005, 05:47:49 PM
Here's some open ports too ?
TCP   :135         :0   LISTENING      
TCP   :1025   :0   LISTENING      
TCP   :12080   :0   LISTENING   
Title: Re: ZoneAlarm......final answer
Post by: essexboy on May 08, 2005, 05:53:47 PM
Unfortunately now I am lost because in XP they start as services.  The open listening ports are part of DCOM/RPCSS.  Can you start ASHSERV  from the programme folder and did you reset Avast at start up.