Programs Panel
Transcription
Programs Panel
ZoneAlarm Pro - Table of Contents GET STARTED TROUBLESHOOT Tutorial: *Using ZoneAlarm Pro Explore: Interactive Tour or Panel Reference: Alert Panel Lock Panel Security Panel Programs Panel Configure Panel Internet Lock STOP Button Desk Band Toolbar Understanding Alerts Check for Updates Press F1 Key for Help Network Issues Work with Third-party Software Play Computer Games Share Files and Printers *FAQs *Installation and Uninstallation *E-mail Technical Support FIND ADVANCED FEATURES Firewall Settings Program Settings Lock Settings MailSafe E-mail Virus Protection Zones: Local, Internet, and Restricted Zones ICS/NAT (Sharing an Internet Connection) VPN Connection USE THE INTERNET Internet Components Search Engines Surfing the Web E-mail Chat GET SPECIAL INFO *Print Users Manual *Privacy Policy *Visit Our Website * Articles with an asterisk require you be connected to the Internet. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/Table_of_Contents.htm [4/12/2001 11:39:08 AM] Zone Labs: ZoneAlarm Pro Tutorial - Step 1 http://www.zonelabs.com/products/zap/zap_tutorial/ZAP_tutorial_1.html [4/12/2001 11:39:14 AM] ZoneAlarm Pro - The Lock Panel The Lock Panel Click on the "Lock" button to display the entire Lock panel, where you can set options for the Internet Lock. The Lock button is located at the bottom of the Lock Icon, shown below. A locked or unlocked padlock is displayed in the middle of the icon. To immediately turn Internet access on or off for all the applications installed on your machine that are not set to bypass the lock, click directly on the padlock. Lock Button Configuring the Lock The Lock Button When the Timer Bar below the Lock button is green, the Internet Lock is not on. This means that ZoneAlarm Pro is allowing Internet traffic in and out of your computer. If the timer bar displays a countdown timer, this is the time remaining before the Automatic Lock will engage. When the timer bar is red, the lock is closed and no in-and-out Internet traffic is allowed. When the lock is closed, the countdown timer counts upwards, showing the amount of time the lock has been active. Configuring the Lock file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp30.htm (1 of 3) [4/12/2001 11:42:38 AM] ZoneAlarm Pro - The Lock Panel When expanded, the Internet lock settings panel allows you to configure the Automatic Lock. You can choose to lock Internet access automatically when your screen saver activates or after a period of Internet inactivity on your computer. If Internet access is locked when the screen saver activates, it will be unlocked when the screen saver is deactivated. Note, however, that if the Automatic Lock is engaged by the period of inactivity option, you will need to click on the Lock button to unlock Internet Access. The Lock Mode for the Automatic Lock can be set so that "Pass Lock programs may access the Internet". This allows Internet activity for applications that have been given rights to bypass the lock. Typically programs like e-mail clients will be file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp30.htm (2 of 3) [4/12/2001 11:42:38 AM] ZoneAlarm Pro - The Lock Panel set to check for e-mail while other applications are denied Internet Access. High Security mode will STOP all applications' Internet activity regardless of the program's access settings. See Programs for more information. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp30.htm (3 of 3) [4/12/2001 11:42:38 AM] ZoneAlarm Pro - The Security Panel The Security Panel The Security panel is the best protection tool you can use to screen and quarantine unwanted Internet visitors and connection attempts. To begin setting up protection levels for the Local and the Internet Zones, use your mouse to drag the security level selectors up or down. Customizing MailSafe Security Levels Customizing To further customize overall settings at the protocol level, click on the Advanced button to open the Local Zone Custom Settings or the Internet Zone Custom Settings panel. Use those panels to restrict access to each zone by protocol or port type. Which protocol or port types are you going to allow in or keep out of each zone? You can define specific restrictions or exceptions here, such as denying access to your Local Zone via UDP or TCP ports. You are in control against the Internet world! You can also use the Advanced button to add computers to your Local and Restricted Zones. As a shortcut, click on this button to start customizing your Local Zone. As a shortcut, click on this button start customizing your Internet Zone. MailSafe file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp50.htm (1 of 4) [4/12/2001 11:42:47 AM] ZoneAlarm Pro - The Security Panel Turn on MailSafe by placing a checkmark in the box for "MailSafe e-mail protection" at the bottom of the panel. After turning on MailSafe, click on the Configure button to specify the types of e-mail attachments you want ZoneAlarm Pro to protect you against. MailSafe protects your computer from a wide variety of e-mail attachments such as VBScript and JavaScript. These e-mail attachments can do damage by taking control of your system. Security Levels The Local and Internet Zone each have a security level selector, which you can drag up and down to change the security level. file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp50.htm (2 of 4) [4/12/2001 11:42:47 AM] ZoneAlarm Pro - The Security Panel Local Zone security is displayed in green, and Internet Zone security in blue. The default settings are: ● Medium for the Local Zone ● High for the Internet Zone As levels increase, the dynamic firewall places more access restrictions to your computer to protect you from potential threats. file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp50.htm (3 of 4) [4/12/2001 11:42:47 AM] ZoneAlarm Pro - The Security Panel BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp50.htm (4 of 4) [4/12/2001 11:42:47 AM] ZoneAlarm Pro - The Programs Panel The Programs Panel The Programs panel is where programs and their connection options are added. To get to this panel, click on "Programs" in the main panel. Program List Advanced Options Options Program List The main portion of the Programs panel is the Program List. This is the list of programs installed on your machine that have attempted to connect to the Internet. Use this panel to control the connection behavior of any program on the list or to add programs to the Program List before they try to connect to the Internet. Adding a program is a good way to prevent a program from connecting to the Internet except under conditions you establish. In the Programs panel, you can also specify and differentiate each program's access rights for the Local Zone and/or the Internet Zone. The Allow server column lets you control which applications can perform server functions. ZoneAlarm Pro allows you to place additional programs in the Program List, then right-click on any program to establish more stringent connectivity permission rules that prevent connections based on specific ports that you identify using the Ports tab. You can also STOP your applications from acting as maliciously-listening servers who will want to get at your files. file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp60.htm (1 of 3) [4/12/2001 11:44:12 AM] ZoneAlarm Pro - The Programs Panel Advanced Options The Advanced button controls first-time access rights for new programs as they try to access the Internet from your computer. This is very useful for anyone running a server, for example, who will not be actually sitting in front of the computer when the server is going to be receiving connections. Go to the Allow connect column in the main body of the panel to change a program's basic access rights. Click directly on the . . . to change the access level from ? to check mark to X. Click on the . . . in the same way in the Allow server column. file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp60.htm (2 of 3) [4/12/2001 11:44:12 AM] ZoneAlarm Pro - The Programs Panel Options Click on the Options button and then the Ports tab to limit the way a program connects to specific ports. Use the Access Permissions tab as another way to grant connection and server rights to a program. In the Program column, the program's name and version number are displayed. Run your mouse over the program name to see more statistics: ● Product name ● ● ● ● The name of the file used to access the Internet The location of the file Product version Creation date and file size Right-click on a program to remove it or to severely restrict the program's Internet access permissions. You can also add a new program by right-clicking. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp60.htm (3 of 3) [4/12/2001 11:44:12 AM] ZoneAlarm Pro - The DeskBand Toolbar The DeskBand Toolbar To activate the toolbar on Windows 98, Windows 2000 or other Windows versions with the Internet Explorer 4 Shell Update, right-click on the Windows Taskbar and select "Toolbars" and then "ZoneAlarm Pro Desk Band". To define what version of Internet Explorer Shell you have on your system, follow these steps ● Go to Start/ locate the search or Find feature, and then click Files Or Folders. ● ● In the search field, type shdocvw.dll, and then click Find Now. In the list of files, right-click the shdocvw.dll file, and then click Properties. Click the Version tab. If the version begins with 4 that means you have Internet Explorer 4 Shell Update. If the version begins with 5 then you have Internet Explorer 5 Shell. When running on Windows 95 or Windows NT 4.0 without the Internet Explorer 4 Shell Update, go to the Configuration panel and click on the "Show shell toolbar" checkbox to activate the DeskBand toolbar. Note that in this configuration, the toolbar can only float above the desktop and in some instances can cover icons in the system tray. The name of the DeskBand can be removed by right clicking on the name and deselecting the Show Title option. Then you can resize the DeskBand by moving the left side to the right. The red and green bars on the leftmost icon indicate whether or not Internet activity is taking place. When Internet access has been locked with High Security, the center STOP button file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp80.htm (1 of 2) [4/12/2001 11:44:51 AM] ZoneAlarm Pro - The DeskBand Toolbar on the DeskBand Toolbar will change to a green GO button, as shown below. When this happens, you should click on GO to restore Internet access. Additionally, if the Automatic Lock has been turned on, the Lock icon will show a red X inside the padlock. Click on the Lock icon to lock/unlock Internet access. Pressing the ZA logo invokes the "zoom" function of the DeskBand which will restore full-sized ZoneAlarm Pro. Double clicking on the ZoneAlarm Pro System Tray Icon in the lower right corner of your computer screen also invokes the zoom function. To remove the deskband, follow the instructions at the top to access the Windows toolbars menu, and deselect ZoneAlarm Pro Deskband. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp80.htm (2 of 2) [4/12/2001 11:44:51 AM] ZoneAlarm Pro - Check for Update pushbutton Check for Update Press the Check for Update button to see if a newer version is available for download from the Zone Labs web site. If a response to the affirmative is not provided, that indicates that no update is available. ZoneAlarm Pro can perform this check automatically by checking the automatic check for update checkbox. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop...arm_Pro_Help_new_TOC/ZoneAlarmProHelp70_Updates.htm [4/12/2001 11:45:14 AM] ZoneAlarm Pro - Firewall Settings Firewall Settings The Security panel has two work areas: the main Security panel and the Advanced security properties dialog. On the main panel, click on the Advanced button to open the dialog. This is where, among other things, you tell ZoneAlarm Pro which computers and IP addresses to place in your protected Local Zone. Main panel Advanced dialog Main Security panel Local Zone: the yellow box Internet Zone: the blue box Dragging the Sliders MailSafe What is your Local Zone? Customize your Local Zone Customize the Internet Zone Create a totally Restricted Zone Look at your MailSafe setup Configure ICS and NAT The Security panel The main thing to understand in this panel is the difference between Medium and High Security as they affect your zones: in the center of the panel, the yellow box controls the Local Zone and the blue box controls the Internet Zone. file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (1 of 23) [4/12/2001 11:45:44 AM] ZoneAlarm Pro - Firewall Settings Local Zone: the yellow box file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (2 of 23) [4/12/2001 11:45:44 AM] ZoneAlarm Pro - Firewall Settings Notice that the slider in the yellow box is positioned half way down the side of the box. This shows you that we've set your Local Zone security to Medium. You can change that by dragging the slider up or down. Medium security means that only the Internet connection permissions you've granted to specific applications in the Programs panel will be allowed. The firewall will block all other Internet traffic and keep your machine safe. For users connected to a LAN, access to Windows services are allowed, as is file sharing between computers belonging to the Local Zone. You can quickly stop file sharing and printer sharing for a specific PC by dragging this slider upwards to High security. Internet Zone: the blue box Notice that we set your Internet Zone to High. Our installation program provides that as the default security setting. You can lower it at any time to Medium, or even Low, by dragging the slider downwards. But a lower security setting makes your machine much more vulnerable. By keeping Internet Zone security set to High, you can be sure that no file or printer sharing can happen between your PC and computers that are in the Internet Zone. What that means, in essence, is that the only machines and web sites that can share files with your PC are those that you have actually put in the Local Zone. High security means that Internet connections in and out of your computer will be prohibited except for the types you've specifically programmed using the Advanced button and the Programs panel. This is most probably the security level you will want to have turned on most of the time whenever your computer is on. Dragging the Sliders file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (3 of 23) [4/12/2001 11:45:44 AM] ZoneAlarm Pro - Firewall Settings At the top of the Security panel, you'll see this brief message telling you how to set security for your Local and Internet Zones: Drag the slider in the Yellow box up or down to set Local Zone security. Drag the slider in the Blue box to set Internet Zone security. Notice that the descriptions change as you drag the sliders up and down. The Customize buttons are shortcuts to the Advanced security properties dialog. MailSafe If you want ZoneAlarm Pro to protect you against e-mail attachments that might cause harm to your machine, make sure this checkbox at the bottom of the panel is selected: The Configure button opens the MailSafe dialog where you make sure the types of attachments you want are selected for quarantining. In the dialog, file types with a checkmark will be quarantined. What is your Local Zone? file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (4 of 23) [4/12/2001 11:45:44 AM] ZoneAlarm Pro - Firewall Settings Click on the Advanced button to call the Advanced security properties dialog. This is where you put computers and networks with trusted subnets and computers with whom you are sure it is safe to carry on Internet communications and whose files you trust enough to do file sharing with them. For LAN users, if you're including a subnet that ZoneAlarm Pro placed in the dialog at installation time, just click the checkbox next to it. When including other computers and web sites outside your LAN, first add the computer then place the checkmark. file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (5 of 23) [4/12/2001 11:45:44 AM] ZoneAlarm Pro - Firewall Settings The dialog has two sections: Networks and Other Computers. After you have placed a checkmark in front of any subnet or computer in this dialog, it becomes a member of your Local Zone. A security setting of Medium or High will allow secure communications and file and printer sharing between all components you've added here. For Single Home Users: If you are a single user at home, you are not required to use this dialog because your PC is probably the only machine you are trying to protect. As a single user, you don't really need to add any more computers in order to work safely. The Networks section of the dialog will always have an entry in it displaying the subnet your modem or DSL connection installed on your machine. You don't need to place a checkmark if you are working by yourself. The Other Computers section is where you add any trusted web site or the IP address of a computer that you trust and want to do file sharing with. For LAN Users: If you are a user working as part of a Local Area Network (LAN), make sure the entry in the Networks section has a next to it if it represents the subnet of your LAN adapter. The red checkmark tells ZoneAlarm Pro that you trust your LAN connection and that you really want to share connectivity with the users on that LAN. If your company or work group has more than one subnet, you need to go to the Other Computers section to add the subnets that are not identified by the LAN adapter on your machine. ZoneAlarm Pro picked the adapter subnet up from your LAN adapter at installation time and placed it in the Networks section. You have to manually add additional subnets you have in your organization by clicking on the Add button then entering the IP address and subnet mask in the Other Computers Section of this dialog: With ZoneAlarm Pro running, all the IP addresses of subnets that are not identified in your LAN adapter have to be included here to be accessed from your PC whenever Local Zone security is set to Medium or High. Steps to Add a Computer: 1. Click on the Add Button file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (6 of 23) [4/12/2001 11:45:44 AM] ZoneAlarm Pro - Firewall Settings 2. You have four choices: 3. Enter a short Description, the IP address, and then click OK: 4. When you see the computer listed under Other Computers, then it is part of the Local Zone: Customize your Local Zone file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (7 of 23) [4/12/2001 11:45:44 AM] ZoneAlarm Pro - Firewall Settings If your Local Zone is set to High If your Local Zone is set to Medium Allow other Incoming ICMP Block Incoming ping (ICMP Echo) Reset Local Zone to default security settings The settings in the Local Zone Custom Settings dialog only govern Internet communications between the computers you include in your Local Zone - in other words, how you communicate with the other computers you trust. The Local Zone Custom Settings dialog lets you refine the overall security you set using the slider. The Local Zone Custom Settings dialog is where you tell ZoneAlarm Pro to allow specific Internet connection protocols to pass through your firewall or to block specific protocols from passing through it. To do this, place a checkmark next to one of the Allow or Block options to set up exception to your firewall. This means that as you work at your computer, the specific types of programs you check will be allowed in or blocked out. The protocols you check would otherwise be blocked by your overall security setting, such as multicasts or error checking pings (ICMP). file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (8 of 23) [4/12/2001 11:45:44 AM] ZoneAlarm Pro - Firewall Settings If your Local Zone security is set to High High security is extremely secure and blocks services provided by the Windows operating system. It is so secure that it blocks most everything. It is not recommended unless you absolutely must be directly connected to an untrusted network. If you have Local Zone security set to High, use the top portion of the dialog to set protocols you want to allow through the very high protection level you've set up. Notice that each entry begins with the word Allow: If your Internet Zone security is set to Medium If you have Local Zone security set to Medium, scroll down to the Medium Security file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (9 of 23) [4/12/2001 11:45:44 AM] ZoneAlarm Pro - Firewall Settings Settings area of the dialog, shown below: Medium security is what we suggest for smooth and secure operations. It allows the services provided by the Windows operating system to work freely, use this dialog to block the types of protocols you don't want going in or out through your Medium security firewall. A Medium security firewall is less stringent than High security. Notice that each entry begins with the word Block. Allow other incoming ICMP: If you need to receive ICMP packets other than pings (such as router advertisement messages) with the Local Zone security set to High, you can place a checkmark next to Allow other incoming ICMP. Let's say you've included the router that's forwarding the advertisement messages in your Local Zone and your Local Zone security is set to High. Checking the Allow other incoming ICMP checkbox will allow the ICMP advertisement messages to pass through your High security Local Zone firewall. However, the sheer quantity of ICMP messages that can be sent to a machine can be overwhelming, so this checkbox is often left unchecked. Block Incoming ping (ICMP Echo): If you keep Local Zone security to Medium, you may want to block incoming pings so that no one in your Local Zone can receive a response from a ping command. This is one way to protect your machine if you have doubts about the trustworthiness of certain parties belonging to your LAN or Local Zone. To do this, click on the Block Incoming ping (ICMP Echo) checkbox. Reset Local Zone to default security settings: If you've been working with the security settings and would like to start from scratch, you can very easily go back to the Local Zone security settings that were set at the time you installed the product. After you've made any changes in the defaults by selecting or deselecting a protocol, the Reset to Default button becomes active: file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (10 of 23) [4/12/2001 11:45:44 AM] ZoneAlarm Pro - Firewall Settings Click on the button to return to the way security was set up by Zone Labs. When default values have not been changed or after you've used the button to reset, the button is disabled and looks like this: Customize the Internet Zone If Internet Zone security is set to High If Internet Zone security is set to Medium Allow other Incoming ICMP Block Incoming ping (ICMP Echo) Reset Internet Zone to default security settings The settings in the Internet Zone Custom Settings dialog govern Internet communications between any computer connected to the Internet around the world and your PC whenever you are online. Use the dialog to customize the overall security settings you established using the slider: file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (11 of 23) [4/12/2001 11:45:45 AM] ZoneAlarm Pro - Firewall Settings The Internet Zone Custom Settings dialog lets you refine the overall security you set using the slider. High security for computers outside your Local Zone is the safest security level for the Internet Zone. We recommend it, but it keeps most everything out. Use the Internet Zone Custom Settings dialog to select specific types of protocols so that you can communicate online with certain types of programs located outside your Local Zone. file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (12 of 23) [4/12/2001 11:45:45 AM] ZoneAlarm Pro - Firewall Settings In this dialog, outgoing DCHP, incoming ICMP and incoming IGMP are allowed because the checkbox next to those entries has a . If Internet Zone security is set to High High security is a secure strategy for your PC while it is connected to the Internet. It hides the ports on your machine that are not in use. It also prevents your Windows operating system services from having Internet access. If you keep Internet Zone security set to the recommend High level, use the top portion of the dialog to set protocols you want to allow through this high protection level. Notice that each entry begins with the word Allow: file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (13 of 23) [4/12/2001 11:45:45 AM] ZoneAlarm Pro - Firewall Settings If Internet Zone security is set to Medium If you decide to lower Internet Zone security to Medium, scroll down to the Medium Security Settings area of the dialog to set any exceptions to your firewall: Medium security will prevent services provided by the Windows operating system from accessing the Internet. When Medium Internet Zone security is set, use this dialog to block the types of protocols you don't want going in or out through your Medium security firewall. Notice that each entry begins with the word Block. Allow incoming ping (ICMP Echo) If you keep Internet security set to High, you may want to allow incoming pings if your ISP would disconnect you if it thinks that you are not connected to the Internet. An unresolved ping command could cause them to think you are not online. High security does not by default allow incoming pings. Therefore, your ISP would not know you are connected if its business methods require it to ping your PC to determine if you are currently online. A ping sends a short data burst (a single packet) from one computer to another, and listens for a single packet in reply - like an echo. An incoming ping coming from the Internet onto your PC, allows someone who knows your IP address to see if you are online. To do this: Under High Security Settings, scroll down to Allow Incoming ping (ICMP Echo) and click on the checkbox. Then, click on the OK button. Incoming pings will now be allowed and an ISP who pings you to see if you are online will find you even if your Local Zone is set to High security. Block other incoming ICMP If you have decided that you can do without the ICMP router advertisement messages, but have lowered your Internet Zone security to Medium during a limited amount of time, you can prevent these ICMP messages from penetrating your Medium security firewall. To do this, go to the Medium security section of the dialog and place a Block other incoming ICMP: next to file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (14 of 23) [4/12/2001 11:45:45 AM] ZoneAlarm Pro - Firewall Settings Reset Internet Zone to default security settings If you've been working with the security settings and would like to start from scratch, you can very easily go back to the Internet Zone security settings that were set at the time you installed the product. To do this: After you've made any changes in the defaults by selecting or deselecting a protocol, the Reset to Default button becomes active: Just click on the button to return to the way security was set up by Zone Labs. When default values have not been changed or after you've used the button to reset, the button is disabled and looks like this: Create a totally Restricted Zone Protect your machine by isolating sites and computers you think could be dangerous online! The Restricted Zone is an optional zone in ZoneAlarm Pro. It's basically an isolation tank where you can place web sites and IP addresses that you don't want your machine to have any Internet communications with. Machines and web sites you place in the Restricted Zone will be unreachable over the Internet to and from your PC! To do this: file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (15 of 23) [4/12/2001 11:45:45 AM] ZoneAlarm Pro - Firewall Settings First open the dialog by clicking on Advanced, then Restricted Zone This message at the top of the dialog gives you directions: Next, click on the button. This dialog will be displayed: Click on Host/Site... then enter a description and web site address as shown below: Enter a description for display purposes, then the web site address. This should be a web site, unlike google.com, which you have doubts about. _ A follow-up dialog displays the IP addresses of the web site. ZoneAlarm Pro finds the IP addresses for you. Click on Finish to confirm the placement of the web site's IP addresses into your Restricted Zone. file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (16 of 23) [4/12/2001 11:45:45 AM] ZoneAlarm Pro - Firewall Settings The site you entered now shows up in the Restricted Computers area of the dialog. Notice that your description is displayed after the . Click on the button then click OK. This places the web site in the Restricted Zone, meaning that no inbound or outbound Internet communications can be done with that site from your PC. Look at your MailSafe setup Double-click on the e-mail attachment Try to launch the quarantined attachment Save the file and view the file type MailSafe protects you from e-mail attachments by placing any e-mail attachment in the dialog shown below in a quarantined setting. This makes it selected impossible for the e-mail attachment to launch on your machine. Without launching, it will remain harmless to your PC and to the files on the PC. To look at your MailSafe setup: First open the dialog by clicking on Advanced, then MailSafe. file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (17 of 23) [4/12/2001 11:45:45 AM] ZoneAlarm Pro - Firewall Settings Notice that all the file types are preselected. The ZoneAlarm Pro installation program selected them all for you so that you have maximum protection. Double-click on the e-mail attachment: To find the e-mail attachment that ZoneAlarm Pro has quarantined, you have to open the e-mail containing an attached file. To be quarantined by ZoneAlarm Pro, the file type of the attachment must be one of the type selected in the dialog, such as a help file: Open an e-mail containing an attachment. In your e-mail, you'll see that ZoneAlarm Pro has renamed the attachment so that the file type is .zla. Zla is a ZoneAlarm Pro file type which tells you that the file has been quarantined. file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (18 of 23) [4/12/2001 11:45:45 AM] ZoneAlarm Pro - Firewall Settings Double-click on the attachment. This warning is always displayed: Whether you select Open it or Save it to disk, the STOP WARNING will intervene to give you a good warning: Try to launch a quarantined e-mail attachment file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (19 of 23) [4/12/2001 11:45:45 AM] ZoneAlarm Pro - Firewall Settings Only after ZoneAlarm Pro issues a warning will you be able to launch an e-mail attachment that has been quarantined by ZoneAlarm Pro. Here's how it works: To launch an e-mail attachment: Double-click on the attachment in your e-mail program to begin launching the attachment. If you feel sure that you trust the attachment, you can launch the file by clicking on Run. ZoneAlarm will display this warning to give you a last chance: Click on Yes to run the file, or No if you change your mind. Save the file and see the file type In the warning dialog, clicking on Save As... not only allows you to save the file without having to launch it and risk harming your machine. This choice also lets you see what the file type of the attachment is. Remember that ZoneAlarm Pro changed the original file type to .zla so that it could not be directly launched. Click on Save As to save the e-mail attachment to your hard drive or network. ZoneAlarm Pro displays this STOP SIGN warning: file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (20 of 23) [4/12/2001 11:45:45 AM] ZoneAlarm Pro - Firewall Settings Select Save as... to save the file to your hard drive or network. The Save As dialog shows that the attachment file in this exercise is an .HLP file. Now that you know what type of file the attachment is, you can either save it to disk or simply refuse to deal with it, by selecting Do Not Run. Configure ICS and NAT file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (21 of 23) [4/12/2001 11:45:45 AM] ZoneAlarm Pro - Firewall Settings How does ZoneAlarm Pro protect an ICS network? What are ICS and NAT? Must ICS be installed before using ZoneAlarm Pro ICS support? Configure ZoneAlarm Pro's ICS / NAT support How does ZoneAlarm Pro protect an ICS network? ZoneAlarm Pro protects every machine that it is installed on. Once you have configured ICS support, the host machine will be uniquely identified by its IP address. You can configure that machine to receive all Internet connection alerts, thus shielding all client machines from a barrage of messages. Or, as you configure client machines, you can pick and chose which ones will receive alerts. Thus, as the administrator of the network, you can configure it to handle Internet security the way you want. All the PCs in an ICS or NAT network should have ZoneAlarm Pro installed on them to use our support. What are ICS and NAT? All the PCs in an ICS or NAT network should have ZoneAlarm Pro installed on them to use our support. ZoneAlarm Pro protects all the machines on the network and identifies the host machine by its IP address. You can configure Internet connection alerts to be managed by the host only, or by the host and client machines. ICS Internet Connection Sharing NAT Network Address Translation Provides users who have networked computers with the ability to share a single connection to the Internet. Enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic Must ICS/NAT be installed to first? To use ZoneAlarm Pro's ICS or NAT support, you must first have ICS or NAT either set up on your network or built into it. Windows 98 and 2000 are delivered with built-in ICS support. On your network of computers you need to do two things before you configure ZoneAlarm Pro's ICS/NAT protection layer: ■ designate a host machine and client machines who will connect to the Internet through the host machine. To do this, use your ICS or NAT software or your built-in Windows functionality ■ install ZoneAlarm Pro on every machine that belongs to your ICS or NAT network file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (22 of 23) [4/12/2001 11:45:45 AM] ZoneAlarm Pro - Firewall Settings BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Security.htm (23 of 23) [4/12/2001 11:45:45 AM] ZoneAlarm Pro - The LOCK Icon & the STOP Button The LOCK Icon & the STOP Button If your system shows that an Internet security threat is making its way through your firewall, the tool bar has two buttons to instantly stop the traffic, the Lock icon and the Stop button. The Lock icon How can you tell if the Lock is ON or OFF? How to open and close the Lock The Stop button The Lock Icon Click directly on the padlock of the Lock icon to instantly stop all Internet communications with applications installed on your machine except those that are set to bypass the lock. When the lock is on, no data can enter or leave your computer via the Internet. How can you tell if the Lock is ON or OFF? You know the Internet Lock is open when the Timer Bar below the padlock is green. While the lock is open, ZoneAlarm Pro allows Internet traffic in and out of your computer. When a red Timer Bar is displayed containing a time stamp, the Internet Lock is closed and has been in effect for the length of time indicated. No Internet traffic is allowed. file:///C|/Documents and Settings/rwilliams/Deskt...ro_Help_new_TOC/Getting_Started_Tutorial_Lock.htm (1 of 3) [4/12/2001 11:46:09 AM] ZoneAlarm Pro - The LOCK Icon & the STOP Button How to open and close the lock You can open and close the lock on the Desk Band Toolbar, or on the main ZoneAlarm Pro toolbar. To close the lock, simply click on the open lock icon. To open the lock, click on the closed lock icon. Or click on the Lock Icon at the top of the ZoneAlarm Pro panel To close the lock, simply click on the Unlocked icon. To open the lock, click on the closed lock icon. The Stop button Press the STOP button to immediately stop ALL Internet traffic., Including traffic to programs set to bypass the lock. The STOP button will stop all Internet access, overriding the Pass Lock settings in the Programs panel. Use this button if you ever have to stop a Trojan horse. To reactivate Internet access press the stop button again. file:///C|/Documents and Settings/rwilliams/Deskt...ro_Help_new_TOC/Getting_Started_Tutorial_Lock.htm (2 of 3) [4/12/2001 11:46:09 AM] ZoneAlarm Pro - The LOCK Icon & the STOP Button BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...ro_Help_new_TOC/Getting_Started_Tutorial_Lock.htm (3 of 3) [4/12/2001 11:46:09 AM] ZoneAlarm Pro - Configuring ICS: A Quick Tutorial Configuring ICS: A Quick Tutorial Use ZoneAlarm Pro's one-click ICS & NAT support to protect the gateway and client machines on your network. The best protection is to have ZoneAlarm Pro installed on all machines, the gateway machine and all clients. ZoneAlarm Pro's ICS & NAT support provides protection for your network machines in a way that takes advantage of Internet Connection Sharing architecture by using the gateway machine as the Internet point of contact. Once you set up ZoneAlarm Pro ICS or NAT support, inbound Internet alerts from Internet Zone machines will be routed through the host machine provided you have an ICS or NAT implementation set up on your network machines. Setting up ICS or NAT Support Requirements Before Setup On the Gateway Machine On the Client Machine Setting up ICS or NAT Support To set up our ICS or NAT support, simply define each machine as either host or client and supply the corresponding IP or subnet addresses using the General Tab, available by clicking on the Advanced button on the Security panel. file:///C|/Documents and Settings/rwilliams/Des...o_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab5a.htm (1 of 4) [4/12/2001 11:46:53 AM] ZoneAlarm Pro - Configuring ICS: A Quick Tutorial Requirements Before Setup To set up our NAT and ICS support, these two conditions must first be met: ● ICS or NAT implementation software must first be used to set up the host and client machine relationships on your network ● ZoneAlarm Pro must be installed on each machine in the network: on the host machine and on each client machine On the Gateway Machine file:///C|/Documents and Settings/rwilliams/Des...o_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab5a.htm (2 of 4) [4/12/2001 11:46:53 AM] ZoneAlarm Pro - Configuring ICS: A Quick Tutorial ZoneAlarm Pro needs to know which PC is the gateway machine and which machines are identified as clients in your ICS nor NAT implementation. First, open ZoneAlarm Pro on the gateway machine and designate that machine as the ICS or NAT gateway. 1. Open ZoneAlarm Pro on the gateway machine. Go to the Security panel, click on the Advanced button then click on the General Tab to open the General Tab panel. 2. At the top of the panel, in the Internet Connection Sharing area, select the radio button shown below, then select or enter the IP address of the gateway machine: 3. Finally, check the second checkbox below if you are forwarding alerts to client machine and you don't want to view them on the gateway machine. Not checking this checkbox will implement displaying alert messages on both machines if they are forwarded to client machines. 4. Set security to HIGH on the gateway machine. The Internet Zone security setting for your ICS or NAT host machine should be set to High. This setting will not prevent ICS or NAT clients from initiating outbound communications to the Internet that the host machine did not initiate. file:///C|/Documents and Settings/rwilliams/Des...o_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab5a.htm (3 of 4) [4/12/2001 11:46:53 AM] ZoneAlarm Pro - Configuring ICS: A Quick Tutorial On the Client Machine First, open ZoneAlarm Pro on each client machine and designate each of those machines as ICS or NAT clients. 1. Open ZoneAlarm Pro on each client machine. Go to the Security panel, click on the Advanced button then click on the General Tab to open the General Tab panel. 2. At the top of the panel, in the Internet Connection Sharing area, select the radio button shown below, then select or enter the IP address of the gateway machine: 3. Finally, select the checkbox below the Gateway Address field if you want the client machine you are working on to receive alert messages for Internet alerts on that machine rather than restricting the logging of those alerts to the gateway machine. Note: If you use a hardware gateway: If the network address translation on your ICS or NAT network is done by a hardware component, such as a server or router, rather than by a host PC, do not use the General Tab to identify the subnet address. With a hardware gateway implementation of ICS or NAT, protect your client machines by using the Security panel and the Programs panel on the copy of ZoneAlarm Pro installed on each client machine. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...o_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab5a.htm (4 of 4) [4/12/2001 11:46:53 AM] ZoneAlarm Pro - How to manage 3rd party software How to manage 3rd party software The topics below can help you quickly understand basic issues about other software programs on your machine and how they relate to ZoneAlarm. PCAnywhere Netmeeting E-mail Clients News Reader Streaming Stock Ticker Voice Over IP CallWave Browsers FrontPage FTP Napster RealPlayer ICQ and IRC Chat PCAnywhere For PCAnywhere and ZoneAlarm to work together, make sure you have added the IP Address of the pcAnywhere client or host to your Local Zone. To add a trusted Host/Site, IP Address, IP Range, or Subnet to your Local Zone: ■ Go to the Security panel ■ Click on the Advanced button to view the Advanced Security Properties panel ■ Next, click on the Add button and select "IP/Address" Under "Description", enter a name or description for the "IP/Address" Enter the name of the "IP Address" For example, 127.0.0.1. Click the OK button ■ ■ ■ With Local Zone security set to medium or low access, the "IP Address" will be available. Netmeeting If you experience problems with Netmeeting when ZoneAlarm is running, you can temporarily turn off Remote Desktop Sharing via the Netmeeting system tray icon. E-mail Clients If your e-mail client cannot make the proper connections for sending and receiving your e-mail, make sure that the mail server has been added to your trusted Local Zone. To do this: ■ Go to the Security panel. file:///C|/Documents and Settings/rwilliams/Des..._Help_new_TOC/ZoneAlarmProHelp_FAQ_Software.htm (1 of 6) [4/12/2001 11:48:12 AM] ZoneAlarm Pro - How to manage 3rd party software ■ ■ ■ ■ ■ ■ Click on the Advanced button. Click on the Add button, then select Host/Site. In the Description field, enter the product name or a meaningful name. In the Host/Site field, enter the mail server name. Click on the Next. ZoneAlarm will look for the mail server name you provided in the DNS or WINS lookup. Click OK in both dialogs to confirm your entry. News Readers News Reader, like many other applications should have its server added to the Local Zone. If you are having problems connecting, make sure the news server has been included in your Local Zone. To do this: ● Go to the Security panel. ● Click on the Advanced button. Click on the Add button, then select Host/Site. In the Description field, enter the news server name. In the Host/Site field, enter the news server name. Click on the Next. ZoneAlarm will look for the mail server name you provided in the DNS or WINS lookup. ● ● ● ● ● Click OK in both dialogs to confirm your entry. Streaming Stock Tickers When streaming or push technology is running with with ZoneAlarm, the application must be assigned server rights. If you are using BackWeb at medium security settings, check your Communication method. BackWeb software options are: "Polite Agent"or "HTTP." The correct BackWeb settings for compatibility with ZoneAlarm are HTTP and Detect Internet connection. If you are using Polite Agent, there are two issues: 1. What do you have as your "Network priority"? The available options are: "Give higher priority to to other networking programs" or "Use the network normally." 2. What do you have as "Client port"? Options are "Let BackWeb select port automatically" or a client port number that can be modified by the user. You can try changing the Internet zone Security level to medium, but only during the time when you are using Polite Agent. BackWeb and BackWeb Infocenter should be configured with server privileges. In BackWeb, options should be set to "Detect connection" to the Internet. file:///C|/Documents and Settings/rwilliams/Des..._Help_new_TOC/ZoneAlarmProHelp_FAQ_Software.htm (2 of 6) [4/12/2001 11:48:12 AM] ZoneAlarm Pro - How to manage 3rd party software Voice Over IP Most Voice Over IP programs are compatible with ZoneAlarm. Certain Voice Over IP programs work simply assigning server privileges to the Voice Over IP application, thus allowing you to receive phone calls. Others require that you add the IP Addresses of the servers the Voice over IP programs use to the trusted Local Zone. Please contact the Voice over IP programs technical support for their server IP Addresses. CallWave For CallWave to work with ZoneAlarm, check that in the Programs panel, the Internet Answering Machine has the following privileges: ■ allow connect ■ allow server allow pass lock ■ You can also add the IP addresses of the servers CallWave uses to the trusted Local Zone. The CallWave web site or technical support can assist you with this. You can also try the following to find the IP Addresses for the Call Wave servers: 1. 2. 3. 4. Close the Internet Answering Machine if it is open. Lock Internet access by pressing the ZoneAlarm "STOP" button Reopen the Internet Answering Machine. ZoneAlarm should prompt you with a message that "Internet Answering Machine tried to connect to the Internet (session#. callwave.com); but it was denied access by the Internet Lock". The message will display a number instead of the # symbol. In tests run at Zone Labs, the number 2. 5. Add the address that was displayed in the message - "session#.callwave.com" - and add it to your Local Zone. To do add it to your Local Zone: ■ ■ ■ ■ ■ ■ Go to the Security panel Click on the Advanced button to view the Advanced Security Properties panel. Next, click on the Add button and select "IP/Address". Under "Description", enter a name or description for the "IP/Address". Enter the name of the "IP Address". For example, 127.0.0.1. Click the OK button. Browsers If you are using Windows 2000, you may need to allow Internet access rights to file:///C|/Documents and Settings/rwilliams/Des..._Help_new_TOC/ZoneAlarmProHelp_FAQ_Software.htm (3 of 6) [4/12/2001 11:48:12 AM] ZoneAlarm Pro - How to manage 3rd party software Services and Controller App. Versions of Netscape above 4.73 have no problem being able to browse with ZoneAlarm active. If you are already using Navigator above 4.73 and still experiencing difficulty accessing the web with ZoneAlarm active, check the browser Preferences to make sure you are not configured for proxy access. FrontPage If you are having difficulties with FrontPage, make sure that FrontPage is on your Programs List. FrontPage will require local server rights and the configuration of the FTP program you are using needs to have Passive or PASV mode enabled. This tells the client to use the same port for communication both directions. You need to check that option in your FTP program. Or, another way to accomplish the same thing is to add the IP address you are publishing to to your trusted Local Zone. To do add it to your Local Zone: ■ Go to the Security panel ■ Click on the Advanced button to view the Advanced Security Properties panel. ■ Next, click on the Add button and select "IP/Address". Under "Description", enter a name or description for the "IP/Address". Enter the name of the "IP Address". For example, "127.0.0.1" (no quotes). Click the OK button. ■ ■ ■ FTP If you are having difficulties with your FTP program, make sure that the FTP program is on your Programs List. FTP programs will require local server rights and the configuration needs to have Passive or PASV mode enabled. This tells the client to use the same port for communication both directions. You need to check that option in your FTP program. To add a trusted Host/Site to your Local Zone: ■ Go to the Security panel. ■ Click on the Advanced button. Click on the Add button, then select Host/Site. ■ ■ ■ ■ ■ In the Description field, enter the product name or a meaningful name. In the Host/Site field, enter the mail server name. Click on the Next. ZoneAlarm will look for the mail server name you provided in the DNS or WINS lookup. Click OK in both dialogs to confirm your entry. file:///C|/Documents and Settings/rwilliams/Des..._Help_new_TOC/ZoneAlarmProHelp_FAQ_Software.htm (4 of 6) [4/12/2001 11:48:12 AM] ZoneAlarm Pro - How to manage 3rd party software Napster Napster requires that you let the application accept incoming connections in order to share files. To assign server rights to Napster, go to the Programs Panel in ZoneAlarm. Make sure Napster has a checkmark in the area that says "Allow Server." Napster has a messaging utility which makes it vulnerable to a buffer overflow. Napster's default data port is 6699 (TCP) but the program makes use of a number of ports. The first port it tries to connect to is TCP port 8875, followed by 4444, 5555, 6666, 7777, or 8888. Users can also configure Napster to proxy servers which will connect them to the Napster servers as well. RealPlayer RealPlayer must have server rights to work with ZoneAlarm. Go to the Programs panel to set allow server permissions. Always launch Real Player after ZoneAlarm is launched. Real Player may try to see out to the Internet at times when the application is not even open. This is because there are options within Real Player for receiving all sorts of updates. To rectify this, you should check your Real Player preferences and uncheck options that try to "phone home." You might also be interested in the following web site: http://grc.com/downloaders.htm mIRC and ICQ mIRC and ICQ require server rights. You can assign these rights in the Programs panel. If you have configured ZoneAlarm to allow ICQ or mIRC access to the Internet, these applications will function normally. Take a look at these web sites for information: ■ http://diamond-back.com/icqhazards.html ■ and http://www.irchelp.org For mIRC usage, we suggest disabling the IDENT feature located in the IDENT tab within mIRC. Chat All chat software requires server rights. You assign these rights in the Programs panel. If you have configured ZoneAlarm to allow chat allow server privileges, you will be able to chat normally with your ZoneAlarm firewall in place. file:///C|/Documents and Settings/rwilliams/Des..._Help_new_TOC/ZoneAlarmProHelp_FAQ_Software.htm (5 of 6) [4/12/2001 11:48:12 AM] ZoneAlarm Pro - How to manage 3rd party software BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des..._Help_new_TOC/ZoneAlarmProHelp_FAQ_Software.htm (6 of 6) [4/12/2001 11:48:12 AM] ZoneAlarm Pro - File and Printer sharing File and Printer sharing What is file and printer sharing (FPS)? Why implement file sharing? NetBIOS: example of the risk involved in file sharing Add computers to the Local Zone for file sharing What is file and printer sharing (FPS)? The largest security risk to Windows users in a network setting is caused by the improper enabling of file and printer sharing (FPS). File sharing is implemented when files in specific directories are shared between users across a network. This includes users on the Internet when the computers have a live Internet connection. File and Printer Sharing (FPS) is a service that comes with Windows operating systems. It allows users to share files and printers over a network. To implement file sharing, certain drives, folders, files or a combination of these are selected to be shared. With printer sharing, you have the choice of either sharing the printer(s) connected to your computer or not sharing them. Why implement file sharing? File sharing allows easy collaboration because everyone in a group or network can share specific files on their computers with everyone else in their trusted group. File sharing must be activated by your network administrator or in your operating system. What ZoneAlarm Pro does is to provide the Internet security firewall that will protect the shared files from Internet intrusions from untrusted computers. To take advantage of ZoneAlarm Pro's protection, each computer that is sharing files must be included in the Local Zone. NetBIOS: an example of the risk involved in File sharing file:///C|/Documents and Settings/rwilliams/Desk...Alarm_Pro_Help_new_TOC/How_to_do_Filesshares.htm (1 of 2) [4/12/2001 11:48:41 AM] ZoneAlarm Pro - File and Printer sharing When all files on your computer are shared, one of the major risks involved is that an Internet intruder will find out confidential system information from your computer. A good example is NetBIOS Names And Share Names. The NetBIOS name table of your computer is available to anyone who wishes to query your system directly over the Internet using its IP address. A utility exists on all Windows machines called NBTSTAT.EXE which performs these queries. If your name table discloses something you would rather keep secret, change its entries to something less informative. If you want anonymity, don't list your personal name or other identifying information in your NetBIOS name table. If sharing is enabled via the Internet, the shared resources' names and descriptions are automatically available for anyone to see, regardless of passwords. To see what others see in your NetBIOS nametable, open a DOS window while online and type: nbtstat -n Add computers to the Local Zone for File sharing Once ZoneAlarm Pro is installed on the computers in your network, each computer in the network has a Local Zone. To set up ZoneAlarm Pro's file sharing protection, the Local Zone on each computer must include all the other computers with whom secure file sharing should take place. If you are a single user, you only need to include machines that you trust in your Local Zone. Once this is done, you can share files knowing that you are protected by the ZoneAlarm Pro firewall. At the same time, Internet Zone security should be set to High for maximum protection. Click on this link for directions: Adding computers to your Local Zone. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...Alarm_Pro_Help_new_TOC/How_to_do_Filesshares.htm (2 of 2) [4/12/2001 11:48:41 AM] Zone Labs: Support Select One... > Support Welcome to the Zone Labs Web-Based Technical Support for ZoneAlarm and ZoneAlarm Pro. Customer Service Zone Labs is committed to satisfying the needs of our customers. The technical support group at Zone Labs provides expertise in technical support to help ensure that our customers' technical questions and issues are quickly addressed. ● To Solve a Technical Issue Information Zone Labs Technical Support Users of ZoneAlarm and ZoneAlarm Pro who need to solve a technical issue, or have questions about setting up and properly using ZoneAlarm and ZoneAlarm Pro. Technical Support FAQ's ZoneAlarm ● To Address a Customer Service Issue Web-Based Customer Service Please select this option for all other service related issues such as purchasing and successfully downloading our products, billing, refunds, and general questions about ZoneAlarm and ZoneAlarm Pro. ZoneAlarm Pro Common Questions Technical Support Web-based Support Form ● To Obtain Corporate Customer Support Corporate customers may directly contact their designated support representative. Additional Information Enterprise Sales Privacy & Legal About Zone Labs http://www.zonelabs.com/services/support.htm (1 of 2) [4/12/2001 11:48:58 AM] Zone Labs: Support Copyright ©1999-2001 Zone Labs, Inc., 1060 Howard Street, San Francisco, CA 94103, USA. All rights reserved. All other trademarks are the property of their respective owners. http://www.zonelabs.com/services/support.htm (2 of 2) [4/12/2001 11:48:58 AM] Zone Labs: Support Select One... Support > Support Info: ZoneAlarm Pro > Installation and Uninstallation Installation and Uninstallation If you want to double-check the work of the uninstaller, or if you suspect you may have a broken installation/uninstallation, this document contains the complete list of files and registry entries to check. Customer Service Information Technical Support FAQ's ZoneAlarm ZoneAlarm Pro How It Works Installation and Uninstallation Configuration Operation The uninstaller should remove all of the ZoneAlarm Pro program files. If ZoneAlarm Pro is your only client of the TrueVector Internet monitoring service (this is usually the case), the uninstaller should remove the TrueVector service files also. The uninstaller does not remove the program information files. Please select your operating system for the most specific information: Windows 95 Windows 98 Windows 2000 Windows NT Windows Me ZoneAlarm Pro Uninstallation Details for Windows 95 1. Uninstalling ZoneAlarm Pro 2. Files installed with ZoneAlarm Pro 3. Windows files updated by ZoneAlarm Pro 4. Shortcuts created by ZoneAlarm Pro 5. Registry Entries 6. What is the most troublefree way to uninstall or upgrade ZoneAlarm Pro? 7. Missing the "INSTALL.LOG" file? Registration LAN Topics ICS Topics 1. Uninstalling ZoneAlarm Pro If you want to uninstall ZoneAlarm Pro, first run the Uninstaller program: click on the Start menu|Programs|ZoneAlarm|Uninstall ZoneAlarm Pro menu item. ISP Topics You can uninstall the program manually by removing the following files and registry entries. OS Topics 2. Files installed with ZoneAlarm Pro: C:\Program Files\Zone Labs\ZoneAlarm\ ● UNWISE.EXE ● Readme.txt ● License.txt ● zapro.exe ● zonealarm.exe ● zoneband.dll ● INSTALL.LOG is also installed Full List of FAQ's ZA Pro Release History & Updates Common Questions Technical Support Web-based Support Form Additional Information Enterprise Sales C:\Program Files\Zone Labs\ZoneAlarm\Help\ ● ZoneAlarmProHelp*.htm ● ZoneAlarmProInfo.htm ● Images\*.* http://www.zonelabs.com/services/support_zap_install.htm (1 of 16) [4/12/2001 11:49:16 AM] Zone Labs: Support Privacy & Legal About Zone Labs C:\Windows\System\ ● vsdata.dll ● vsdata95.vxd ● vsmonapi.dll ● vsnetutils.dll ● vspubapi.dll ● vsutil.dll C:\Windows\System\Zone Labs ● html.tdr ● minilog.exe ● vsmon.exe ● vsruledb.dll ● vsdb.dll C:\Windows\Internet logs: ● ZALog.txt ● Iamdb.rdb ● <mycomputer>.ldb (where <mycomputer> is your computer name) 3. Windows files updated by ZoneAlarm Pro (Should NOT be removed during uninstall!) C:\WINNT\System\ ● msvcrt.dll ● psapi.dll 4. Shortcuts created by ZoneAlarm Pro C:\Windows\Profiles\(user name i.e. kivuh)\Start Menu\Programs ● \Zone Labs\ZoneAlarm Pro.lnk ● \Zone Labs\Uninstall ZoneAlarm Pro.lnk ● \Zone Labs\Readme.lnk C:\Windows\All Users\Start menu\Programs ● \Startup\ZoneAlarm Pro.lnk 5. Registry Entries Important Advisory: Deleting registry entries incorrectly may cause serious problems to your operating system (OS) which may necessitate the need to reinstall the OS. Please make sure you are able to perform these deletions correctly before you decide to edit the entries. For information about how to edit the registry in Windows 95, type "regedit.exe" from a command prompt. Click "Help," then "Help Topic." Click "Changing Keys and Values." Note that you should back up the registry before you edit it. The following key contains information needed by the uninstaller: ● Key: HKEY_LOCAL_MACHINE\Software\Zone Labs and all its subkeys and values. ● Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Pro If your system is running Windows 95 these registry items start the services required for ZoneAlarm Pro: ● Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService ● Value: MiniLog and Value: TrueVector Under Windows 95, these values are added to the Shared DLLs database: http://www.zonelabs.com/services/support_zap_install.htm (2 of 16) [4/12/2001 11:49:16 AM] Zone Labs: Support This is a database that contains a long list of values, but only these values are related to ZoneAlarm Pro and TrueVector: ● Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs ● Values: ❍ C:\Windows\System\vsdata.dll ❍ C:\Windows\System\vsdata95.vxd ❍ C:\Windows\System\vsmonapi.dll ❍ C:\Windows\System\vsnetutils.dll ❍ C:\Windows\System\vsnetu.dll ❍ C:\Windows\System\vspubapi.dll ❍ C:\Windows\System\vsutil.dll ❍ C:\Windows\System\Zone Labs\html.tdr ❍ C:\Windows\System\Zone Labs\vsdb.dll ❍ C:\Windows\System\Zone Labs\minilog.exe ❍ C:\Windows\System\Zone Labs\vsmon.exe ❍ C:\Windows\System\Zone Labs\vsruledb.dll For each user who has run ZoneAlarm Pro, there are registry keys in ● Key: HKEY_CURRENT_USER\Software\Zone Labs The following keys allow the user to modify the sound that is played when there is an alert through use of the Control Panel Sounds applet: ● Key: HKEY_CURRENT_USER\AppEvents\EventLabels\InternetAlert ● Key: HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\InternetAlert\.current On Windows 95 systems, the following keys tell Windows the ZoneAlarm Pro Desk Band is a part of ZoneAlarm Pro: ● Key: HKEY_CLASSES_ROOT\CLSID\{long string of characters}\InprocServer32 ● Value: C:\Program Files\Zone Labs\ZoneAlarm\zoneband.dll The string of characters will vary from system to system. There is a registry key for the extension of every attachment that ZoneAlarm Pro quarantines (.vbs, for example). This can be found in: ● Key: HKEY_CLASSES_ROOT ● Value: ZAMailSafeExt: REG_SZ: {renamed extension -- zl9, for example) 6. What is the most troublefree way to uninstall or upgrade ZoneAlarm Pro? The most important step in uninstalling or upgrading is to make sure that ZoneAlarm and its underlying TrueVector service are not running. If TrueVector is left running, certain files may not be removed or replaced. Also, if you use the Desk Band feature, this should be disabled before uninstalling or upgrading ZoneAlarm. Note that shutting down ZoneAlarm from the tray icon only shuts down the user interface. It may or may not unload TrueVector, depending on how ZoneAlarm was started. To unload the TrueVector Service and disable the Desk Band: 1. Go to the Configure panel and uncheck the box labeled, "Load ZoneAlarm at Windows startup" (or "Load ZoneAlarm Pro at startup") 2. Right click any unused portion of the task bar at the bottom of the screen, select "Toolbars", and uncheck "ZoneAlarm Desk Band" (or ZoneAlarm Pro Desk Band") 3. REBOOT Windows (very important). AFTER UNLOADING TRUEVECTOR AND REBOOTING: To uninstall ZoneAlarm Pro: Click Start | Programs | Zone Labs | Uninstall ZoneAlarm Pro http://www.zonelabs.com/services/support_zap_install.htm (3 of 16) [4/12/2001 11:49:16 AM] Zone Labs: Support To clear your configuration settings in ZoneAlarm or ZoneAlarm Pro: 1. For Windows9x, remove the files in \windows\internet logs 2. For WindowsNT and Windows2000, remove the files in \winnt\internet logs Note that these files are not deleted by the uninstallation process. To upgrade ZoneAlarm: 1. It is usually not necessary to uninstall your current version of ZoneAlarm to upgrade to a newer version or to ZoneAlarm Pro. Just double-click on the self-installing executable file, zonealmxx.exe or zaproxx.exe. Your configuration settings are saved from your previous installation. 2. If you are upgrading from a very old version of ZoneAlarm (especially from version 2.0 or earlier), you should uninstall ZoneAlarm and clear your configuration settings in the internet logs directory, as described above. You may also with to consider doing this if you are upgrading from a beta release of ZoneAlarm. 3. If you encounter problems, please refer to the ZoneAlarm uninstall FAQ page. Due to significant differences between ZoneAlarm and ZoneAlarm Pro, it is particularly important to uninstall ZoneAlarm Pro completely if you wish to go back to using regular ZoneAlarm. To revert back to ZoneAlarm from ZoneAlarm Pro: 1. Unload TrueVector and disable the Desk Band, as described above. 2. Uninstall ZoneAlarm Pro, as described above. 3. Remove the files in the internet logs directory, as described above. 4. Check for completeness of the uninstallation by referring to this ZoneAlarm Pro FAQ page. 5. Install ZoneAlarm by double-clicking on zonealmxx.exe. 7. Missing INSTALL.LOG file? If the uninstaller displays the message "Could not open INSTALL.LOG file or prompts you for an Install.log file but you cant find one in the ZoneAlarm Pro directory, this usually indicates that the original installation was incomplete. This can occur if you canceled the installation program after it installed product. Back to the Top ZoneAlarm Pro Uninstallation Details for Windows 98 1. Uninstalling ZoneAlarm Pro 2. Files installed with ZoneAlarm Pro 3. Windows files updated by ZoneAlarm Pro 4. Shortcuts created by ZoneAlarm Pro 5. Registry Entries 6. What is the most troublefree way to uninstall or upgrade ZoneAlarm Pro? 7. Missing the "INSTALL.LOG" file? 1. Uninstalling ZoneAlarm Pro If you want to uninstall ZoneAlarm Pro, first run the Uninstaller program: click on the Start menu|Programs|ZoneAlarm|Uninstall ZoneAlarm Pro menu item. You can uninstall the program manually by removing the following files and registry entries. 2. Files installed with ZoneAlarm Pro: C:\Program Files\Zone Labs\ZoneAlarm\ ● UNWISE.EXE ● Readme.txt ● License.txt ● zapro.exe ● zonealarm.exe http://www.zonelabs.com/services/support_zap_install.htm (4 of 16) [4/12/2001 11:49:16 AM] Zone Labs: Support ● ● zoneband.dll INSTALL.LOG is also installed C:\Program Files\Zone Labs\ZoneAlarm\Help\ ● ZoneAlarmProHelp*.htm ● ZoneAlarmProInfo.htm ● Images\*.* C:\Windows\System\ ● vsdata.dll ● vsdata95.vxd ● vsmonapi.dll ● vsnetutils.dll ● vspubapi.dll ● vsutil.dll C:\Windows\System\Zone Labs ● html.tdr ● minilog.exe ● vsmon.exe ● vsruledb.dll ● vsdb.dll C:\Windows\Internet logs: ● ZALog.txt ● Iamdb.rdb ● <mycomputer>.ldb (where <mycomputer> is your computer name) 3. Windows files updated by ZoneAlarm Pro (Should NOT be removed during uninstall!) C:\WINNT\System\ ● msvcrt.dll ● psapi.dll 4. Shortcuts created by ZoneAlarm Pro C:\Windows\Profiles\(user name i.e. kivuh)\Start Menu\Programs ● \Zone Labs\ZoneAlarm Pro.lnk ● \Zone Labs\Uninstall ZoneAlarm Pro.lnk ● \Zone Labs\Readme.lnk C:\Windows\All Users\Start menu\Programs ● \Startup\ZoneAlarm Pro.lnk 5. Registry Entries Important Advisory: Deleting registry entries incorrectly may cause serious problems to your operating system (OS) which may necessitate the need to reinstall the OS. Please make sure you are able to perform these deletions correctly before you decide to edit the entries. For information about how to edit the registry in Window 98, type "regedit.exe" from a command prompt. Click "Help," then "Help Topic." Click "Changing Keys and Values." Note that you should back up the registry before you edit it. The following key contains information needed by the uninstaller: ● Key: HKEY_LOCAL_MACHINE\Software\Zone Labs and all its subkeys and values. ● Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm http://www.zonelabs.com/services/support_zap_install.htm (5 of 16) [4/12/2001 11:49:16 AM] Zone Labs: Support Pro If your system is running Windows 98 these registry items starts the services required for ZoneAlarm Pro: ● Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService ● Value: MiniLog and Value: TrueVector Under Windows 98, these values are added to the Shared DLLs database: This is a database that contains a long list of values, but only these values are related to ZoneAlarm Pro and TrueVector: ● Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs ● Values: ❍ C:\Windows\System\vsdata.dll ❍ C:\Windows\System\vsdata95.vxd ❍ C:\Windows\System\vsmonapi.dll ❍ C:\Windows\System\vsnetutils.dll ❍ C:\Windows\System\vsnetu.dll ❍ C:\Windows\System\vspubapi.dll ❍ C:\Windows\System\vsutil.dll ❍ C:\Windows\System\Zone Labs\html.tdr ❍ C:\Windows\System\Zone Labs\vsdb.dll ❍ C:\Windows\System\Zone Labs\minilog.exe ❍ C:\Windows\System\Zone Labs\vsmon.exe ❍ C:\Windows\System\Zone Labs\vsruledb.dll For each user who has run ZoneAlarm Pro, there are registry keys in ● Key: HKEY_CURRENT_USER\Software\Zone Labs The following keys allow the user to modify the sound that is played when there is an alert through use of the Control Panel Sounds applet: ● Key: HKEY_CURRENT_USER\AppEvents\EventLabels\InternetAlert ● Key: HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\InternetAlert\.current On Windows 98 systems, the following keys tell Windows the ZoneAlarm Pro Desk Band is a part of ZoneAlarm Pro: ● Key: HKEY_CLASSES_ROOT\CLSID\{long string of characters}\InprocServer32 ● Value: C:\Program Files\Zone Labs\ZoneAlarm\zoneband.dll The string of characters will vary from system to system. There is a registry key for the extension of every attachment that ZoneAlarm Pro quarantines (.vbs, for example). This can be found in: ● Key: HKEY_CLASSES_ROOT ● Value: ZAMailSafeExt: REG_SZ: {renamed extension -- zl9, for example) 6. What is the most troublefree way to uninstall or upgrade ZoneAlarm Pro? The most important step in uninstalling or upgrading is to make sure that ZoneAlarm and its underlying TrueVector service are not running. If TrueVector is left running, certain files may not be removed or replaced. Also, if you use the Desk Band feature, this should be disabled before uninstalling or upgrading ZoneAlarm. Note that shutting down ZoneAlarm from the tray icon only shuts down the user interface. It may or may not unload TrueVector, depending on how ZoneAlarm was started. To unload the TrueVector Service and disable the Desk Band: 1. Go to the Configure panel and uncheck the box labeled, "Load ZoneAlarm at Windows startup" (or http://www.zonelabs.com/services/support_zap_install.htm (6 of 16) [4/12/2001 11:49:16 AM] Zone Labs: Support "Load ZoneAlarm Pro at startup") 2. Right click any unused portion of the task bar at the bottom of the screen, select "Toolbars", and uncheck "ZoneAlarm Desk Band" (or ZoneAlarm Pro Desk Band") 3. REBOOT Windows (very important). AFTER UNLOADING TRUEVECTOR AND REBOOTING: To uninstall ZoneAlarm Pro: Click Start | Programs | Zone Labs | Uninstall ZoneAlarm Pro To clear your configuration settings in ZoneAlarm or ZoneAlarm Pro: 1. For Windows9x, remove the files in \windows\internet logs 2. For WindowsNT and Windows2000, remove the files in \winnt\internet logs Note that these files are not deleted by the uninstallation process. To upgrade ZoneAlarm: 1. It is usually not necessary to uninstall your current version of ZoneAlarm to upgrade to a newer version or to ZoneAlarm Pro. Just double-click on the self-installing executable file, zonealmxx.exe or zaproxx.exe. Your configuration settings are saved from your previous installation. 2. If you are upgrading from a very old version of ZoneAlarm (especially from version 2.0 or earlier), you should uninstall ZoneAlarm and clear your configuration settings in the internet logs directory, as described above. You may also with to consider doing this if you are upgrading from a beta release of ZoneAlarm. 3. If you encounter problems, please refer to the ZoneAlarm uninstall FAQ page. Due to significant differences between ZoneAlarm and ZoneAlarm Pro, it is particularly important to uninstall ZoneAlarm Pro completely if you wish to go back to using regular ZoneAlarm. To revert back to ZoneAlarm from ZoneAlarm Pro: 1. Unload TrueVector and disable the Desk Band, as described above. 2. Uninstall ZoneAlarm Pro, as described above. 3. Remove the files in the internet logs directory, as described above. 4. Check for completeness of the uninstallation by referring to this ZoneAlarm Pro FAQ page. 5. Install ZoneAlarm by double-clicking on zonealmxx.exe. 7. Missing INSTALL.LOG file? If the uninstaller displays the message "Could not open INSTALL.LOG file or prompts you for an Install.log file but you cant find one in the ZoneAlarm Pro directory, this usually indicates that the original installation was incomplete. This can occur if you canceled the installation program after it installed product. Back to the Top ZoneAlarm Pro Uninstallation Details for Windows 2000 1. Uninstalling ZoneAlarm Pro 2. Files installed with ZoneAlarm Pro 3. Windows files updated by ZoneAlarm Pro 4. Shortcuts created by ZoneAlarm Pro 5. Registry Entries 6. What is the most troublefree way to uninstall or upgrade ZoneAlarm Pro? 7. Missing the "INSTALL.LOG" file? 1. Uninstalling ZoneAlarm Pro If you want to uninstall ZoneAlarm Pro, first run the Uninstaller program: click on the Start menu|Programs|ZoneAlarm|Uninstall ZoneAlarm Pro menu item. You can uninstall the program manually by removing the following files and registry entries. 2. Files installed with ZoneAlarm Pro C:\Program Files\Zone Labs\ZoneAlarm\ http://www.zonelabs.com/services/support_zap_install.htm (7 of 16) [4/12/2001 11:49:16 AM] Zone Labs: Support ● ● ● ● ● ● ● UNWISE.EXE Readme.txt License.txt zapro.exe zonealarm.exe zoneband.dll INSTALL.LOG is also installed C:\Program Files\Zone Labs\ZoneAlarm\Help\ ● ZoneAlarmProHelp*.htm ● ZoneAlarmProInfo.htm ● Images\*.* C:\WINNT\System32\ ● vsmonapi.dll ● vsnetutils.dll ● vspubapi.dll ● vsutil.dll C:\WINNT\System32\Zone Labs ● html.tdr ● minilog.exe ● vsmon.exe ● vsruledb.dll ● vsdb.dll C:\Windows\Internet logs: ● ZALog.txt ● Iamdb.rdb ● <mycomputer>.ldb (where <mycomputer> is your computer name) 3. Windows files updated by ZoneAlarm Pro (Should NOT be removed during uninstall!) C:\WINNT\System32\ ● msvcrt.dll ● psapi.dll 4. Shortcuts created by ZoneAlarm Pro C:\Documents and Settings\All Users\Start Menu\Programs ● \Zone Labs\Uninstall ZoneAlarm Pro.lnk ● \Zone Labs\Readme.lnk ● \Startup\ZoneAlarm Pro.lnk 5. Registry Entries Important Advisory: Deleting registry entries incorrectly may cause serious problems to your operating system (OS) which may necessitate the need to reinstall the OS. Please make sure you are able to perform these deletions correctly before you decide to edit the entries. If you are running Windows 2000, type "regedt32.exe" from a command prompt. Click "Help," then "Contents." Click the "Add and Delete Information in the Registry" and "Edit Registry Information." Note that you should back up the registry before you edit it. If you are running Windows 2000, you should also update your Emergency Repair Disk (ERD). The following key contains information needed by the uninstaller: ● Key: HKEY_LOCAL_MACHINE\Software\Zone Labs and all its subkeys and values. http://www.zonelabs.com/services/support_zap_install.htm (8 of 16) [4/12/2001 11:49:16 AM] Zone Labs: Support ● Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Pro Under Windows 2000, these two registry keys, and all their subkeys, denote the TrueVector service and the TrueVector device driver: ● Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsmon ● Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsdatant Under Windows 2000, this registry key and its subkeys denote ZoneAlarm Pro's alert logging service: ● Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\minilog Under Windows 2000, these values are added to the Shared DLLs database: This is a database that contains a long list of values, but only these values are related to ZoneAlarm Pro and TrueVector: ● Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs ● Values: ❍ C:\Windows\System\vsdata.dll ❍ C:\Windows\System\vsdatant.sys ❍ C:\Windows\System\vsmonapi.dll ❍ C:\Windows\System\vsnetutils.dll ❍ C:\Windows\System\vsnetu.dll ❍ C:\Windows\System\vspubapi.dll ❍ C:\Windows\System\vsutil.dll ❍ C:\Windows\System\Zone Labs\html.tdr ❍ C:\Windows\System\Zone Labs\vsdb.dll ❍ C:\Windows\System\Zone Labs\minilog.exe ❍ C:\Windows\System\Zone Labs\vsmon.exe ❍ C:\Windows\System\Zone Labs\vsruledb.dll For each user who has run ZoneAlarm Pro, there are registry keys in ● Key: HKEY_CURRENT_USER\Software\Zone Labs The following keys allow the user to modify the sound that is played when there is an alert through use of the Control Panel Sounds applet: ● Key: HKEY_CURRENT_USER\AppEvents\EventLabels\InternetAlert ● Key: HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\InternetAlert\.current The string of characters will vary from system to system. There is a registry key for the extension of every attachment that ZoneAlarm Pro quarantines (.vbs, for example). This can be found in: ● Key: HKEY_CLASSES_ROOT ● Value: ZAMailSafeExt: REG_SZ: {renamed extension -- zl9, for example) 6. What is the most troublefree way to uninstall or upgrade ZoneAlarm Pro? The most important step in uninstalling or upgrading is to make sure that ZoneAlarm and its underlying TrueVector service are not running. If TrueVector is left running, certain files may not be removed or replaced. Also, if you use the Desk Band feature, this should be disabled before uninstalling or upgrading ZoneAlarm. Note that shutting down ZoneAlarm from the tray icon only shuts down the user interface. It may or may not unload TrueVector, depending on how ZoneAlarm was started. To unload the TrueVector Service and disable the Desk Band: 1. Go to the Configure panel and uncheck the box labeled, "Load ZoneAlarm at Windows startup" (or http://www.zonelabs.com/services/support_zap_install.htm (9 of 16) [4/12/2001 11:49:16 AM] Zone Labs: Support "Load ZoneAlarm Pro at startup") 2. Right click any unused portion of the task bar at the bottom of the screen, select "Toolbars", and uncheck "ZoneAlarm Desk Band" (or ZoneAlarm Pro Desk Band") 3. REBOOT Windows (very important). AFTER UNLOADING TRUEVECTOR AND REBOOTING: To uninstall ZoneAlarm Pro: Click Start | Programs | Zone Labs | Uninstall ZoneAlarm Pro To clear your configuration settings in ZoneAlarm or ZoneAlarm Pro: 1. For Windows9x, remove the files in \windows\internet logs 2. For WindowsNT and Windows2000, remove the files in \winnt\internet logs Note that these files are not deleted by the uninstallation process. To upgrade ZoneAlarm: 1. It is usually not necessary to uninstall your current version of ZoneAlarm to upgrade to a newer version or to ZoneAlarm Pro. Just double-click on the self-installing executable file, zonealmxx.exe or zaproxx.exe. Your configuration settings are saved from your previous installation. 2. If you are upgrading from a very old version of ZoneAlarm (especially from version 2.0 or earlier), you should uninstall ZoneAlarm and clear your configuration settings in the internet logs directory, as described above. You may also with to consider doing this if you are upgrading from a beta release of ZoneAlarm. 3. If you encounter problems, please refer to the ZoneAlarm uninstall FAQ page. Due to significant differences between ZoneAlarm and ZoneAlarm Pro, it is particularly important to uninstall ZoneAlarm Pro completely if you wish to go back to using regular ZoneAlarm. To revert back to ZoneAlarm from ZoneAlarm Pro: 1. Unload TrueVector and disable the Desk Band, as described above. 2. Uninstall ZoneAlarm Pro, as described above. 3. Remove the files in the internet logs directory, as described above. 4. Check for completeness of the uninstallation by referring to this ZoneAlarm Pro FAQ page. 5. Install ZoneAlarm by double-clicking on zonealmxx.exe. 7.Missing INSTALL.LOG file? If the uninstaller displays the message "Could not open INSTALL.LOG file or prompts you for an Install.log file but you cant find one in the ZoneAlarm Pro directory, this usually indicates that the original installation was incomplete. This can occur if you canceled the installation program after it installed product. Back to the Top ZoneAlarm Pro Uninstallation Details for Windows NT 1. Files installed with ZoneAlarm Pro 2. Windows files updated by ZoneAlarm Pro 3. Shortcuts created by ZoneAlarm Pro 4. Registry Entries 5. What is the most troublefree way to uninstall or upgrade ZoneAlarm Pro? 1. Files installed with ZoneAlarm Pro C:\Program Files\Zone Labs\ZoneAlarm\ ● UNWISE.EXE ● Readme.txt ● License.txt ● zapro.exe ● zonealarm.exe ● zoneband.dll http://www.zonelabs.com/services/support_zap_install.htm (10 of 16) [4/12/2001 11:49:16 AM] Zone Labs: Support ● install.log C:\Program Files\Zone Labs\ZoneAlarm\Help\ ● ZoneAlarmProHelp*.htm ● ZoneAlarmProInfo.htm ● Images\*.* C:\WINNT\System32\ ● vsdata.dll ● vsdatant.sys ● vsmonapi.dll ● vsnetutils.dll ● vspubapi.dll ● vsutil.dll C:\WINNT\System32\Zone Labs ● html.tdr ● minilog.exe ● vsmon.exe ● vsruledb.dll ● vsdb.dll C:\Windows\Internet logs: ● ZALog.txt ● Iamdb.rdb ● <my computer>.ldb (where <my computer> is your computer name) 2. Windows files updated by ZoneAlarm Pro (Should NOT be removed during uninstall!) C:\WINNT\System32\ ● msvcrt.dll ● psapi.dll 3. Shortcuts created by ZoneAlarm Pro C:\Documents and Settings\All Users\Start Menu\Programs ● \Zone Labs\ZoneAlarm Pro.lnk ● \Zone Labs\Uninstall ZoneAlarm Pro.lnk ● \Zone Labs\Readme.lnk ● \Startup\ZoneAlarm Pro.lnk 4. Registry Entries Important Advisory: Deleting registry entries incorrectly may cause serious problems to your operating system (OS) which may necessitate the need to reinstall the OS. Please make sure you are able to perform these deletions correctly before you decide to edit the entries. If you are running Windows NT, type "regedt32.exe" from a command prompt. Click "Help," then "Contents." Click the "Add and Delete Information in the Registry" and "Edit Registry Information." Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD). The following key contains information needed by the uninstaller: ● Key: HKEY_LOCAL_MACHINE\Software\Zone Labs and all its subkeys and values. ● Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Pro http://www.zonelabs.com/services/support_zap_install.htm (11 of 16) [4/12/2001 11:49:16 AM] Zone Labs: Support Under Windows NT, these two registry keys, and all their subkeys, denote the TrueVector service and the TrueVector device driver: ● Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsmon ● Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsdatant Under Windows NT, this registry key and its subkeys denote ZoneAlarm Pro's alert logging service: ● Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\minilog Under Windows NT, these values are added to the Shared DLLs database: This is a database that contains a long list of values, but only these values are related to ZoneAlarm Pro and TrueVector: ● Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs ● Values: ❍ C:\Windows\System\vsdata.dll ❍ C:\Windows\System\vsdatant.sys ❍ C:\Windows\System\vsmonapi.dll ❍ C:\Windows\System\vsnetutils.dll ❍ C:\Windows\System\vsnetu.dll ❍ C:\Windows\System\vspubapi.dll ❍ C:\Windows\System\vsutil.dll ❍ C:\Windows\System\Zone Labs\html.tdr ❍ C:\Windows\System\Zone Labs\vsdb.dll ❍ C:\Windows\System\Zone Labs\minilog.exe ❍ C:\Windows\System\Zone Labs\vsmon.exe ❍ C:\Windows\System\Zone Labs\vsruledb.dll For each user who has run ZoneAlarm Pro, there are registry keys in ● Key: HKEY_CURRENT_USER\Software\Zone Labs The following keys allow the user to modify the sound that is played when there is an alert through use of the Control Panel Sounds applet: ● Key: HKEY_CURRENT_USER\AppEvents\EventLabels\InternetAlert ● Key: HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\InternetAlert\.current The string of characters will vary from system to system. There is a registry key for the extension of every attachment that ZoneAlarm Pro quarantines (.vbs, for example). This can be found in: ● Key: HKEY_CLASSES_ROOT ● Value: ZAMailSafeExt: REG_SZ: {renamed extension -- zl9, for example) 5. What is the most troublefree way to uninstall or upgrade ZoneAlarm Pro? The most important step in uninstalling or upgrading is to make sure that ZoneAlarm and its underlying TrueVector service are not running. If TrueVector is left running, certain files may not be removed or replaced. Also, if you use the Desk Band feature, this should be disabled before uninstalling or upgrading ZoneAlarm. Note that shutting down ZoneAlarm from the tray icon only shuts down the user interface. It may or may not unload TrueVector, depending on how ZoneAlarm was started. To unload the TrueVector Service and disable the Desk Band: 1. Go to the Configure panel and uncheck the box labeled, "Load ZoneAlarm at Windows startup" (or "Load ZoneAlarm Pro at startup") 2. Right click any unused portion of the task bar at the bottom of the screen, select "Toolbars", and uncheck "ZoneAlarm Desk Band" (or ZoneAlarm Pro Desk Band") 3. REBOOT Windows (very important). http://www.zonelabs.com/services/support_zap_install.htm (12 of 16) [4/12/2001 11:49:16 AM] Zone Labs: Support AFTER UNLOADING TRUEVECTOR AND REBOOTING: To uninstall ZoneAlarm Pro: Click Start | Programs | Zone Labs | Uninstall ZoneAlarm Pro To clear your configuration settings in ZoneAlarm or ZoneAlarm Pro: 1. For Windows9x, remove the files in \windows\internet logs 2. For WindowsNT and Windows2000, remove the files in \winnt\internet logs Note that these files are not deleted by the uninstallation process. To upgrade ZoneAlarm: 1. It is usually not necessary to uninstall your current version of ZoneAlarm to upgrade to a newer version or to ZoneAlarm Pro. Just double-click on the self-installing executable file, zonealmxx.exe or zaproxx.exe. Your configuration settings are saved from your previous installation. 2. If you are upgrading from a very old version of ZoneAlarm (especially from version 2.0 or earlier), you should uninstall ZoneAlarm and clear your configuration settings in the internet logs directory, as described above. You may also with to consider doing this if you are upgrading from a beta release of ZoneAlarm. 3. If you encounter problems, please refer to the ZoneAlarm uninstall FAQ page. Due to significant differences between ZoneAlarm and ZoneAlarm Pro, it is particularly important to uninstall ZoneAlarm Pro completely if you wish to go back to using regular ZoneAlarm. To revert back to ZoneAlarm from ZoneAlarm Pro: 1. Unload TrueVector and disable the Desk Band, as described above. 2. Uninstall ZoneAlarm Pro, as described above. 3. Remove the files in the internet logs directory, as described above. 4. Check for completeness of the uninstallation by referring to this ZoneAlarm Pro FAQ page. 5. Install ZoneAlarm by double-clicking on zonealmxx.exe. Back to the Top ZoneAlarm Pro Uninstallation Details for Windows Me 1. Uninstalling ZoneAlarm Pro 2. Files installed with ZoneAlarm Pro 3. Windows files updated by ZoneAlarm Pro 4. Shortcuts created by ZoneAlarm Pro 5. Registry Entries 6. What is the most troublefree way to uninstall or upgrade ZoneAlarm Pro? 7. Missing the "INSTALL.LOG" file? 1. Uninstalling ZoneAlarm Pro If you want to uninstall ZoneAlarm Pro, first run the Uninstaller program: click on the Start menu|Programs|ZoneAlarm|Uninstall ZoneAlarm Pro menu item. You can uninstall the program manually by removing the following files and registry entries. 2. Files installed with ZoneAlarm Pro: C:\Program Files\Zone Labs\ZoneAlarm\ ● UNWISE.EXE ● Readme.txt ● License.txt ● zapro.exe ● zonealarm.exe ● zoneband.dll ● INSTALL.LOG is also installed http://www.zonelabs.com/services/support_zap_install.htm (13 of 16) [4/12/2001 11:49:16 AM] Zone Labs: Support C:\Program Files\Zone Labs\ZoneAlarm\Help\ ● ZoneAlarmProHelp*.htm ● ZoneAlarmProInfo.htm ● Images\*.* C:\Windows\System\ ● vsdata.dll ● vsdata95.vxd ● vsmonapi.dll ● vsnetutils.dll ● vspubapi.dll ● vsutil.dll C:\Windows\System\Zone Labs ● html.tdr ● minilog.exe ● vsmon.exe ● vsruledb.dll ● vsdb.dll C:\Windows\Internet logs: ● ZALog.txt ● Iamdb.rdb ● <mycomputer>.ldb (where <mycomputer> is your computer name) 3. Windows files updated by ZoneAlarm Pro (Should NOT be removed during uninstall!) C:\WINNT\System\ ● msvcrt.dll ● psapi.dll 4. Shortcuts created by ZoneAlarm Pro C:\Windows\Profiles\(user name i.e. kivuh)\Start Menu\Programs ● \Zone Labs\ZoneAlarm Pro.lnk ● \Zone Labs\Uninstall ZoneAlarm Pro.lnk ● \Zone Labs\Readme.lnk C:\Windows\All Users\Start menu\Programs ● \Startup\ZoneAlarm Pro.lnk 5. Registry Entries Important Advisory: Deleting registry entries incorrectly may cause serious problems to your operating system (OS) which may necessitate the need to reinstall the OS. Please make sure you are able to perform these deletions correctly before you decide to edit the entries. For information about how to edit the registry in Windows Me, type "regedit.exe" from a command prompt. Click "Help," then "Help Topic." Click "Changing Keys and Values." Note that you should back up the registry before you edit it. The following key contains information needed by the uninstaller: ● Key: HKEY_LOCAL_MACHINE\Software\Zone Labs and all its subkeys and values. ● Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Pro If your system is running Windows Me these registry items starts the services required for ZoneAlarm http://www.zonelabs.com/services/support_zap_install.htm (14 of 16) [4/12/2001 11:49:16 AM] Zone Labs: Support Pro: ● ● Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService Value: MiniLog and Value: TrueVector Under Windows Me, these values are added to the Shared DLLs database: This is a database that contains a long list of values, but only these values are related to ZoneAlarm Pro and TrueVector: ● Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs ● Values: ❍ C:\Windows\System\vsdata.dll ❍ C:\Windows\System\vsdata95.vxd ❍ C:\Windows\System\vsmonapi.dll ❍ C:\Windows\System\vsnetutils.dll ❍ C:\Windows\System\vsnetu.dll ❍ C:\Windows\System\vspubapi.dll ❍ C:\Windows\System\vsutil.dll ❍ C:\Windows\System\Zone Labs\html.tdr ❍ C:\Windows\System\Zone Labs\vsdb.dll ❍ C:\Windows\System\Zone Labs\minilog.exe ❍ C:\Windows\System\Zone Labs\vsmon.exe ❍ C:\Windows\System\Zone Labs\vsruledb.dll For each user who has run ZoneAlarm Pro, there are registry keys in ● Key: HKEY_CURRENT_USER\Software\Zone Labs The following keys allow the user to modify the sound that is played when there is an alert through use of the Control Panel Sounds applet: ● Key: HKEY_CURRENT_USER\AppEvents\EventLabels\InternetAlert ● Key: HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\InternetAlert\.current On Windows Me systems, the following keys tell Windows the ZoneAlarm Pro Desk Band is a part of ZoneAlarm Pro: ● Key: HKEY_CLASSES_ROOT\CLSID\{long string of characters}\InprocServer32 ● Value: C:\Program Files\Zone Labs\ZoneAlarm\zoneband.dll The string of characters will vary from system to system. There is a registry key for the extension of every attachment that ZoneAlarm Pro quarantines (.vbs, for example). This can be found in: ● Key: HKEY_CLASSES_ROOT ● Value: ZAMailSafeExt: REG_SZ: {renamed extension -- zl9, for example) 6. What is the most troublefree way to uninstall or upgrade ZoneAlarm Pro? The most important step in uninstalling or upgrading is to make sure that ZoneAlarm and its underlying TrueVector service are not running. If TrueVector is left running, certain files may not be removed or replaced. Also, if you use the Desk Band feature, this should be disabled before uninstalling or upgrading ZoneAlarm. Note that shutting down ZoneAlarm from the tray icon only shuts down the user interface. It may or may not unload TrueVector, depending on how ZoneAlarm was started. To unload the TrueVector Service and disable the Desk Band: 1. Go to the Configure panel and uncheck the box labeled, "Load ZoneAlarm at Windows startup" (or "Load ZoneAlarm Pro at startup") 2. Right click any unused portion of the task bar at the bottom of the screen, select "Toolbars", and http://www.zonelabs.com/services/support_zap_install.htm (15 of 16) [4/12/2001 11:49:16 AM] Zone Labs: Support uncheck "ZoneAlarm Desk Band" (or ZoneAlarm Pro Desk Band") 3. REBOOT Windows (very important). AFTER UNLOADING TRUEVECTOR AND REBOOTING: To uninstall ZoneAlarm Pro: Click Start | Programs | Zone Labs | Uninstall ZoneAlarm Pro To clear your configuration settings in ZoneAlarm or ZoneAlarm Pro: 1. For Windows9x, remove the files in \windows\internet logs 2. For WindowsNT and Windows2000, remove the files in \winnt\internet logs Note that these files are not deleted by the uninstallation process. To upgrade ZoneAlarm: 1. It is usually not necessary to uninstall your current version of ZoneAlarm to upgrade to a newer version or to ZoneAlarm Pro. Just double-click on the self-installing executable file, zonealmxx.exe or zaproxx.exe. Your configuration settings are saved from your previous installation. 2. If you are upgrading from a very old version of ZoneAlarm (especially from version 2.0 or earlier), you should uninstall ZoneAlarm and clear your configuration settings in the internet logs directory, as described above. You may also with to consider doing this if you are upgrading from a beta release of ZoneAlarm. 3. If you encounter problems, please refer to the ZoneAlarm uninstall FAQ page. Due to significant differences between ZoneAlarm and ZoneAlarm Pro, it is particularly important to uninstall ZoneAlarm Pro completely if you wish to go back to using regular ZoneAlarm. To revert back to ZoneAlarm from ZoneAlarm Pro: 1. Unload TrueVector and disable the Desk Band, as described above. 2. Uninstall ZoneAlarm Pro, as described above. 3. Remove the files in the internet logs directory, as described above. 4. Check for completeness of the uninstallation by referring to this ZoneAlarm Pro FAQ page. 5. Install ZoneAlarm by double-clicking on zonealmxx.exe. 7. Missing INSTALL.LOG file? If the uninstaller displays the message "Could not open INSTALL.LOG file or prompts you for an Install.log file but you cant find one in the ZoneAlarm Pro directory, this usually indicates that the original installation was incomplete. This can occur if you canceled the installation program after it installed product. Back to the Top Copyright ©1999-2001 Zone Labs, Inc., 1060 Howard Street, San Francisco, CA 94103, USA. All rights reserved. All other trademarks are the property of their respective owners. http://www.zonelabs.com/services/support_zap_install.htm (16 of 16) [4/12/2001 11:49:16 AM] ZoneAlarm Pro - Search Engines Search Engines Search Engines are where you can enter keywords that are then searched in a database created automatically, by "spiders" or programs that search the web without human interaction. Based on the keywords you typed in and the rules of the search engine, it retrieves Internet documents from its database. Each search engine has different rules for displaying the results of your search; therefore, from one search engine to the next, you may get incredibly different results. Generally, search engines are best used to locate a specific piece of information, like a document, an image, or a computer program, instead of a general subject. Examples of search engines include: ● ● ● ● ● AltaVista (http://www.altavista.com) Excite (http://www.excite.com) Google (http://www.google.com) HotBot (http://hotbot.lycos.com) Northern Light (http://www.northernlight.com) Search Directories Directories are indexes of subject categories organized from general subjects to specific. They allow you to browse through lists of Web sites by subject. Subject directory databases tend to be smaller than search engines' databases, so generally you will have a smaller result list, which more closely matches the subject contents from your search criteria. The main difference between a directory and a search engine is: directories are created by humans and engines are created by spiders. Directories are better for more generalized subject searches and search engines are better for keyword searches that are more specific. Examples of directories include: ● ● ● ● ● LookSmart (http://www.looksmart.com) Lycos (http://www.lycos.com/) Magellan (http://magellan.excite.com/) Open Directory (http://dmoz.org) Yahoo (http://www.yahoo.com) BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des..._Pro_Help_new_TOC/ZoneAlarmProHelp_Basics_2.htm (1 of 2) [4/12/2001 11:50:00 AM] ZoneAlarm Pro - Search Engines file:///C|/Documents and Settings/rwilliams/Des..._Pro_Help_new_TOC/ZoneAlarmProHelp_Basics_2.htm (2 of 2) [4/12/2001 11:50:00 AM] ZoneAlarm Pro - The Web Surfing the Web Click through the links below to review basic concepts about the World Wide Web. Web browsers Web pages URLs Web Servers Internet Explorer Netscape Audio Video Streaming Push technology Web Browsers There are several varieties of web browsers though the most commonly used on the Internet are Netscape Navigator and Microsoft Internet Explorer. All browsers use the same principle of retrieving content from the web. HTTP (Hyper Text Transfer Protocol) is the standard protocol for retrieving text and images and serving them through a browser. HTML (Hyper Text Markup Language) is the current standard for formatting web content so that it readable by browsers. When a URL is typed into a browser, it looks up the associated web server, which in turn sends back a web page. Many web pages contain portions written in languages other than HTML. Language such as Java, ActiveX, JavaScript and other scripting languages are utilized by enterprising webmasters. It is commonplace for sound and animation files are incorporated into web pages, requiring plug-ins or even third party software to be downloaded. Therefore, multiple components are working in synchronization to deliver content through browser. Web Pages At its foundation, a web page is a document written in HTML. When you click on a link within a web site or from an e-mail, you are issuing a request from a web server to display a web page. URLs file:///C|/Documents and Settings/rwilliams/Des..._Pro_Help_new_TOC/ZoneAlarmProHelp_Basics_3.htm (1 of 3) [4/12/2001 11:50:10 AM] ZoneAlarm Pro - The Web URL stands for Uniform Resource Locator. This is a series of letters separated by periods that actually represents an IP address. For example: www.cnn.com. URLs exist so that we can all remember the names of web sites, rather than having to remember a series of digits that make up an IP address, such as 123.12.123.143. Your web browser will send the URL request using HTTP. The server then locates the page (or other document) and sends it to your web browser. The result (what you see inside your browser) is the graphic interpretation of the Home Page's HTML. Web Servers Web servers are computers that send you a web page when you enter a URL in your browser. Each web server on the Internet has an IP address and could be hosting a domain. When you enter this URL in your browser: http://www.cnn.com/index.html the web server whose domain name is cnn.com receives the request from your browser. In response, the web server fetches a web page named index.html, which it sends to your browser. Any computer can act as a Web server. All that is required is server software and a live connection to the Internet. MS Internet Explorer With Internet Explorer, Microsoft's web browser, you can place web links directly as icons on the desktop. These icons can be clicked on in order to directly open a specific web site inside the Internet Explorer. With the Active Desktop, applications loading directly from the Internet can be running as minimized icons on the desktop. Netscape Netscape Communicator, like Internet Explorer, is a web browser used to locate and display Web pages. It displays graphics and text in addition to multimedia such as sound and video. Plug-ins are required for some video and audio formats. Audio file:///C|/Documents and Settings/rwilliams/Des..._Pro_Help_new_TOC/ZoneAlarmProHelp_Basics_3.htm (2 of 3) [4/12/2001 11:50:10 AM] ZoneAlarm Pro - The Web To hear a Web page that includes a RealAudio sound file, you need a RealAudio player or plug-in, a program that is freely available from a number of sites. It's also included in current versions of both Netscape Navigator and Microsoft Internet Explorer. Video The ability to transmit video, animation and graphics together in an integrated fashion is often termed multimedia. Video transmission is commonplace because with high speed connections to the Internet. However, the quality of video resolution depends on the power of the computer's video card and CPU. Streaming Streaming refers to the transmission of any form of multimedia such as audio and video. When streaming is used, the streamed data can start being displayed in your browser before the whole file has been received. In other words, you are viewing before data transmission is complete. If your machine receives streamed data more quickly than required, the excess data has to be saved in a buffer. However, if the streamed data come into your machine too slowly, data tends to congest. Push Technology Push technology is subscription service technology offering HTML pages, Java applets, multimedia objects, and ActiveX components, designed to deliver customized information to users. Examples of push technology services would be stocks and sports tickers. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des..._Pro_Help_new_TOC/ZoneAlarmProHelp_Basics_3.htm (3 of 3) [4/12/2001 11:50:10 AM] ZoneAlarm Pro - E-mail E-mail This section talks about how e-mail works within the infrastructure of the Internet and your desktop. Any e-mail software you use requires server rights. You assign these rights in the Programs panel. For your e-mail programs to work efficiently, set the allow server option for any e-mail software you use. How e-mail works E-mail software How e-mail gets to its destination E-mail security E-mail mailing lists How E-mail Works An e-mail message consists of binary data. Most e-mail messages are in the ASCII text format which is a standard that allows any computer to read it. E-mail messages are sent in the same way as most other data is sent over the Internet, via TCP/IP. TCP separates outgoing e-mail messages into IP packets, then delivers those packets to the destination indicated in the address header. Upon receipt at its destination, the packets are reassembled. Most files such as pictures, audio and executables, can be attached to an e-mail message. When these files are sent over the Internet, an encoding scheme, such as MIME or uuencode is used to encode the attachment, which will be decoded by the e-mail system at the destination. Most e-mail packages automatically and transparently decode attachments. ZoneAlarm and ZoneAlarm Pro's MailSafe feature protects your e-mailbox by allowing you to decide which kinds of e-mail attachments you are going to allow to be opened without protective intervention. After sending an e-mail message, it usually has to be sent through a number of networks before reaching its destination. Some of these e-mails use different e-mail formats. When this is the case, the network gateway will perform the task file:///C|/Documents and Settings/rwilliams/Des..._Pro_Help_new_TOC/ZoneAlarmProHelp_Basics_4.htm (1 of 3) [4/12/2001 11:50:28 AM] ZoneAlarm Pro - E-mail of translating from one e-mail format to another. This will allow the message to make its way through its path from you to the recipient. E-mail Software In order to send and receive e-mail, one needs a software package. E-mail that is sent to you is usually delivered to an e-mail server. When you want to check for new mail or open mail, your e-mail software logs on to the e-mail server to find out if there are messages addressed to you. If you have mail, you will see the list of unopened mail in your e-mail software after you click on the button or tab you use to see new mail. When you want to read a specific message in the new unopened mail, your click on the mail which tells your e-mail software to open it. How E-mail gets to its Destination You've just sent an e-mail message from Netscape Messenger or MS Outlook Express. What happens next? First, TCP breaks the e-mail message up into IP packets. Next, the packets go to a router on your LAN where the destination address is examined. If your e-mail is going to someone whose computer is on your LAN, the packets are reassembled into the original message and the e-mail is delivered without any further steps. If the e-mail is going outside your LAN, it will go through whatever firewall may be set up on your LAN. Next, the e-mail message moves on a router located outside your LAN, somewhere on the Internet. That router determines the destination from the address, then sends the e-mail on its way there. When the e-mail arrives at its destination, the gateway receives it. The gateway first reassembles all the packets that make up the e-mail using the TCP protocol. The result is that the separate packets have become an actual message again. Next, the gateway translates the reassembled e-mail message into the e-mail protocol that is used on the network. Finally, the gateway sends the message, in its reassembled and translated format, into the network where it may pass through another firewall before getting to its final destination inside the receivers e-mail software. file:///C|/Documents and Settings/rwilliams/Des..._Pro_Help_new_TOC/ZoneAlarmProHelp_Basics_4.htm (2 of 3) [4/12/2001 11:50:28 AM] ZoneAlarm Pro - E-mail E-mail Security The basic security problem surrounding e-mail is the same problem that exists with any Internet communication. That being, data communications can be intercepted. Though e-mail piracy is rare and usually is either of two extremes: one, an interception is confined to specific personal attack, or two, the attack is traced to a widespread ISP intrusion. Besides the e-mail message itself, by searching around on the Internet (chatrooms, etc.) snoopers might be able to find your e-mail address. In the past, if an Internet snooper only had your name, he or she might not be able to get ahold of your e-mail address. These days, many directories and query servers exist to trace e-mail addresses. Encryption can be used to scramble mail so that only people with the proper encryption keys are able to descramble e-mail. However, this is an arduous task and usually not worth the time to invest. The basic rule of thumb is to be careful who you communicate with and where you divulge your e-mail address on the Internet. E-mail Mailing Lists The purpose of e-mail mailing lists is to connect people who share some kind of common interest. Once you are a member of an e-mail list, whenever you send an e-mail to the mailing list, it is automatically sent to everyone on the list. When you want to get yourself put on an e-mail mailing list, you have to subscribe to that list. You do this by sending an e-mail to the mailing list administrator or to a list server. If you send your request to a list server, a computer will read your request without any human intervention and will automatically put you on the list. You can also cancel your subscription to the list by list by sending the same type of e-mail. A database resides on the computer where the mailing list is administered. When you send a subscription request, the e-mail list database will send your message to every address already on the mailing list. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des..._Pro_Help_new_TOC/ZoneAlarmProHelp_Basics_4.htm (3 of 3) [4/12/2001 11:50:28 AM] ZoneAlarm Pro - Chat Chat This section talks about how chat programs work within the infrastructure of the Internet and your desktop. Any chat software you use requires server rights. You assign these rights in the Programs panel. For your chat programs to work efficiently, set the allow server option for any chat program you use. Security Issues with Chat Webpage Chat IRC ICQ Chat Security Issues with AIM/Yahoo/MSN Messenger Security Issues with Chat With the popularity of Internet chat software comes a need for awareness of the potential pitfalls. The nature of Internet vandalism is such that individuals with hacking/cracking ability are drawn to areas of the Internet where a large number of potential targets congregate. Many people ask the simple question, "What would a hacker want from me if my machine doesn't have anything interesting on it?" Typically, what they want from you is your IP address so they can proxy off your machine and perform anonymous attacks elsewhere. It is also typical for vandals to have no real agenda and just decide to create confusion and be an annoyance. The only way someone can get your IP address is if you provide it to them or if they can engage you in conversation. Webpage Chat To start chatting using Webpage chat, all you need is an Internet connection and a web browser that supports Java. Internet Explorer and Netscape both allow you to conduct webpage chat. file:///C|/Documents and Settings/rwilliams/Des..._Pro_Help_new_TOC/ZoneAlarmProHelp_Basics_5.htm (1 of 3) [4/12/2001 11:50:37 AM] ZoneAlarm Pro - Chat IRC IRC (Internet Relay Chat) is the most popular messaging application on the Internet. To run IRC, you need an IRC client program running on your PC. mIRC is the most widely used Windows IRC client software. After IRC software is installed on your machine, you need to connect to the IRC server. Next, you can join a channel, then you start typing your chat talk which will be viewable by everyone else "inside the room." Security Issues: Security threats exist when you are using IRC chat software. Threats include: ● Hijacking IRC numbers (your identity on their system) ● ● ● Nuking (blue screen attacks) Automated scripts that bounce users off servers Stealing bandwidth to run Eggdrop, which is a secure chat shell, then kill the "guardian" IRC bots that patrol IRC servers The strategy hackers use is to scan machines in IRC channels in order to determine whether or not they are running some sort of Trojan. This server can be proxied through which is the main objective of the intruder. The guardian IRC bots are looking for unauthorized scripts and scans that slow traffic down across their network. Also, the bots track chatrooms in order to see if any users are proxying (masking their IPs by using another machine for their connection). Additionally, as a default, the IRC bots assume if the IP address of where you are originating supports SOCKS, then it is possible that you are proxying and it hence, it bounces you off their server. ICQ Chat file:///C|/Documents and Settings/rwilliams/Des..._Pro_Help_new_TOC/ZoneAlarmProHelp_Basics_5.htm (2 of 3) [4/12/2001 11:50:37 AM] ZoneAlarm Pro - Chat ICQ is another widespread chat program in use on the Internet. Vulnerabilities are similar to that IRC except there are no automated guardian bots. In inordinate amount of spam passes through ICQ due to the software's features set, some people use it to handle their e-mail. Security Issues: Like IRC, ICQ has a vast userbase where identity hijacking is a potential threat. You can configure ICQ so that people are can contact you. You can also configure ICQ to ensure that you approved those who are contacting you. The ICQ default is to let anyone contact you. ICQ is equipped with file transfer capabilities that hackers use to transmit viruses, nukes and Trojans. You can also send and receive attachments via ICQ's built in e-mail program. In terms of firewall protection, ICQ randomizes the port numbers it uses on the operating system, making blocking potential threats difficult. The approach here is to use common sense in configuring your settings as to what data to allow through. Security Issues with AIM/Yahoo/MSN Messenger If you use these chat programs you would want to make sure the file transfer capabilities are used with caution. Transferring files through messenger programs are a typical way Trojan Horses, viruses and worms are transmitted. BACK HOME Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des..._Pro_Help_new_TOC/ZoneAlarmProHelp_Basics_5.htm (3 of 3) [4/12/2001 11:50:37 AM] Zone Labs: About Us: Privacy Select One... Privacy Policy This privacy statement discloses the privacy practices for www.zonelabs.com. Zone Labs, Inc. ("Zone Labs") has created this privacy policy to demonstrate our strong commitment to privacy. The following statement explains our information-gathering and dissemination practices for our site (the "Site") on the World Wide Web. This policy may change from time to time so please check back periodically. Zone Labs uses "Digital River, Inc.," a third party provider of e-commerce solutions, and back-end facilitator to process your credit card information. Click here to read the Digital River Privacy Statement. For more information about the Zone Labs privacy statement, please see the following Frequently Asked Questions (FAQs). We have established the following guiding principles for our privacy policy and practices: Principle 1. Zone Labs lets you visit the Site without revealing any information about yourself. We do, however, keep track of the domains from which people visit us on the World Wide Web, and log IP addresses for statistical purposes to identify trends and the results of our marketing efforts in aggregate. IP addresses are not linked to "Personally Identifiable Information" (see below). We also use this information to help diagnose problems with our server and to administer the Site. Principle 2. Some Zone Labs products ask you for "Personally Identifiable Information" as part of the registration process, including your connection type and number of computers. You choose whether or not to provide this information without affecting the product's performance. If you choose to provide us with Personally Identifiable Information, we use this information to notify you about product upgrades, updates, and new products. Zone Labs keeps your Personally Identifiable Information confidential and does not sell, trade or exchange mailing lists with any organization. Zone Labs maintains this information for not less than two but not more than four years, and will only disclose your Personally Identifiable Information to third parties if acting under good faith belief that such action is necessary to (1) conform to legal requirements; (2) protect and defend the rights or property of Zone Labs; or (3) enforce the Zone Labs Terms of Service. Principle 3. Zone Labs will not send you any unsolicited information, including email, except where you authorize us to do so. Principle 4. At your request, Zone Labs will change or delete your information and not use it for further contact with you. To request that your information be changed or deleted and not used for further contact with you, please e-mail us at privacy@zonelabs.com or write to us at Attn: Privacy Contact, Zone Labs, Inc., 1060 Howard Street, San Francisco, CA 94103. Principle 5. Zone Labs collects and uses information that can be divided into the following categories: Registration Information: This is information that you provide during the ZoneAlarm or http://www.zonelabs.com/aboutus/privacy.html (1 of 4) [4/12/2001 11:50:58 AM] Zone Labs: About Us: Privacy ZoneAlarm Pro product registration download process. You provide your first and last name, email address, and information about your use of ZoneAlarm or ZoneAlarm Pro. Personally Identifiable Information: This is optional information that you may choose to provide to us. If you choose to provide Personally Identifiable Information, we will only use this information to notify you about product upgrades, product updates and new products. In addition, internal security provides that this information is coded with restricted access, and our servers are kept in a secure, locked environment. Credit Card Information: Zone Labs uses "Digital River, Inc.," a third party provider of e-commerce solutions, and back-end facilitator to process your credit card information. Click here to read the Digital River Privacy Statement. Your credit card information does not pass through the Zone Labs Site under the terms of Zone Labs' agreement with Digital River. Digital River keeps your credit card information confidential and protects your credit card information through the use of industry-standard Secure Sockets (SSL) encryption technology. Use of Information for Analyzing Security Breaches: If the Zone Labs product detects a security threat to your computer, you can click on the "More Information" button from the product dialogue box. At that point, the product sends the information about the threat and your IP address to the Zone Labs Site to be analyzed. Zone Labs will send you more specific guidance about the security information. Zone Labs will not release your IP address or any Personally Identifiable Information that could be extracted from your IP address to any third party. No-Cookie Policy: "Cookies" are small pieces of information that your browser stores on your computer on behalf of a Web site that you have visited. The Zone Labs Site does not use cookies. Digital River's cookies are used only to identify the customer, not to identify any specific customer traits. This allows Digital River to maintain consistency in the shopping basket and enable a more pleasant shopping experience. Click here to read the Digital River Privacy Statement. Principle 6. Zone Labs' Site contains links to other web sites. Please note that when you click on one of these links, you are moving to another web site. We encourage you to read the privacy statements of these linked sites - as well as any site on the World Wide Web - as their privacy policy may differ from ours. Principle 7. Zone Labs will post on its home page (www.zonelabs.com) notification of any changes to this Privacy Policy, with a direct link to the new policy statement(s). What Constitutes My Acceptance of this Privacy Policy? By using the Site or any services provided through the Site, you expressly consent to the use and disclosure of information as described in this Privacy Policy. Zone Labs reserves the right to change this Privacy Policy at any time by electronic notice posted on our Site. Your continued use of our Site after the date that such notices are posted will be deemed to be your agreement to the changed terms. Contacting the Site If you have any questions about this privacy statement, the practices of this Site, or your dealings with this Site, you can contact us: By Email privacy@zonelabs.com By Mail http://www.zonelabs.com/aboutus/privacy.html (2 of 4) [4/12/2001 11:50:58 AM] Zone Labs: About Us: Privacy Attn: Privacy Contact Zone Labs, Inc. 1060 Howard Street San Francisco, CA 94103 If at any time, you believe that Zone Labs has not adhered to these principles, please notify us by email at privacy@zonelabs.com or by writing to Attn: Privacy Contact, Zone Labs, Inc., 1060 Howard Street, San Francisco, CA 94103, and we will make all commercially reasonable efforts to promptly determine and correct the problem. Frequently Asked Questions What information does Zone Labs collect about me, and how will this information be used? Zone Labs collects and uses information that can be divided into the following categories: Registration Information: This is information that you provide and input during the ZoneAlarm or ZoneAlarm Pro product registration download process. You provide your first and last name, email address, and information about your use of ZoneAlarm or ZoneAlarm Pro. Personally Identifiable Information: This is opt-in information that you may choose to provide to us. If you choose to provide Personally Identifiable Information, we will only use this information to notify you about product upgrades, product updates and new products. Credit Card Information: Zone Labs uses "Digital River, Inc.," a third party provider of e-commerce solutions, and back-end facilitator to process your credit card information. Click here to read the Digital River Privacy Statement. Your credit card information does not pass through the Zone Labs Site under the terms of Zone Labs agreement with Digital River. Digital River keeps your credit card information confidential and protects your credit card information through the use of industry-standard Secure Sockets (SSL) encryption technology. Use of Information for Analyzing Security Breaches: If the ZoneAlarm product detects a security threat to your computer, you can click on the "More Information" button from the ZoneAlarm dialogue box. At that point, the ZoneAlarm product sends the information about the threat and your IP address to the Zone Labs Site to be analyzed. ZoneAlarm will send you more specific guidance about the security information. Zone Labs will not release your IP address and any Personally Identifiable Information that could be extracted from your IP address to any third party. What about cookies? "Cookies" are small pieces of information that your browser stores on your computer on behalf of a website that you have visited. The Zone Labs website does not use cookies. DigitalRiver's cookies are used only to identify the customer, not to identify any specific customer traits. This allows DigitalRiver to maintain consistency in the shopping basket and enable a more pleasant shopping experience. Click here to read the Digital River Privacy Statement. Privacy Policies of Other Sites on the World Wide Web Zone Labs' site contains links to other sites. Zone Labs is not responsible for the privacy practices or the content of such other websites and recommends that you review the privacy policies of other sites on the World Wide Web that you visit. What constitutes my acceptance of this privacy policy? http://www.zonelabs.com/aboutus/privacy.html (3 of 4) [4/12/2001 11:50:58 AM] Zone Labs: About Us: Privacy By using the Site or any services provided through the Site, you expressly consent to the use and disclosure of information as described in this Privacy Policy. Zone Labs reserves the right to change this Privacy Policy at any time by electronic notice posted on our Site. Your continued use of our Site after the date that such notices are posted will be deemed to be your agreement to the changed terms. Contacting the Site If you have any questions about this privacy statement, the practices of this Site, or your dealings with this Site, you can contact us in the following ways: By email: privacy@zonelabs.com By Mail: Attn: Privacy Contact Zone Labs, Inc. 1060 Howard Street San Francisco, CA 94103 Copyright ©1999-2001 Zone Labs, Inc., 1060 Howard Street, San Francisco, CA 94103, USA. All rights reserved. All other trademarks are the property of their respective owners. http://www.zonelabs.com/aboutus/privacy.html (4 of 4) [4/12/2001 11:50:58 AM] Zone Labs ZoneAlarm Pro ZoneAlarm Pro is compatible with Windows 95/98/Me/NT/2000. Zone Labs Enterprise Sales Hundreds of thousands of enterprise desktops are secured by Zone Labs ZoneAlarm FREE Download New ZoneAlarm Pro Affiliate Program Become a ZoneAlarm Pro Affiliate ZoneAlarm™ is essential for DSL and Cable modem users, providing rock-solid protection against Internet thieves, vandals and hackers - stopping them dead in their tracks. If you can't be seen, you can't be attacked! More than 9 million PC users have downloaded ZoneAlarm. Shouldn't you? News Important update release for ZoneAlarm Pro ZoneAlarm is compatible with Windows 95/98/Me/NT/2000. Zone Labs Launches Security Resource Center "[ZoneAlarm Pro is] Excellent! Buy it, even if you have a hardware firewall..." Full article Announcing Zone Labs http://www.zonelabs.com/ (1 of 2) [4/12/2001 11:51:10 AM] Zone Labs Integrity Zone Labs Teams Up with VPN Vendors Zone Labs Forms Strategic Technology Partnership with SafeNet Zone Labs Teams Up with NEC Home Office Computing declares ZoneAlarm a winner MSNBC, CNET, PC World, and ZDNET are some of our fans Copyright ©1999-2001 Zone Labs, Inc., 1060 Howard Street, San Francisco, CA 94103, USA. All rights reserved. All other trademarks are the property of their respective owners. Privacy Policy http://www.zonelabs.com/ (2 of 2) [4/12/2001 11:51:10 AM] Zone Alarm Pro Help The Change Registration button Click on the Change Registration button to review or modify your ZoneAlarm Pro registration information. Provide any new information, such as a new name or e-mail address, in the Registration Information dialog, shown below. If your PC is not for business use, put your name in the company field. If you make any changes to the registration information, ZoneAlarm Pro will automatically reregister for you. ZoneAlarm Pro displays the date and time of your last registration BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/change_registration.htm [4/12/2001 11:52:30 AM] Zone Alarm Pro Help Check for Update Press the Check for Update button to see if a newer version is available for download from the Zone Labs web site. If a response to the affirmative is not provided, that indicates that no update is available. ZoneAlarm Pro can perform this check automatically by checking the automatic check for update checkbox. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/check_for_updates.htm [4/12/2001 11:52:31 AM] ZoneAlarm Pro - Firewall Alerts More Info Button Firewall Alerts There are two types of firewall alerts: Cautious and Urgent, each displayed with a color code to identify severity. An orange title band means the alert is of a cautious nature. Alerts generated by a potentially problematic source are identified by a red title band. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/firewallalerts.htm (1 of 2) [4/12/2001 11:52:31 AM] ZoneAlarm Pro - Firewall Alerts In the example above, a telnet attempt was made from an unknown source. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/firewallalerts.htm (2 of 2) [4/12/2001 11:52:31 AM] ZoneAlarm Pro - Change Default Settings Change Default Settings Go through the ZoneAlarm Pro panels to change default security settings if they don't suit your needs. Consider the MailSafe example What are default settings? Remove the Deskband Toolbar Internet Zone Custom setting defaults Consider the MailSafe example Consider the way default settings are set for MailSafe. Just like any other default setting, you can easily change it to fit your specific security needs. To change a MailSafe default setting, deselect specific e-mail attachment file types, such as .hlp or .scr, that are selected by default in the MailSafe panel. Deselecting these file types will allow attachments of the deselected file types to be opened from within your e-mail system. They will thus not be quarantined by ZoneAlarm Pro's firewall. This is a change of the default setting. The default MailSafe setting is that all file types in the dialog are preselected as quarantined. This gives your machine maximum protection. What are default values? file:///C|/Documents and Settings/rwilliams/Deskto..._Help_new_TOC/Getting_Started_Tutorial_Default.htm (1 of 4) [4/12/2001 11:52:31 AM] ZoneAlarm Pro - Change Default Settings Default values are security options that are set as turned on when ZoneAlarm Pro is installed. If you downloaded the product as a single user, the default options that are set at installation time represent ZoneLabs' judgment of optimal security settings on your machine. If your system administrator was the person who configured and installed your copy of ZoneAlarm Pro, those values represent your company's security strategy. You can change these options by going into each panel and changing the selections. Most options are changed by selecting or deselecting the checkboxes and radio buttons in each panel. Remove the Desk Band Toolbar from your desktop Another default setting you can change is the display of the Desk Band Toolbar. After installation, the toolbar is hidden by default. It shows Internet traffic, allows you to easily turn on the Internet Lock, and does other things. In Windows 95 and Windows NT: If you would prefer to have the Deskband Toolbar displayed, go to the the Configuration panel and deselect the Show shell toolbar checkbox that was selected by default when ZoneAlarm Pro was installed: Internet Zone Custom Setting defaults file:///C|/Documents and Settings/rwilliams/Deskto..._Help_new_TOC/Getting_Started_Tutorial_Default.htm (2 of 4) [4/12/2001 11:52:31 AM] ZoneAlarm Pro - Change Default Settings A more complex default setting concerns incoming UDP through a specific port number. By default, Internet Zone security is set to High. It can be a bad idea to lower this default setting unless you have a good reason. This is because the High security setting gives you maximum protection. But there's no problem with changing Internet Zone custom settings when you have a good reason; for example the publisher of the software you are using specifically recommends that you open a specific port for Internet access. Let's say the software publisher instructs you to allow incoming UDP from the Internet through port 139. Remember that, by default, incoming and outgoing UDP ports are blocked by High Internet Zone Security. To change the default setting so that incoming UDP is allowed through port 139, go to the Internet Zone Custom Settings panel, and scroll down a bit. Next, select the checkbox as shown below: file:///C|/Documents and Settings/rwilliams/Deskto..._Help_new_TOC/Getting_Started_Tutorial_Default.htm (3 of 4) [4/12/2001 11:52:31 AM] ZoneAlarm Pro - Change Default Settings Next, enter the port number in the Ports field that is automatically created when you've checked the Allow incoming UDP ports checkbox. After clicking OK, the port number is listed to the right of the selected checkbox. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskto..._Help_new_TOC/Getting_Started_Tutorial_Default.htm (4 of 4) [4/12/2001 11:52:31 AM] ZoneAlarm Pro - Add a Computer to the Local Zone Add a Computer to the Local Zone You can access the Local Zone by going to the Security Panel and clicking the Advanced button. Steps to Add a Computer Home Users LAN Users Networks Other Computers Steps to Add a Computer To open the dialog: 1. Click on Advanced 2. Choose Local Zone Contents file:///C|/Documents and Settings/rwilliams/Deskt...lp_new_TOC/How_to_add_sites_to_the_Local_zone.htm (1 of 5) [4/12/2001 11:52:32 AM] ZoneAlarm Pro - Add a Computer to the Local Zone 3. To add a computer or IP address, click on the Add button. 4. You have 4 choices: file:///C|/Documents and Settings/rwilliams/Deskt...lp_new_TOC/How_to_add_sites_to_the_Local_zone.htm (2 of 5) [4/12/2001 11:52:32 AM] ZoneAlarm Pro - Add a Computer to the Local Zone 5. Click on IP Address to add your next door neighbor's computer identified by IP address. 6. Enter a short description and your neighbor's IP address, then click OK: You'll see your friend's computer, including the description you entered, displayed under Other Computers. This means that it is now in the Local Zone. Therefore, ZoneAlarm Pro will allow you to communicate with your neighbor over the Internet. Other computers won't have that privilege because you have not told ZoneAlarm Pro you trust them. Home Users If you are a single user at home, you are not required to use this dialog because your PC is probably the only machine you are trying to protect. As a single user, you don't really need to add any more computers in order to work safely. The Networks section of the dialog will always have an entry in it displaying the subnet your modem or DSL connection installed on your machine. You don't need to place a checkmark in this area if you are working by yourself. The Other Computers section is where you add any trusted web site or the IP address of a computer that you trust and want to do file sharing with. file:///C|/Documents and Settings/rwilliams/Deskt...lp_new_TOC/How_to_add_sites_to_the_Local_zone.htm (3 of 5) [4/12/2001 11:52:32 AM] ZoneAlarm Pro - Add a Computer to the Local Zone LAN Users If you are working as part of a Local Area Network (LAN), make sure the entry in the Networks section has a checkmark next to it if it represents the subnet of your LAN adapter. The red checkmark tells ZoneAlarm Pro that you trust your LAN connection and that you really want to share connectivity with the users on that LAN. If your company or work group has more than one subnet, you need to go to the Other Computers section to add the subnets that are not identified by the LAN adapter on your machine. ZoneAlarm Pro picked the network subnet up from your LAN adapter at installation time and placed it in the Networks section. You have to manually add additional subnets you have in your organization by clicking on the Add button then entering the IP address and subnet mask in the Other Computers section of this dialog: With ZoneAlarm Pro installed and running, all the IP addresses of subnets that are not identified in your LAN adapter have to be included here so that applications residing on those subnets can be accessed from your PC whenever Local Zone security is set to Medium or High. Networks The Networks section lists subnets identified by your LAN adapter or by your DSL or dial-up modem connection to the Internet: The checkmark identifies the adapter as something you want ZoneAlarm to allow your PC to communicate with. Once the network is checked, you can access programs and sites located on the subnet. Remember that if you are a single user, you don't need to worry about checking anything in this dialog until you become part of a LAN or for certain VPN installations. Other Computers file:///C|/Documents and Settings/rwilliams/Deskt...lp_new_TOC/How_to_add_sites_to_the_Local_zone.htm (4 of 5) [4/12/2001 11:52:32 AM] ZoneAlarm Pro - Add a Computer to the Local Zone The Other Computers section is where you add IP addresses representing computers and web sites located on other LANs or somewhere on the Internet. You add them because you know enough about them to allow connections with them over the Internet. Any web sites and computers you add here will be those that are not specifically part of the LAN identified by your LAN adapter. If you are a home user, this is where you add web sites and addresses that you know well enough to place inside your Local Zone. An individual user would use this dialog to add any computer other than his or her own PC that is familiar enough to be trusted. For LAN users, if your company or work group has more than one subnet, here is where you add IP addresses of the subnets not identified by your LAN adapter. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...lp_new_TOC/How_to_add_sites_to_the_Local_zone.htm (5 of 5) [4/12/2001 11:52:32 AM] ZoneAlarm Pro - How to Allow or Block Specific Ports How to Allow or Block Specific Ports You can open specific ports on your computer in three separate dialogs. Internet Zone Custom Settings in Security Panel Local Zone Custom Settings in Security Panel Options Button in Programs Panel Internet Zone Custom Settings in Security Panel Many of the checkboxes in the Internet Zone Custom Settings panel provide the ability to open a specific port for a specific protocol when Internet Zone security is set to High. In the lower portion of the panel, similar checkboxes allow you to block specific ports when your Internet Zone security is set to Medium. The checkboxes you check represent exceptions to your Internet Zone security settings. file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/How_to_allow_ports.htm (1 of 7) [4/12/2001 11:52:33 AM] ZoneAlarm Pro - How to Allow or Block Specific Ports Example: Port 139 There's no problem with changing Internet Zone custom settings when you have a good reason. For example, the publisher of the software you are using specifically recommends that you open a specific port for Internet access. To change the default setting so that incoming UDP is allowed through port 139, go to the Internet Zone Custom Settings panel, and scroll down a bit. Next, select the checkbox shown below: file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/How_to_allow_ports.htm (2 of 7) [4/12/2001 11:52:33 AM] ZoneAlarm Pro - How to Allow or Block Specific Ports Next, enter the port number in the Ports field that is automatically created when you've checked the Allow incoming UDP ports checkbox. Local Zone Custom Settings in Security Panel file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/How_to_allow_ports.htm (3 of 7) [4/12/2001 11:52:33 AM] ZoneAlarm Pro - How to Allow or Block Specific Ports Many of the checkboxes in the Local Zone Custom Settings panel provide the ability to close a specific port for a specific protocol when Internet Zone security is set to Medium. In the lower portion of the panel, similar checkboxes allow you to block specific ports when your Internet Zone security is set to Medium. The checkboxes you check represent exceptions to your Local Zone security settings. Options Button in Programs Panel file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/How_to_allow_ports.htm (4 of 7) [4/12/2001 11:52:33 AM] ZoneAlarm Pro - How to Allow or Block Specific Ports In the Programs panel, click on the Ports tab to specify the specific port that an application is allowed to use for Internet access. For example, to specify a specific port for Microsoft Outlook, click on the Options button on the Internet Explorer line in the Programs List. Allow access to all ports and protocols: allows the program to have Internet connections via all ports. Allow access for ONLY the ports checked below: limits the program's connections to the protocols and ports with checkmarks. The IGMP and ICMP checkboxes are selected by default as the protocols you will limit the program's connections to. file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/How_to_allow_ports.htm (5 of 7) [4/12/2001 11:52:33 AM] ZoneAlarm Pro - How to Allow or Block Specific Ports Allow access for any port EXCEPT for those checked below: allows connections to every protocol and port that is not checked in the list. The IGMP and ICMP checkboxes are selected by default. All protocols and ports not checked in the list are allowed. To add a port or range of ports to this list, 1. Click on the Add button 2. When you click on a server-specific choice like Mail Servers, ZoneAlarm Pro adds the ports used by the server type and each entry is preselected. For ease of use, three ports are added for Mail Servers. You can deselect any that you may want to omit from the authorized list. All three mail server ports remain selected in the list shown below: Click on Custom to define a single TCP or UDP port, or a range of ports: Clicking on Custom displays the Add a range of ports dialog: file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/How_to_allow_ports.htm (6 of 7) [4/12/2001 11:52:33 AM] ZoneAlarm Pro - How to Allow or Block Specific Ports In the Description field: Type in a meaningful name for the port or range of ports you're adding. Then, click on OK to add the port(s), which will be displayed in the Ports panel. The dialog above mentions that the PC has a total of 65,535 ports. When adding a port, the first thing to do is to specify whether the port, or range of ports, is TCP, UDP or both. For example, DNS uses port 53, which is a TCP port. DHCP uses port 67, which is a UDP port. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/How_to_allow_ports.htm (7 of 7) [4/12/2001 11:52:33 AM] Zone Alarm Pro Help Log File Panel When you instruct ZoneAlarm Pro to save alerts in the Alert Log, every alert you receive will be entered into a file named ZALog.txt. You can find this file in a folder called Internet Logs in your Windows install directory. Archiving Logs Archiving Logs The buttons on the left side of the Log File panel allow you to archive your Alert Log on a daily, weekly or monthly basis. By selecting one of these options, you are telling ZoneAlarm Pro to create a fresh ZALog.txt file on a daily, weekly or monthly basis. Whenever the archiving takes place, the previous file is renamed using the current date. An example of a renamed archived log file created on February 30, 2001 is ZALog2001.02.30.txt. When you archive your log file on a regular basis, you'll be able to read the file more easily and be able to find a specific alert more quickly. On the other hand, you can retain the default setting and never archive the log. Archive Log options: Never: This is the default setting: never archive your log file. Daily: Refresh your log file every day. Weekly: Refresh your log file every week. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/log_file_panel.htm (1 of 2) [4/12/2001 11:52:33 AM] Zone Alarm Pro Help Monthly: Refresh your log file once a month. Separate fields options: Each entry in the log file is a series of characters. Some people prefer to have these fields separated with spaces for readability. Select your preferred separator: Tab: Fields in the log will be separated by Tabs Comma: Commas will separate log fields Semicolon: Fields in the log will be separated by semicolons. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/log_file_panel.htm (2 of 2) [4/12/2001 11:52:33 AM] ZoneAlarm Pro - MD5 MD5 Checksum If you run Netstat or another port monitoring utility, you might notice an unidentified application listening on a given port. On that same note, you might even notice an application listening on a port when ZoneAlarm Pro did not request permission for it to access the Internet. Applications in the Programs List not allowed to connect are the usual culprits here. On the surface, it is easy to misconstrue listening on a port as a breach of security but in fact, ZoneAlarm Pro is performing exactly as designed. ZoneAlarm Pro's dual-layer security architecture actually allows traffic that attempts to bypass a normal socket layer to pass through to the point where it reaches the firewall. Thus, in a "listening" state. At that point, having the impression that it successfully bypassed the port, the application may attempt to communicate to the Internet. ZoneAlarm Pro intercepts that communication. This design enhances protection of trusted applications as well. ZoneAlarm Pro has a full stateful inspection firewall enhanced with TrueVector Technology. ZoneAlarm Pro authenticates applications through an MD5 checksum, a process that detects and prevents Trojans renamed as legitimate applications from getting through. The full stateful inspection firewall is enhanced with True Vector to have one main rule: "Don't let anything in or out." After that rule, it goes on to check whether applications are allowed or disallowed, verifies ports and protocols, and specifies configurations and so forth. Many of the other firewalls today, do their application verification process through name recognition. Hackers can easily exploit this weakness. In a matter of minutes, a hacker can create his or her own malicious application that has the same name or properties as a legitimate application and it will glide through the firewall. With ZoneAlarm Pro, even if a hacker changes the name of an application to make it look legitimate, it will still be stopped file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/md5.htm (1 of 2) [4/12/2001 11:52:33 AM] ZoneAlarm Pro - MD5 because of the MD5 Checksum verification process. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/md5.htm (2 of 2) [4/12/2001 11:52:33 AM] Zone Alarm Pro Help More Info Option From an alert popup, clicking More Info: sends information about the alert to the Zone Labs Alert Analyzer. It launches the user's browser and displays a page with the following information: ● A synopsis of the source and destination IP addresses and ports, the program name and file name of the program associated with the alert, if known ● ● ● A link to query the ARIN whois database for the source or destination IP address. ARIN is the American Registry for Internet Numbers. You can learn more about ARIN here. ARIN provides administrative contact information about the upstream provider for the IP address. It does NOT identify the computer For the most common alerts, a brief article explaining what might be causing the alert Links to FAQ articles on the Zone Labs web site Since the More Info button directs your browser to a site on the Internet, users have the option of hiding their IP address. Select one of the three radio buttons to indicate whether or not you want to take advantage of the IP address hiding feature: ● Don't hide local IP address: Select this radio button if you want to allow the full display of your IP address in the Analyzer. ● Hide local IP address: Select this radio button to display a series of XXXXXXXX instead of your IP address on the Analyzer. This choice prevents file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/more_info_option.htm (1 of 2) [4/12/2001 11:52:33 AM] Zone Alarm Pro Help any digit of your IP address from being displayed. ● Hide last octet of local IP Address: Select this radio button to hide only the final digits of your IP address. This causes a short series of XXXX to be displayed at the end of your IP address on the Analyzer. This choice provides good security also. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/more_info_option.htm (2 of 2) [4/12/2001 11:52:33 AM] ZoneAlarm Pro - How to Allow or Block Specific Ports Network Auto Detection If you do not know what a network is, you probably don't have one that you would want to put into your trusted Local Zone. If that is the case, stop reading and answer NO to this pop-up. Answering no will not prevent you from accessing the Internet. How do I answer the New Network popup? ● Step 1: Determine what type of network or networks you are on. ● Step 2: Determine which network the pop-up is asking you about. ● Step 3: Decide if you want to share files and printers over this network What type of network am I on? A network is very simply a group of computers your computer connects with, and you probably have at least one network. Examples of networks: 1. If you get Internet access through your Internet Service Provider (ISP) via dial-up or high-speed modem, you are on a remote network with other users of that ISP. 2. If your home or small business computer is linked to other computers to share file:///C|/Documents and Settings/rwilliams/Desk...eAlarm_Pro_Help_new_TOC/netdetect_new_dialup.htm (1 of 2) [4/12/2001 11:52:33 AM] ZoneAlarm Pro - How to Allow or Block Specific Ports printers, files or other services, you are on a network. 3. If you are linked to other computers in a work or corporate setting to share company resources, you are on a network. Shortcut: If you know that your only network is a remote ISP network (#1 above), stop reading and answer No to this pop up. Otherwise, read on: Which network is this pop-up about? ZoneAlarm Pro has determined that the network identified in this pop-up is a dial-up network. If your only dial-up network is your ISP, answer NO to the pop-up. When you have multiple networks, ZoneAlarm Pro detects each of these networks separately. That means you must determine which network this pop-up is asking you about. To do this, find out the IP address of any networks that are NOT your remote ISP network and see if they match the IP address in the pop-up. Found a match? If so, go to step 3 to determine if you want to put the network into your Local Zone. No match? Then this is most likely your remote ISP network and you should answer No to this pop-up. Determine if you want to share files Determine if you want to share files or printers on this network. By adding this network into you Local Zone, you will be able to enable file and printer sharing between you and the other people on this network. Therefore, if you know and trust the people on this network and you think you want to share resources on this network, answer YES to this pop-up. Otherwise, answer NO. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...eAlarm_Pro_Help_new_TOC/netdetect_new_dialup.htm (2 of 2) [4/12/2001 11:52:33 AM] ZoneAlarm Pro - How to Allow or Block Specific Ports Network Auto Detection If you do not know what a network is, you probably don't have one that you would want to put into your trusted Local Zone. If that is the case, stop reading and answer NO to this pop-up. Answering no will not prevent you from accessing the Internet. How do I answer the New Network popup? ● Step 1: Determine what type of network or networks you are on. ● Step 2: Determine which network the pop-up is asking you about. ● Step 3: Decide if you want to share files and printers over this network What type of network am I on? A network is very simply a group of computers your computer connects with, and you probably have at least one network. Examples of networks: 1. If you get Internet access through your Internet Service Provider (ISP) via dial-up or high-speed modem, you are on a remote network with other users of that ISP. file:///C|/Documents and Settings/rwilliams/Deskt...neAlarm_Pro_Help_new_TOC/netdetect_new_direct.htm (1 of 2) [4/12/2001 11:52:34 AM] ZoneAlarm Pro - How to Allow or Block Specific Ports 2. If your home or small business computer is linked to other computers to share printers, files or other services, you are on a network. 3. If you are linked to other computers in a work or corporate setting to share company resources, you are on a network. Shortcut: If you know that your only network is a remote ISP network (#1 above), stop reading and answer No to this pop up. Otherwise, read on: Which network is this pop-up about? When you have multiple networks, ZoneAlarm Pro detects each of these networks separately. That means you must determine which network this pop-up is asking you about. To do this, find out the IP address of any networks that are NOT your remote ISP network and see if they match the IP address in the pop-up. Found a match? If so, go to step 3 to determine if you want to put the network into your Local Zone. No match? Then this is most likely your remote ISP network and you should answer No to this pop-up. Determine if you want to share files Determine if you want to share files or printers on this network. By adding this network into you Local Zone, you will be able to enable file and printer sharing between you and the other people on this network. Therefore, if you know and trust the people on this network and you think you want to share resources on this network, answer YES to this pop-up. Otherwise, answer NO. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...neAlarm_Pro_Help_new_TOC/netdetect_new_direct.htm (2 of 2) [4/12/2001 11:52:34 AM] Zone Alarm Pro Help Program Permissions The Access permissions panel is displayed when you select the Options button on the Programs panel or when you right-click on a program then select Options from the popup menu. The radio buttons on this panel allow you define precise permissions for each of your programs. Use the yellow section of this panel to define, for a specific program, access permissions to computers or addresses defined in your Local Zone. Use the blue section to grant programs access permissions to computers and addresses in the Internet Zone. In addition, the yellow and blue sections allow you to define whether or not your programs can act as servers listening for connections from computers from either of those zones: yellow for the Local Zone, blue for the Internet Zone. Left-side buttons: Radio buttons on the left side control whether or not individual programs can actually make an Internet connection, or whether the program needs your permission each time. Right-side buttons: Radio buttons on the right side control whether or not the program can receive incoming Internet connections as a server. If your program changes frequently and it is accessing the Internet, use the Identify program by full path name only checkbox or the Changes Frequently popup menu. By selecting one of these choices for a specific program, you are instructing ZoneAlarm Pro to look only at the path name when it runs its identification at the time of Internet access. file:///C|/Documents and Settings/rwilliams/Desk...neAlarm_Pro_Help_new_TOC/program_permissions.htm (1 of 2) [4/12/2001 11:52:34 AM] Zone Alarm Pro Help If you don't check either one for a program that you are developing, a new instance of the program will be added to the program list whenever a new version connects to the Internet. You can also click on the Changes Frequently popup to set screening by path name only by checking the box next to Identify program by full path name only. This means that ZoneAlarm Pro will not enforce other checking rules. It will not, for example, check for file size. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...neAlarm_Pro_Help_new_TOC/program_permissions.htm (2 of 2) [4/12/2001 11:52:34 AM] Zone Alarm Pro Help First-time Settings for Programs When you click on the Advanced button on the Programs Panel, you are ready to set up access rights for any of your programs that have not yet accessed the Internet. This means programs that are not yet on the Program List. The connection permissions you define here will be in effect for every first-time Internet connection one of your program's attempts. Use the two tabs at the top of the dialog to set your first-time permissions, Access Permissions and Alerts and Functionality. Access Permissions Alerts and Functionality Access Permissions This dialog gives you the control you need to set separate permissions for programs passing through Local Zone computers to make their connections, and those trying to make a connection through Internet Zone. The first row of radio buttons controls Local Zone connections. Local Zone buttons: The first set of radio buttons controls whether or not programs can connect to the Internet when the connection passes through elements in your Local Zone. Or whether they must ask your permission each time. Internet Zone buttons:The radio buttons in the second row control whether your programs can make an Internet connection when it goes through Internet Zone computers. Check the Identify Program by full pathname only checkbox if you feel comfortable having ZoneAlarm Pro checking only the pathname statistics, such as c:\program files\cherios. This choice will cause ZoneAlarm Pro not to check program size and other statistics. Alerts and Functionality file:///C|/Documents and Settings/rwilliams/Deskt...neAlarm_Pro_Help_new_TOC/right_click_programs.htm (1 of 2) [4/12/2001 11:52:34 AM] Zone Alarm Pro Help In this panel, you can have ZoneAlarm Pro alert you when access is denied when new programs attempt a connection. You can set an option here to protect your machine if ZoneAlarm Pro is shut down: specifically, you can deny access if you set the Always Ask Permission option in the first tab of this panel. Select Show alert when Internet access is denied if you want to see an alert each time a Internet connection to computers in either zone is attempted for the first time by one of your programs. Select Deny access if permission is set to "ask" to stop any new program from connecting to the Internet if ZoneAlarm Pro is shut down. Select Require administrative privileges to only allow a program temporary access to the Internet if administrator privileges are set. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...neAlarm_Pro_Help_new_TOC/right_click_programs.htm (2 of 2) [4/12/2001 11:52:34 AM] ZoneAlarm Pro - Installing ZoneAlarm Pro on a Server Installing ZoneAlarm Pro on a Server The important concept to bear in mind is that ZoneAlarm Pro is a desktop firewall designed to protect the computer it is installed on. This can include a server but it will protect the server itself, not the entire network. By default, ZoneAlarm Pro treats all IP traffic as untrusted Internet traffic and therefore shields your PC from potential harm. This shielding will consequently block users attempting to access the server unless ZoneAlarm Pro is configured to allow access to trusted users. Allowing trusted users and applications into the server requires configuring the Local Zone. Installing ZoneAlarm Pro on a server must take into account the possibility of multiple subnets, DNS, domain controllers, any software that requires access to the Internet as well as specialized services such as VPN. To do this, open ZoneAlarm Pro, and click the Security Panel. Click on the advanced button and click on the Local Zone contents tab. Click the add button and enter the following information into the Local Zone: ● All of your internal LAN/WAN subnets that interact with this server. These can be Class A, B, or C networks, such as 10.0.0.0, subnet 255.0.0.0 ● ● ● DNS servers if they are not on your internal network Any Gateways or VPN's that are not part of your internal network Any trusted static external IP addresses Check here for additional tips on adding computers, domains and IP addresses to your Local Zone. Adding trusted IP sources to your Local Zone will ensure that normal internal network traffic will proceed unhindered, while at the same time protecting the server from any requests that come in from the Internet. There is one other very important point that you must address. When a Program Alert pop-up appears from ZoneAlarm Pro asking for permission for an application to access the Internet, all network traffic is halted. When traffic is halted, computers attached to the server risk being disconnected from the LAN. This situation can be dealt with easily by defining the default application privileges. Setting Application Permissions Click on the Programs Panel and select the Advanced button. In the access permissions tab, select whether you want newly detected applications to be allowed to access the local network or the Internet as well as act as servers for either. Do not set any option to ask, or you will be risking a loss of network connectivity due to a Program Alert popup. Initially it will be best to allow all and after running the server for a while you will be able to review your program list and either change the permissions for individual applications, or wholly revoke permission for any further new applications from accessing the Internet. In either case, make sure your Program List is defined before changing the default behavior. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/server.htm (1 of 2) [4/12/2001 11:52:34 AM] ZoneAlarm Pro - Installing ZoneAlarm Pro on a Server Server rights are for applications which listen to incoming connections but do not initiate them. Applications such as IIS and FTP servers work in this way. When an application is granted server rights it is allowed to receive anonymous incoming requests intended for that application. An application that is granted server rights can be probed with a port scan. Unfortunately this cannot be avoided as these are usually public servers and intended for others to contact. Ports that are not in use by the server application will continue to be "stealthed." For any other questions please contact the support staff or your sales contact at Zone Labs. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/server.htm (2 of 2) [4/12/2001 11:52:34 AM] Zone Alarm Pro Help The Set Password Button Setting a password ensures that only authorized users have access to each individual copy of ZoneAlarm Pro. Use the Set Password pushbutton If you are not using the established password Why set up a password? Use the Set Password pushbutton Use the Set Password pushbutton to enter a password or to change your current password. After setting a password, use the Login pushbutton to turn on the administrative privileges controlled by your password. These privileges let you to use the Advanced pushbuttons in the Security panel and the Programs panel, or to uninstall the product. If you try to use a ZoneAlarm Pro function that is password-protected when not logged on, this dialog will be displayed. Whenever this dialog is displayed, enter your password directly in the dialog or click on the Login button in the Configuration panel to enter your password. This will allow you to to make changes to the Firewall or to uninstall the product. The checkbox at the bottom of the dialog will always be checked if company policy establishes centralized control of employees' ZoneAlarm Pro passwords. The System Administrator of your organization has the exclusive right to maintain passwords to ensure Internet security in the organization. In such cases, individual ZoneAlarm Pro users will only be able to enter a password in this dialog. The ability to change a password will not ba available in the Set Password dialog. If you are using the established password file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/set_password.htm (1 of 2) [4/12/2001 11:52:35 AM] Zone Alarm Pro Help When a password is set up and you have not logged in with that password, only the three fields shown below can be modified. All other settings are protected by the established password: in the Configuration panel in the Alerts panel Why set up a password? Establishing a password gives you extra protection against anyone but you making changes to ZoneAlarm Pro. Password protection gives you these advantages: ■ Keeps unauthorized users from logging on to ZoneAlarm Pro without using the authorized password ■ Prevents unauthorized users from modifying security levels you've established for Zones and Programs ■ Keeps anyone except authorized users from shutting down ZoneAlarm Pro because the password is required to shut down ZoneAlarm Pro ■ Prevents users from changing lock settings on the Lock Panel ■ Prevents users from adding members to or removing members from the Local Zone or the Internet Zone. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/set_password.htm (2 of 2) [4/12/2001 11:52:35 AM] Zone Alarm Pro Help The Alerts Panel The Alerts icon is located at the top of the panel. Click on the "Alerts" button to display the entire Alerts panel. Alerts Icon Statistics Advanced More Info Alerts Icon Notice the two sets of UP/DN (Up/Down) graphs inside the Alerts icon. On your machine, whenever data is being sent to the Internet, red bars are displayed inside the two UP graphs. Whenever data is being received (downloaded), green bars are displayed inside the DN graphs. ● The two graphs in the top portion of the icon display Internet traffic as it happens. ● The two graphs in the lower portion of the icon display a chronological history of Internet traffic as it is generated on your machine. ● Whenever red or green flashing bars appear in the Alerts icon, the application receiving or sending traffic is shown as a blinking icon inside the Programs icon. Statistics Use the Alerts panel to see statistics on Internet alerts since you launched ZoneAlarm Pro. At the top of the panel, Today's Summary shows the total amount of data sent and received by all applications. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_alerts_panel.htm (1 of 2) [4/12/2001 11:52:35 AM] Zone Alarm Pro Help Advanced Click on this button to: ● Stop display of your IP address when you use the More Info button ● Suppress specific alert types ● Select options about the behavior of the Alert Log. In the Alert Settings area, at the bottom of the panel, select the first checkbox to save Alerts to a text file. Click on the Advanced button, then Log File tab to set up an archiving schedule for the Log file. More Info Use this button to submit alert information to the Zone Labs Alert Analyzer. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_alerts_panel.htm (2 of 2) [4/12/2001 11:52:35 AM] Zone Alarm Pro Help The Configure Panel Click on the Configure button to display the Configuration Panel. This button is located directly below the Help button in the top right corner of ZoneAlarm Pro Options Windows 95 and NT Options Use the checkboxes and pushbuttons in the Configuration Panel to determine: ● Whether, on your computer screen, ZoneAlarm Pro should be displayed ON TOP OF other applications when Internet activity is detected ● Whether the shell tool bar should be displayed ● Whether ZoneAlarm Pro should load when you start your computer ● To check for product updates ● To set your password ● To change your ZoneAlarm Pro License Key ● To change the registration information you've submitted to Zone Labs file:///C|/Documents and Settings/rwilliams/Deskt...oneAlarm_Pro_Help_new_TOC/the_configure_panel.htm (1 of 3) [4/12/2001 11:52:35 AM] Zone Alarm Pro Help The first checkbox on the Configuration Panel is On top during Internet activity. This checkbox controls whether or not ZoneAlarm Pro will be displayed ON TOP of other applications whenever Internet activity is detected. The Load ZoneAlarm at Startup checkbox is selected by default. This causes ZoneAlarm Pro to be loaded when you start your computer. If you uncheck this checkbox, Internet traffic monitoring will not begin until you start ZoneAlarm Pro on your machine. Click on the Set Password pushbutton to set or modify a password. Once your password is set, use the "Login" pushbutton to login to ZoneAlarm Pro using your password. License key Your License Key is a number that you receive from Zone Labs. It indicates that you are the owner of a valid license for ZoneAlarm Pro. If you did not enter your License Key number when you installed the product, you can do so at any time by clicking on the Change Key button. When you click on the Change Key button, the License info dialog will be displayed: Enter your License key in the dialog, the click on the Go button. Windows 95 and NT Older versions of Windows 95 or Windows NT (those without the Windows Shell Update) let you choose a "Show shell toolbar" checkbox. Under newer versions and Windows 98 or Windows 2000, this option is part of the Windows Shell. See the Desk Band Toolbar for more information. file:///C|/Documents and Settings/rwilliams/Deskt...oneAlarm_Pro_Help_new_TOC/the_configure_panel.htm (2 of 3) [4/12/2001 11:52:35 AM] Zone Alarm Pro Help BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...oneAlarm_Pro_Help_new_TOC/the_configure_panel.htm (3 of 3) [4/12/2001 11:52:35 AM] Zone Alarm Pro Help The General Tab Use the General Tab to set up ZoneAlarm Pro's ICS and NAT support. To set up our NAT and ICS support, these two conditions must first be met: ● ICS or NAT implementation software must first be used to set up the host and client machine relationships on your network ● ZoneAlarm Pro must be installed on all machines in the network: on the host machine and on each client machine Overview Internet Connection Sharing General Settings Network Settings Overview In the Internet Connection Sharing area, select one of the buttons to define your machine as a client machine, a gateway machine, or neither. In the General Settings area located at the bottom of the panel, you can select one or more checkboxes to block fragmented IP packets or servers. Internet Connection Sharing file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_general_tab.htm (1 of 3) [4/12/2001 11:52:35 AM] Zone Alarm Pro Help This computer is not on an ICS network - establishes that your PC is not an ICS gateway. This is the default setting. This computer is a client of an ICS gateway running ZA Pro - defines your machine as an ICS client and to activate the Gateway Address selection. This computer is an ICS gateway - defines your machine as an ICS gateway and activates the Local Address selection. Forward alerts from gateway to this computer - Select this checkbox if alerts generated by the gateway computer should be displayed on the client. With this checkbox selected, you can keep an eye on Internet connection traffic by viewing generated alerts. Suppress alerts locally if forwarded to clients - Select this checkbox to prevent the gateway PC from forwarding Internet connection messages to ICS clients. General Settings Blocking and managing fragmented IP packets is one of the basic requirements of a modern firewall. This is because fragmented packets can be used to pass through firewalls. Select one or more checkboxes to block IP fragments and/or server connections on the gateway machine for the entire ICS network, or for an individual machine. Three checkboxes are located at the bottom of the General panel: Block all fragments - Use this selection to prevent fragment (smurf) attacks. Selecting this checkbox to block fragmented IP packets. This will simply cause all fragmented packets to be dropped. Even though fragmented IP packets are rare, they can be used to get around firewalls in the form of a fragment attack. When the Block all Fragments is set on your machine, you might experience Internet connection problems but you will enjoy complete protection against fragment attacks. Block local servers - This checkbox allows you to prevent computers in your Local Zone from using servers running on your machine. If you select this checkbox, you can go to the Programs panel to earmark specific programs as exceptions that will still be Allowed to access servers in the Local Zone. Selecting the Block local servers option allows you to be certain that no Local Zone computers can access servers running on your machine. If you want to block the majority of inbound server connections using this option, but would like to allow specific programs to access your servers, remember to use the Allow Server option in the Programs panel. Block Internet servers - This option allows you to be certain that no Internet Zone computers can access servers running on your machine. If you select this checkbox, you can go to the Programs panel to earmark specific programs as exceptions that will still be Allowed to access servers on the Internet. Network Settings file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_general_tab.htm (2 of 3) [4/12/2001 11:52:35 AM] Zone Alarm Pro Help The selection for Network Settings controls how ZoneAlarm Pro will react upon detecting a new network. When ZoneAlarm Pro is first installed, or if the computer has changed networks, it will detect your network. Here is where you set how you would like new networks to be handled when detected: automatically included, excluded, or to be asked each time. The default and recommended action is that you let it ask each time to be sure it is correct. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_general_tab.htm (3 of 3) [4/12/2001 11:52:35 AM] Zone Alarm Pro Help Internet Zone Custom Settings tab When you set up custom settings in this dialog, you are setting up exceptions to the established rules for High and Medium security. Even though you used the sliders in the Security panel to establish default Internet zone security, you can use the checkboxes in this dialog to establish customized security settings that will either allow or block specific protocols to your Internet zone: ● Set High Security exceptions by selecting checkboxes that allow incoming and outgoing protocols. You can select settings like Allow incoming ping or Allow outgoing ping in this section of the dialog. These selections slightly lower your high security profile. ● Set Medium Security exceptions by selecting checkboxes that block incoming and outgoing protocols. You can select settings like Block incoming ping or Block outgoing ping in this section of the dialog. These setting slightly increase the level of security in your Medium security profile. Before scrolling down the main body of the dialog, you see the High Security Settings for the Internet Zone. These settings are displayed as checkboxes for you to turn on or off. Select any exceptions to your high security profile that you want to allow in or out of your machine. Scroll down to the area where Medium Security Settings for the Internet Zone are set. In this section, select any exceptions to your medium security profile that you want to block from your machine. file:///C|/Documents and Settings/rwilliams/Desk...rm_Pro_Help_new_TOC/the_internet_zone_custom.htm (1 of 2) [4/12/2001 11:52:35 AM] Zone Alarm Pro Help BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...rm_Pro_Help_new_TOC/the_internet_zone_custom.htm (2 of 2) [4/12/2001 11:52:35 AM] Zone Alarm Pro Help Local Zone Contents tab This is where you populate your Local Zone with the computers and IP addresses that ZoneAlarm Pro will protect. Use this panel to add any of the following to your Local Zone: ● Web sites ● IP addresses or ranges of IPs ● Subnets General Configuration Networks Section General Configuration The Local Zone Contents tab lets you add other computers to your Local Zone. Pressing the Add button gives you the choice to add a host (or site) by name, an IP address, a range of IP addresses, or an IP subnet. When a red checkmark appears in the checkbox, this means that the element is an active member of your Local Zone. Uncheck the checkbox if you want to remove the element from active membership in your Local Zone, but retain it on your list for later. file:///C|/Documents and Settings/rwilliams/Deskt...larm_Pro_Help_new_TOC/the_local_zone_contents.htm (1 of 2) [4/12/2001 11:52:36 AM] Zone Alarm Pro Help Add Options: Host/Site - Adds a computer name to your Local Zone. You'll be prompted to enter the name of the computer, and you can enter either a domain-style name (such as "ftp.zonelabs.com") or a Windows-style name (such as "FTPSERVER"). Please note that a single computer name might refer to more than one actual computer, if two or more servers cooperate to balance their loads. If this is the case, all the matching computers will be added to the Local Zone. IP Address - Adds a single IP Address that refers to a single computer to your Local Zone. IP Range - Adding an IP range adds a series of consecutive IP addresses to your Local Zone. IP Subnet - Adds a subnet to your Local Zone. This is useful in offices where the Local-Area Network is divided into multiple subnets. For example, if the Network printer is on a different subnet than your computer, the Dynamic Firewall will block access to the printer. Adding the printer's subnet to the Local Zone enables you to use the Network printer from your computer, as well as any other services, such as file-shares and computers on the printer's subnet. If you are in a corporate setting, your computer may be part of a larger corporate network. This network might be divided into smaller networks, or subnets. ZoneAlarm Pro will not recognize the subnets that your computer is not on as being part of your Local Zone. This becomes a problem if your computer is on a different subnet than certain resources such as a network printer and file-shares. The Advanced Properties of the Dynamic Firewall enable you to add such a resource to your Local Zone. Networks Section The Networks section lists all your network and dialup adapters. Checking an adapter automatically adds all the other computers in that network adapter's local subnet to the local zone. If your network is a small local area network, this automatically adds all the nearby computers to your local zone. If your computer is part of a Local Area Network, you will need to place a checkmark next to the network adapter cards under Networks. This will ensure that you have access to necessary resources of your Local Area Network. A note for Cable modem users: If you use a network adapter card connected directly to a cable modem to connect to the Internet, you will want to leave the cable subnets unchecked, to prevent your neighbors from being able to access your computer. If these default settings for the Local Zone don't meet your needs, ZoneAlarm Pro lets you add computers and networks of computers to your Local Zone. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...larm_Pro_Help_new_TOC/the_local_zone_contents.htm (2 of 2) [4/12/2001 11:52:36 AM] Zone Alarm Pro Help Local Zone Custom Settings tab The Local Zone Custom Settings dialog enables you to change ZoneAlarm Pro's default security settings. When you set up custom settings in this dialog, you are setting up exceptions to your established rules for High and Medium security. Even though you used the sliders in the Security panel to establish default Local zone security, you can use the checkboxes in this dialog to establish customized security settings that will either allow or block specific protocols into your Local zone: ● Set High Security exceptions by selecting checkboxes that allow incoming and outgoing protocols. You can select settings like "Allow IGMP" or Allow incoming UDP Ports in this section of the dialog. These selections slightly lower your high security profile. ● Set Medium Security exceptions by selecting checkboxes that block incoming and outgoing protocols. In this section of the dialog, you can select settings like Block NetBIOS or Block incoming TCP Ports in this section of the dialog. These setting slightly increase the level of security in your Medium security profile. Before scrolling down the main body of the dialog, you see the High Security Settings for the Local Zone. These settings are displayed as checkboxes for you to turn on or off. Select any exceptions to your high security profile that you want to allow in or out of your machine. Scroll down to the area where Medium Security Settings for the Local Zone are set. In this section, select any exceptions to your medium security profile that you want to block from your machine. file:///C|/Documents and Settings/rwilliams/Deskt...larm_Pro_Help_new_TOC/the_local_zone_settings.htm (1 of 2) [4/12/2001 11:52:36 AM] Zone Alarm Pro Help BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...larm_Pro_Help_new_TOC/the_local_zone_settings.htm (2 of 2) [4/12/2001 11:52:36 AM] Zone Alarm Pro Help The Lock Panel Click on the "Lock" button to display the entire Lock panel, where you can set options for the Internet Lock. The Lock button is located at the bottom of the Lock Icon, shown below. A locked or unlocked padlock is displayed in the middle of the icon. To immediately turn Internet access on or off for all the applications installed on your machine that are not set to bypass the lock, click directly on the padlock. Lock Button Configuring the Lock The Lock Button When the Timer Bar below the Lock button is green, the Internet Lock is not on. This means that ZoneAlarm Pro is allowing Internet traffic in and out of your computer. If the timer bar displays a countdown timer, this is the time remaining before the Automatic Lock will engage. When the timer bar is red, the lock is closed and no in-and-out Internet traffic is allowed. When the lock is closed, the countdown timer counts upwards, showing the amount of time the lock has been active. Configuring the Lock When expanded, the Internet lock settings panel allows you to configure the Automatic Lock. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_lock_panel.htm (1 of 2) [4/12/2001 11:52:36 AM] Zone Alarm Pro Help You can choose to lock Internet access automatically when your screen saver activates or after a period of Internet inactivity on your computer. If Internet access is locked when the screen saver activates, it will be unlocked when the screen saver is deactivated. Note, however, that if the Automatic Lock is engaged by the period of inactivity option, you will need to click on the Lock button to unlock Internet Access. The Lock Mode for the Automatic Lock can be set so that "Pass Lock programs may access the Internet". This allows Internet activity for applications that have been given rights to bypass the lock. Typically programs like e-mail clients will be set to check for e-mail while other applications are denied Internet Access. High Security mode will STOP all applications' Internet activity regardless of the program's access settings. See Programs for more information. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_lock_panel.htm (2 of 2) [4/12/2001 11:52:36 AM] Zone Alarm Pro Help MailSafe can be enabled or disabled via the Security Panel MailSafe identifies potentially harmful scripts in e-mail attachments, then disables the script's ability to execute by changing the file type. MailSafe does not replace the functionality of a virus scanner. Rather, it quarantines the potentially harmful attachments and provides you the opportunity to keep the identified script program from running. MailSafe works with Internet mail clients that use POP3 and IMAP, the most common Internet e-mail protocols. Quarantined Files ZoneAlarm Pro's MailSafe feature renames their extension to .zl* (the * representing a number or a letter -- either 0-9 or a-z). Options at this point are to either highlight the attachment within the e-mail itself and rename the extension to what it should be (if it is known to you as a valid file) or double-click on the attachment. Double-clicking the quarantined file launches a wizard which provides options for opening, deleting, renaming or checking further on the validity of the e-mail and the attachment. Configuring MailSafe Clicking on the Configure pushbutton within the Security Panel, opens the MailSafe options tab. By default, every file type in the list is selected for quarantining. This provides maximum protection. If you specifically do not want protection against any of the file types on the list, deselect the corresponding checkbox. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_mailsafe_tab.htm (1 of 3) [4/12/2001 11:52:36 AM] Zone Alarm Pro Help You can select from nearly 40 file types that you want MailSafe to quarantine: ● .VBS Visual Basic script: many viruses are sent with this extension ● .EXE executable file ● .COM executable file ● .VB Visual Basic file ● .JS Java Script file ● .BAT Batch file ● .CHM Compiled HTML ● .COM MS-DOS app ● .SCR Screen Saver ● .LNK Shortcut ● and many more If the file type you are looking for not in the selectable list shown below, you can add it yourself by clicking on the Add button. In the Add e-mail attachment type dialog, enter a description and, in the second field, the file type you want ZoneAlarm Pro to quarantine. Useful Tips ● ● Even when running ZoneAlarm Pro with MailSafe active, it is important to use an anti-virus scanner. If you use MailSafe, then it is advised to turn off the e-mail scanner within your anti-virus software. If you are using McAfee's VShield and ZoneAlarm's deskband: 1. Exit McAfee's VShield from the system tray 2. Right click on the task bar to launch the zone alarm desk band file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_mailsafe_tab.htm (2 of 3) [4/12/2001 11:52:36 AM] Zone Alarm Pro Help 3. Load McAfee's Vshield from the McAfee anti-virus's options --->V shield's properties ------->clicking OK and clicking "yes " when promoted "Do you want to load V shield now?" McAfee's Vshield and ZA/ZAP should now function together. ● ● When using Web-based e-mail, such as Yahoo or Hotmail, MailSafe will not quarantine e-mail attachments that arrive via those systems. If you are testing the functionality of MailSafe, keep in mind that if mail is received from the same MS Exchange server it was sent from, MailSafe will not register the file. Thus, you cannot test MailSafe by sending yourself a .VBS or other file intended to test quarantine. For tests not on the same Exchange server, go to the Security panel, click Configure to ensure that the extensions coming through are in the list of suppressed attachments. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_mailsafe_tab.htm (3 of 3) [4/12/2001 11:52:36 AM] Zone Alarm Pro Help Ports Tab The Ports tab enables you to specify ports and protocols that an application is permitted to use. The title bar, at the top of the Ports tab, displays the program name you are defining port access for, such as Outlook Express or Netscape Navigator. Radio buttons on the dialog Right-hand Options Adding port access permissions Adding custom ports Radio buttons on the dialog Select Allow access to all ports and protocols to allow your program unlimited access (all ports and protocols). Select Allow access for ONLY the ports checked below to place port and protocol restrictions between each of your applications and the Internet. Allow access to all ports and protocols: Allows the program to have Internet connections via all ports. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_ports_tab.htm (1 of 3) [4/12/2001 11:52:36 AM] Zone Alarm Pro Help Allow access for ONLY Allows the program access only via any protocol or port the ports checked that is selected with a check mark below: Limits the program's connections to the protocols and ports with checkmarks. The IGMP and ICMP checkboxes selected by default as the protocols you will limit the program's connections to. Allow access for any port EXCEPT for those Allows the program access via all ports and protocols checked below: except those checked. Allows connections to every protocol and port that is not checked in the list below. The IGMP and ICMP checkboxes are selected by default as the port types denied to the program's for Internet access utilization. Right-hand Options Click on to add a port or range of ports for which permission can be included or excluded for the selected program Click on to remove any ports already defined for the application Adding port access permissions Clicking on the Add button displays the popup shown below, which has a number of server-specific entries, such as Web Servers and Mail Servers: When a server-specific choice such as Mail Servers is selected, ZoneAlarm Pro adds the most common default ports used by the server type. For example, three ports are added for Mail Servers, SMTP, POP and IMAP. Though, different mail server types have their own requirements which you can verify through your mail server documentation. You might not need IMAP for instance. Preselected entries are customizable. In the example below, all three mail server ports remain selected. You would need to know what type of protocol your mail server uses. In most cases with ISPs, it will be POP. Also, if your mail server uses IDENT, you might need to open port 113 for example. Adding Custom ports file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_ports_tab.htm (2 of 3) [4/12/2001 11:52:36 AM] Zone Alarm Pro Help Click on Custom to define a single TCP or UDP port, or a range of ports: Clicking on Custom displays the Add a range of ports dialog: As the dialog mentions, your machine has a total of 65,535 ports. When adding a port, the first thing to do is to specify whether the port, or range of ports, is TCP, UDP or both. For example, DNS uses port 53, which is a TCP port. DHCP uses port 67, which is a UDP port. Description field: Type in any name for the port or range of ports you're adding. Click on OK to add the port(s), which will be displayed in the Ports panel. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/the_ports_tab.htm (3 of 3) [4/12/2001 11:52:36 AM] Zone Alarm Pro Help The Programs Panel The Programs panel is where programs and their connection options are added. To get to this panel, click on "Programs" in the main panel. Program List Advanced Options Options Program List The main portion of the Programs panel is the Program List. This is the list of programs installed on your machine that have attempted to connect to the Internet. Use this panel to control the connection behavior of any program on the list or to add programs to the Program List before they try to connect to the Internet. Adding a program is a good way to prevent a program from connecting to the Internet except under conditions you establish. In the Programs panel, you can also specify and differentiate each program's access rights for the Local Zone and/or the Internet Zone. The Allow server column lets you control which applications can perform server functions. ZoneAlarm Pro allows you to place additional programs in the Program List, then right-click on any program to establish more stringent connectivity permission rules that prevent connections based on specific ports that you identify using the Ports tab. You can also STOP your applications from acting as maliciously-listening servers who will want to get at your files. Advanced Options file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/the_programs_panel.htm (1 of 2) [4/12/2001 11:52:37 AM] Zone Alarm Pro Help The Advanced button controls first-time access rights for new programs as they try to access the Internet from your computer. This is very useful for anyone running a server, for example, who will not be actually sitting in front of the computer when the server is going to be receiving connections. Go to the Allow connect column in the main body of the panel to change a program's basic access rights. Click directly on the . . . to change the access level from ? to check mark to X. Click on the . . . in the same way in the Allow server column. Options Click on the Options button and then the Ports tab to limit the way a program connects to specific ports. Use the Access Permissions tab as another way to grant connection and server rights to a program. In the Program column, the program's name and version number are displayed. Run your mouse over the program name to see more statistics: ● Product name ● The name of the file used to access the Internet ● The location of the file ● Product version ● Creation date and file size Right-click on a program to remove it or to severely restrict the program's Internet access permissions. You can also add a new program by right-clicking. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/the_programs_panel.htm (2 of 2) [4/12/2001 11:52:37 AM] Zone Alarm Pro Help Restricted Zone Tab The Restricted Zone enables you to identify specific web sites and IP addresses and earmark them as being denied access to and from your computer. Click on the Restricted Zone tab to relegate any IP address or range of addresses to a totally isolated zone vis-à-vis your machine or LAN. Any IP addresses you place in this zone will neither be reachable by your users nor will that IP address be able to have access your network. This means complete isolation of any address you place in the Restricted Zone. Add Options: Clicking Add allows you to define an IP address or a range of IP addresses that will not be able to have any relationship to your trusted Local Zone of computers. Once you have entered IP addresses in this zone, ZoneAlarm Pro will filter out any communications to and from those addresses. The following are the options under "Add": Host/Site - Adds a computer name to your Restricted Zone. You'll be prompted to enter the name of the computer, and you can enter either a domain-style name (such as "ftp.zonelabs.com") or a Windows-style name (such as "FTPSERVER"). Remember that a single computer name might refer to more than one actual computer. If this is the case, all the matching computers will be added to the Restricted Zone. IP Address - Adds a single IP Address that refers to a single computer to your Restricted Zone. IP Range - Adding an IP range adds a series of consecutive IP addresses to your Restricted Zone. IP Subnet - Adds a subnet to your Restricted Zone. file:///C|/Documents and Settings/rwilliams/Deskt...larm_Pro_Help_new_TOC/the_restricted_zone_tab.htm (1 of 2) [4/12/2001 11:52:37 AM] Zone Alarm Pro Help BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...larm_Pro_Help_new_TOC/the_restricted_zone_tab.htm (2 of 2) [4/12/2001 11:52:37 AM] Zone Alarm Pro Help The Security Panel The Security panel is the best protection tool you can use to screen and quarantine unwanted Internet visitors and connection attempts. To begin setting up protection levels for the Local and the Internet Zones, use your mouse to drag the security level selectors up or down. Customizing MailSafe Security Levels Customizing To further customize overall settings at the protocol level, click on the Advanced button to open the Local Zone Custom Settings or the Internet Zone Custom Settings panel. Use those panels to restrict access to each zone by protocol or port type. Which protocol or port types are you going to allow in or keep out of each zone? You can define specific restrictions or exceptions here, such as denying access to your Local Zone via UDP or TCP ports. You are in control against the Internet world! You can also use the Advanced button to add computers to your Local and Restricted Zones. As a shortcut, click on this button to start customizing your Local Zone. As a shortcut, click on this button start customizing your Internet Zone. MailSafe Turn on MailSafe by placing a checkmark in the box for "MailSafe e-mail protection" at the bottom of the panel. After turning on MailSafe, click on the Configure button to specify the types of e-mail attachments you want ZoneAlarm Pro to protect you against. MailSafe protects your computer from a wide variety of e-mail attachments such as VBScript and JavaScript. These e-mail attachments can do damage by taking control of your system. Security Levels The Local and Internet Zone each have a security level selector, which you can drag up and down to change the security level. file:///C|/Documents and Settings/rwilliams/Deskt...ZoneAlarm_Pro_Help_new_TOC/the_security_panel.htm (1 of 2) [4/12/2001 11:52:37 AM] Zone Alarm Pro Help Local Zone security is displayed in green, and Internet Zone security in blue. The default settings are: ● Medium for the Local Zone ● High for the Internet Zone As levels increase, the dynamic firewall places more access restrictions to your computer to protect you from potential threats. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...ZoneAlarm_Pro_Help_new_TOC/the_security_panel.htm (2 of 2) [4/12/2001 11:52:37 AM] ZoneAlarm Pro - Changed Program Alert Changed Program Do you want to allow a specific program to access the Internet? What is a changed program? What should I answer? How do I know what program is trying to gain access? What else should I know? For further Information What is a changed program? CAUTION! A changed program is a program that has asked you for Internet or local network access rights in the past but has now CHANGED in some way. When a program changes, ZoneAlarm Pro requires the program to ask for permission again so you're best protected. How should I answer? A changed program can be safe If you've updated or reinstalled this program since the last time it accessed the Internet or local network or if this program automatically updates itself, it could show up as a changed program. If this is the case, it is probably safe to grant access rights to this program. A changed program can be dangerous! If you did not update this program since the last time it accessed the Internet or local network, it could be a malicious program planted on your computer that imitates a legitimate program. If this is the case, do not give this program access rights. After you deny access rights, investigate the program as follows: ● Make a note of the program name, file name, and path of this program. Scan the file with your current virus scanner. ● If you have a dedicated Trojan scanner, scan with that as well. Make sure your virus or Trojan definitions are up to date. file:///C|/Documents and Settings/rwilliams/Des...eAlarm_Pro_Help_new_TOC/zap_changed_program.htm (1 of 3) [4/12/2001 11:52:38 AM] ZoneAlarm Pro - Changed Program Alert ● Check with the company Web site or Help support for the changed program, to see if there are any legitimate reasons why the program might change. Consider all of the above before deciding if your decision was right. You may change your decision at any time in the Programs panel. How do I find out what the program is that that's asking for access? Sometimes you can tell what a program is by its name; other times you may not. An unfamiliar program may be an important component of a known program, and may be needed by the known program in order to function: ● "Services and controller app" is a Windows component used by Microsoft Internet Explorer(TM) to access the Internet. ● "Microsoft Windows(TM) Messaging Subsystem Spooler" is a component of Microsoft Outlook(TM), used to get e-mail. Therefore, some unfamiliar programs do need Internet access. Other unfamiliar programs, however, may be potentially harmful. If you don't recognize a program, start by reading our FAQ for a list of commonly unrecognized programs. If you can't find your answer there, try entering the program name into a search engine. What else should I know? There are a few ways you may answer a pop-up: ● Answer, "Yes," to give a program access rights just this one time. The next time the program needs to access the Internet , it will ask again. ● Answer, "No," to deny access rights just this one time. The next time the program needs to access the Internet, it will ask again. ● If you check, "Remember this answer the next time I use this program," before you click "Yes," or "No," the program will NOT ask you again. Your answer will be saved and applied each time the program tries to access the local network or the Internet. You may change your answer any time in the Programs panel for any program by clicking on the interface. A red X = deny access, a green checkmark = allow access, a black ? means ask me every time. file:///C|/Documents and Settings/rwilliams/Des...eAlarm_Pro_Help_new_TOC/zap_changed_program.htm (2 of 3) [4/12/2001 11:52:38 AM] ZoneAlarm Pro - Changed Program Alert For further information Knowledgebase Main Page Zone Labs Home Page Zone Labs Support Page BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...eAlarm_Pro_Help_new_TOC/zap_changed_program.htm (3 of 3) [4/12/2001 11:52:38 AM] ZoneAlarm Pro - Server program alert Server program ZoneAlarm has detected a program attempting to connect to, or to accept a connection from, the network. More Information Detailed Information For further Information More Information The AlertAnalyzer is not able to determine whether this is a new, changed, repeat, or server program. The following general information is offered to help you understand the alert you received from ZoneAlarm or ZoneAlarm Pro. Detailed Information Rest assured, that ZoneAlarm or ZoneAlarm Pro will not permit this application to communicate with the local network or the Internet, until you give permission. Some alerts result from not configuring ZoneAlarm or ZoneAlarm Pro optimally for your applications, your network or your ISP. To assist you in configuring and using ZoneAlarm, check out our Frequently Asked Questions pages, which are accessible from http://www.zonelabs.com/support.htm. Technical support is available via e-mail at support@zonelabs.com for questions not answered on the web site. A wealth of information about firewalls and the interpretation of alerts can be found on the Internet. The Usenet newsgroup comp.security.firewalls, and the security-oriented discussion groups in the ShieldsUp section of grc.com, are particularly good sources of information. For further information file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/zap_server_program.htm (1 of 2) [4/12/2001 11:52:39 AM] ZoneAlarm Pro - Server program alert Knowledgebase Main Page Zone Labs Home Page Zone Labs Support Page BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/zap_server_program.htm (2 of 2) [4/12/2001 11:52:39 AM] ZoneAlarm Pro - The Internet Lock The Internet Lock When you see a potential security problem arising, you can quickly activate the Internet Lock to completely stop applications on your computer from sending and receiving data via the Internet. This is a fast and efficient protection method. When the lock is on, no data can enter or leave your computer through connections to the Internet, unless they are set to pass lock. Opening and Closing the Lock You know the Internet Lock is open when the Timer Bar below the padlock is green. While the lock is open, ZoneAlarm Pro allows Internet traffic in and out of your computer. When a red Timer Bar is displayed containing a time stamp, the Internet Lock is closed and has been in effect for the length of time indicated. No Internet traffic is allowed, except pass lock programs. To close the lock, simply click on the green lock button when it shows "Unlocked". To unlock it, click on the red padlock. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp11.htm [4/12/2001 11:52:39 AM] ZoneAlarm Pro - Program Permissions Program Permissions When a program attempts to access the Internet for the first time, ZoneAlarm Pro displays an alert, like the one shown below, and asks if you want to give that program permission to access the Internet. Program Permission Options Program Permission Options ● ● ● ● Selecting Yes allows the program to access the Internet until you quit the program. Selecting No denies the program Internet access until you close the program and open it again. The default Internet access mode for all applications is to ask for permission each time you run the program. Check Remember the answer each time I use this program checkbox to enforce your Yes or No decision without ZoneAlarm Pro displaying the alert again. This is useful for programs that you always grant Internet access to, like your web browser. file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp14.htm (1 of 2) [4/12/2001 11:52:39 AM] ZoneAlarm Pro - Program Permissions The Programs panel allows you to specify different access permissions for a program to each Zone. For example, you can allow an FTP Client access to the full Internet, but restrict your e-mail program to the Local zone. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp14.htm (2 of 2) [4/12/2001 11:52:39 AM] ZoneAlarm Pro - System Tray Alerts and Popups System Tray Alerts and Popups ZoneAlarm Pro's System Tray icon displays a flashing blue "a" as a silent alert indicator letting you know a communication from the Internet has been blocked. The blue "a" will display with either the ZA logo or.... green/red traffic bars. An alert display would look like this if the Internet Lock is activated. The checkbox shown above is at the bottom of the Alerts panel. Leaving the "Show alert popup window" option box unchecked will prevent popups, but it will allow the blue flashing 'a'. To suppress the 'a' from flashing you would need to let ZoneAlarm Pro your alert notification preferences. Click on the Advanced button in the Alerts panel then go to the Suppress Alerts tab. file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp16.htm (1 of 3) [4/12/2001 11:52:40 AM] ZoneAlarm Pro - System Tray Alerts and Popups Check any boxes for the type of alerts you do not want to see. Bear in mind, suppressing alerts will also disable the logging of the types of alerts you suppressed. file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp16.htm (2 of 3) [4/12/2001 11:52:40 AM] ZoneAlarm Pro - System Tray Alerts and Popups When the checkbox shown above is checked, ZoneAlarm Pro will display an alert popup whenever it blocks an Internet communication. A sample alert popup is shown here. This example contains the following information: the source and destination of the communication attempt ● the port and protocol utilized ● the time and date of the blocked communication ● In the case of a blocked outgoing communication request, the alert will include the application that was blocked ● Most alerts will display a More Info button. Click on the More Info button to send the alert information to the Zone Labs Alert Analyzer for in-depth analysis of the alert. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp16.htm (3 of 3) [4/12/2001 11:52:40 AM] ZoneAlarm Pro - More Info Option More Info Option From an alert popup, clicking More Info: sends information about the alert to the Zone Labs Alert Analyzer. It launches the user's browser and displays a page with the following information: ● A synopsis of the source and destination IP addresses and ports, the program name and file name of the program associated with the alert, if known ● ● ● A link to query the ARIN whois database for the source or destination IP address. ARIN is the American Registry for Internet Numbers. You can learn more about ARIN here. ARIN provides administrative contact information about the upstream provider for the IP address. It does NOT identify the computer For the most common alerts, a brief article explaining what might be causing the alert Links to FAQ articles on the Zone Labs web site Since the More Info button directs your browser to a site on the Internet, users have the option of hiding their IP address. Select one of the three radio buttons to indicate whether or not you want to take advantage of the IP address hiding feature: file:///C|/Documents and Settings/rwilliams/Deskt...Help_new_TOC/ZoneAlarmProHelp20_AlertSettings.htm (1 of 3) [4/12/2001 11:52:40 AM] ZoneAlarm Pro - More Info Option ● ● ● Don't hide local IP address: Select this radio button if you want to allow the full display of your IP address in the Analyzer. Hide local IP address: Select this radio button to display a series of XXXXXXXX instead of your IP address on the Analyzer. This choice prevents any digit of your IP address from being displayed. Hide last octet of local IP Address: Select this radio button to hide only the final digits of your IP address. This causes a short series of XXXX to be displayed at the end of your IP address on the Analyzer. This choice provides good security also. file:///C|/Documents and Settings/rwilliams/Deskt...Help_new_TOC/ZoneAlarmProHelp20_AlertSettings.htm (2 of 3) [4/12/2001 11:52:40 AM] ZoneAlarm Pro - More Info Option BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...Help_new_TOC/ZoneAlarmProHelp20_AlertSettings.htm (3 of 3) [4/12/2001 11:52:40 AM] ZoneAlarm Pro - Sample Log Entries Sample Log Entries Alerts generated by ZoneAlarm Pro are logged in the file, "ZAlog.txt". If you are using Windows95, Windows98 or Windows Me, the file is located in the following folder: (x):\Windows\Internet Logs If you are using WindowsNT or Windows2000, the file is located in the following folder: (x):\Winnt\Internet Logs What ZoneAlarm Pro Logs Netstat Options Log Alert Examples What ZoneAlarm Pro Logs FWIN - indicates that the firewall blocked an inbound packet of data coming to your computer. Some, but not all, of these packets are connection attempts. FWOUT - indicates that the firewall blocked an outbound packet of data from leaving your computer. FWROUTE - the firewall blocked a packet that was not addressed to or from your computer, but was routed through it. FWLOOP - the firewall blocked a packet addressed to the loopback adapter (127.0.0.1) LOCK - the firewall blocked a packet due to a lock violation PE: indicates that an application on your computer requested access to the Internet. ACCESS - an application was blocked because it did not have access permission MS - MailSafe quarantined a file attachment file:///C|/Documents and Settings/rwilliams/Des..._Help_new_TOC/ZoneAlarmProHelp20_LogSamples.htm (1 of 4) [4/12/2001 11:52:40 AM] ZoneAlarm Pro - Sample Log Entries The TCP Flags are: ● S (SYN) ● F (FIN) R (RESET) P (PUSH) A (ACK) U (URGENT) 4 (low-order unused bit) 8 (high-order unused bit) ● ● ● ● ● ● The SYN-flag is only set in the first packet initiating a TCP connection. It represents an attempt to make a connection rather than a response to an existing connection. The FIN-flag represents an attempt to terminate a connection. ICMP types: ● 0 - Echo Reply ● 3 - Destination Unreachable 4 - Source Quench 5 - Redirect 8 - Echo Request 9 - Router Advertisement 10 - Router Solicitation 11 - Time Exceeded 12 - Parameter Problem 13 - Timestamp Request 14 - Timestamp Reply 15 - Information Request 16 - Information Reply 17 - Address Mask Request 18 - Address Mask Reply ● ● ● ● ● ● ● ● ● ● ● ● ● Netstat Options file:///C|/Documents and Settings/rwilliams/Des..._Help_new_TOC/ZoneAlarmProHelp20_LogSamples.htm (2 of 4) [4/12/2001 11:52:40 AM] ZoneAlarm Pro - Sample Log Entries If you use netstat (from a DOS prompt, type netstat -an) here are some useful terms to know: CLOSE_WAIT - Remote shut down: waiting for the socket to close CLOSED - The connection is disconnected and not being used CLOSING - Closed, then remote shutdown: awaiting ack. Attempting to shut down connection ESTABLISHED - Connection has been established, connection is active FIN_WAIT_1 - Socket closed, shutting down connection FIN_WAIT_2 - Socket closed, waiting for shutdown from other computer LAST_ACK - Remote shut down, then closed: awaiting acknowledgment LISTENING - Your computer is waiting for an incoming connection YN_RECEIVED - Initial synchronization of the connection under way, about to connect SYN_SENT - Actively trying to establish connection TIME_WAIT - Wait after close for remote shutdown retransmission Log Alert Examples Click on an entry type below to see a log alert example with a brief explanation: FWIN Sample - Blocked incoming request FWOUT Sample - Blocked outbound request PE Sample - An application tried to connect LOCK Sample - An application tried to connect while the Internet Lock was on ACCESS Sample - An application tried to connect without Program permissions MS Sample - You received an e-mail attachment that was quarantined by MailSafe file:///C|/Documents and Settings/rwilliams/Des..._Help_new_TOC/ZoneAlarmProHelp20_LogSamples.htm (3 of 4) [4/12/2001 11:52:40 AM] ZoneAlarm Pro - Sample Log Entries BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des..._Help_new_TOC/ZoneAlarmProHelp20_LogSamples.htm (4 of 4) [4/12/2001 11:52:40 AM] ZoneAlarm Pro - LOCK Sample Log Entry LOCK Sample Log Entry LOCK,2000/09/07,16:43:30 -7:00 GMT,Yahoo! Messenger,207.181.192.252,N/A The "LOCK" entry informs you that an application on your computer attempted to access the Internet while the Internet Lock was locked. The entry also includes the following information: ● Date and Time ● The application on your computer that attempted to access the Internet ● The IP Address that the application was trying to connect to. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop...ro_Help_new_TOC/ZoneAlarmProHelp20_LogSamples_4.htm [4/12/2001 11:52:41 AM] ZoneAlarm Pro - Restricted Zone Tab Restricted Zone Tab The Restricted Zone enables you to identify specific web sites and IP addresses and earmark them as being denied access to and from your computer. Click on the Restricted Zone tab to relegate any IP address or range of addresses to a totally isolated zone vis-à-vis your machine or LAN. Any IP addresses you place in this zone will neither be reachable by your users nor will that IP address be able to have access your network. This means complete isolation of any address you place in the Restricted Zone. file:///C|/Documents and Settings/rwilliams/Des...ro_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab2.htm (1 of 2) [4/12/2001 11:52:41 AM] ZoneAlarm Pro - Restricted Zone Tab Add Options: Clicking Add allows you to define an IP address or a range of IP addresses that will not be able to have any relationship to your trusted Local Zone of computers. Once you have entered IP addresses in this zone, ZoneAlarm Pro will filter out any communications to and from those addresses. The following are the options under "Add": Host/Site - Adds a computer name to your Restricted Zone. You'll be prompted to enter the name of the computer, and you can enter either a domain-style name (such as "ftp.zonelabs.com") or a Windows-style name (such as "FTPSERVER"). Remember that a single computer name might refer to more than one actual computer. If this is the case, all the matching computers will be added to the Restricted Zone. IP Address - Adds a single IP Address that refers to a single computer to your Restricted Zone. IP Range - Adding an IP range adds a series of consecutive IP addresses to your Restricted Zone. IP Subnet - Adds a subnet to your Restricted Zone. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...ro_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab2.htm (2 of 2) [4/12/2001 11:52:41 AM] ZoneAlarm Pro - Local Zone Custom Settings tab Local Zone Custom Settings tab The Local Zone Custom Settings dialog enables you to change ZoneAlarm Pro's default security settings. When you set up custom settings in this dialog, you are setting up exceptions to your established rules for High and Medium security. Even though you used the sliders in the Security panel to establish default Local zone security, you can use the checkboxes in this dialog to establish customized security settings that will either allow or block specific protocols into your Local zone: ● Set High Security exceptions by selecting checkboxes that allow incoming and outgoing protocols. You can select settings like "Allow IGMP" or Allow incoming UDP Ports in this section of the dialog. These selections slightly lower your high security profile. ● Set Medium Security exceptions by selecting checkboxes that block incoming and outgoing protocols. In this section of the dialog, you can select settings like Block NetBIOS or Block incoming TCP Ports in this section of the dialog. These setting slightly increase the level of security in your Medium security profile. file:///C|/Documents and Settings/rwilliams/Des...ro_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab3.htm (1 of 2) [4/12/2001 11:52:41 AM] ZoneAlarm Pro - Local Zone Custom Settings tab Before scrolling down the main body of the dialog, you see the High Security Settings for the Local Zone. These settings are displayed as checkboxes for you to turn on or off. Select any exceptions to your high security profile that you want to allow in or out of your machine. Scroll down to the area where Medium Security Settings for the Local Zone are set. In this section, select any exceptions to your medium security profile that you want to block from your machine. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...ro_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab3.htm (2 of 2) [4/12/2001 11:52:41 AM] ZoneAlarm Pro - Internet Zone Custom Settings tab Internet Zone Custom Settings tab When you set up custom settings in this dialog, you are setting up exceptions to the established rules for High and Medium security. Even though you used the sliders in the Security panel to establish default Internet zone security, you can use the checkboxes in this dialog to establish customized security settings that will either allow or block specific protocols to your Internet zone: ● Set High Security exceptions by selecting checkboxes that allow incoming and outgoing protocols. You can select settings like Allow incoming ping or Allow outgoing ping in this section of the dialog. These selections slightly lower your high security profile. ● Set Medium Security exceptions by selecting checkboxes that block incoming and outgoing protocols. You can select settings like Block incoming ping or Block outgoing ping in this section of the dialog. These setting slightly increase the level of security in your Medium security profile. file:///C|/Documents and Settings/rwilliams/Des...ro_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab4.htm (1 of 2) [4/12/2001 11:52:42 AM] ZoneAlarm Pro - Internet Zone Custom Settings tab Before scrolling down the main body of the dialog, you see the High Security Settings for the Internet Zone. These settings are displayed as checkboxes for you to turn on or off. Select any exceptions to your high security profile that you want to allow in or out of your machine. Scroll down to the area where Medium Security Settings for the Internet Zone are set. In this section, select any exceptions to your medium security profile that you want to block from your machine. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...ro_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab4.htm (2 of 2) [4/12/2001 11:52:42 AM] ZoneAlarm Pro - The General Tab The General Tab Use the General Tab to set up ZoneAlarm Pro's ICS and NAT support. To set up our NAT and ICS support, these two conditions must first be met: ● ICS or NAT implementation software must first be used to set up the host and client machine relationships on your network ● ZoneAlarm Pro must be installed on all machines in the network: on the host machine and on each client machine Overview Internet Connection Sharing General Settings Network Settings Overview In the Internet Connection Sharing area, select one of the buttons to define your machine as a client machine, a gateway machine, or neither. In the General Settings area located at the bottom of the panel, you can select one or more checkboxes to block fragmented IP packets or servers. file:///C|/Documents and Settings/rwilliams/Des...ro_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab5.htm (1 of 4) [4/12/2001 11:52:42 AM] ZoneAlarm Pro - The General Tab Internet Connection Sharing file:///C|/Documents and Settings/rwilliams/Des...ro_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab5.htm (2 of 4) [4/12/2001 11:52:42 AM] ZoneAlarm Pro - The General Tab This computer is not on an ICS network - establishes that your PC is not an ICS gateway. This is the default setting. This computer is a client of an ICS gateway running ZA Pro - defines your machine as an ICS client and to activate the Gateway Address selection. This computer is an ICS gateway - defines your machine as an ICS gateway and activates the Local Address selection. Forward alerts from gateway to this computer - Select this checkbox if alerts generated by the gateway computer should be displayed on the client. With this checkbox selected, you can keep an eye on Internet connection traffic by viewing generated alerts. Suppress alerts locally if forwarded to clients - Select this checkbox to prevent the gateway PC from forwarding Internet connection messages to ICS clients. General Settings Blocking and managing fragmented IP packets is one of the basic requirements of a modern firewall. This is because fragmented packets can be used to pass through firewalls. Select one or more checkboxes to block IP fragments and/or server connections on the gateway machine for the entire ICS network, or for an individual machine. Three checkboxes are located at the bottom of the General panel: Block all fragments - Use this selection to prevent fragment (smurf) attacks. Selecting this checkbox to block fragmented IP packets. This will simply cause all fragmented packets to be dropped. Even though fragmented IP packets are rare, they can be used to get around firewalls in the form of a fragment attack. When the Block all Fragments is set on your machine, you might experience Internet connection problems but you will enjoy complete protection against fragment attacks. Block local servers - This checkbox allows you to prevent computers in your Local Zone from using servers running on your machine. If you select this checkbox, you can go to the Programs panel to earmark specific programs as exceptions that will still be Allowed to access servers in the Local Zone. file:///C|/Documents and Settings/rwilliams/Des...ro_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab5.htm (3 of 4) [4/12/2001 11:52:42 AM] ZoneAlarm Pro - The General Tab Selecting the Block local servers option allows you to be certain that no Local Zone computers can access servers running on your machine. If you want to block the majority of inbound server connections using this option, but would like to allow specific programs to access your servers, remember to use the Allow Server option in the Programs panel. Block Internet servers - This option allows you to be certain that no Internet Zone computers can access servers running on your machine. If you select this checkbox, you can go to the Programs panel to earmark specific programs as exceptions that will still be Allowed to access servers on the Internet. Network Settings The selection for Network Settings controls how ZoneAlarm Pro will react upon detecting a new network. When ZoneAlarm Pro is first installed, or if the computer has changed networks, it will detect your network. Here is where you set how you would like new networks to be handled when detected: automatically included, excluded, or to be asked each time. The default and recommended action is that you let it ask each time to be sure it is correct. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...ro_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab5.htm (4 of 4) [4/12/2001 11:52:42 AM] ZoneAlarm Pro - Using Port Scanning Software Using Port Scanning Software One way to check for security vulnerabilities is to scan the ports on your computer. Port scanning software, often available over the Internet, can check whether or not the ports on your machine are visible to computers on the Internet. The function of an ICS or NAT gateway machine is to hide client machines from the outside Internet world. Because of this, port scanning software will not be able to see client IP addresses. Therefore, if port scanning software does not display your client machine's address in the results the gateway is successfully screening client machines from direct contact with the Internet. Port Scan a Client Machine Port Scan a Gateway Machine Port Scan a Client Machine Scanning an ICS or NAT client machine for port protection should result in one of these status types - provided that the underlying gateway-client relationship is set up correctly: ● Stealth status for the IP address ● IP address is not seen IP address is unknown ● If the port scanning software sees or recognizes the client machine's IP address, or if the results display a status other than Stealth, you should check that Internet connections are really being routed through the gateway machine. Port Scan a Gateway Machine Scanning the gateway machine should result in machine's IP address being visible. This is as it should be, because it is the protector machine is the computer whose IP address is visible to other computers on the Internet. The protector machine stands between the client machine and the Internet. So its address will naturally be visible to the Internet and to the port scanning software. file:///C|/Documents and Settings/rwilliams/Des...ew_TOC/ZoneAlarmProHelp50_Adv_Tab5_portscan.htm (1 of 2) [4/12/2001 11:52:42 AM] ZoneAlarm Pro - Using Port Scanning Software BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...ew_TOC/ZoneAlarmProHelp50_Adv_Tab5_portscan.htm (2 of 2) [4/12/2001 11:52:42 AM] ZoneAlarm Pro - Internet Zone Security Settings Internet Zone Security Settings The default security setting for the Internet Zone is High. Just as in the Local Zone, three levels of security are available. The maximum amount of restrictions are programmed into the firewall when at High Security, whereas Low Security provides only basic protection as described below. Low Security is not recommended for the Internet Zone. Low Security: Low security only enforces application privileges and Internet Lock settings, leaving your computer visible to other computers in the Internet Zone. The firewall does not block file or printer shares or traffic to and from the Internet Zone. Medium Security: At this security level, file shares, printer shares and Windows services are allowed. When Medium security is set, the firewall blocks access from the Internet Zone to Windows (NetBIOS) services. Also, with security set at this level, the Automatic Lock is enhanced by the firewall and blocks all ports. High Security: This is the default security setting for the Internet Zone. At High security, the firewall blocks access from the Internet Zone to Windows (NetBIOS) services and file and printer shares. When High Security is set, your computer is in Stealth Mode. This means that all ports not currently in use by a program are blocked and at the same time, they are not visible to the Internet Zone. High security opens ports only when an approved program needs them. file:///C|/Documents and Settings/rwilliams/Desk...Pro_Help_new_TOC/ZoneAlarmProHelp50_Internet.htm (1 of 2) [4/12/2001 11:52:42 AM] ZoneAlarm Pro - Internet Zone Security Settings BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...Pro_Help_new_TOC/ZoneAlarmProHelp50_Internet.htm (2 of 2) [4/12/2001 11:52:42 AM] ZoneAlarm Pro - Allow Server Allow Server ZoneAlarm Pro controls server applications. Server applications listen for incoming connection requests and respond to those requests. By checking the Allow Server checkbox or right-clicking on a program in the Program List, you can limit server applications to be accessible from your Local Zone or prevent them altogether. One example is when you launch an application that wants to accept incoming connections, i.e. act as a server to the Internet, you will be presented with the option of allowing this application to act as a server. Communication applications like ICQ, NetMeeting typically require server rights in order to function properly with ZoneAlarm Pro. ZoneAlarm Pro now identifies these applications upon launching them, allowing you to temporarily assign them server rights when they launch. Many Trojan horse programs are, in effect, server applications that allow hackers to control your computer from a remote source. ZoneAlarm Pro lets you control these applications by letting you specify which programs can act as servers. For greater control, ZoneAlarm Pro lets you specify whether a server can communicate with the Internet Zone, or if it is restricted to the Local Zone. If an application on your computer attempts to respond to a remote request without prior permission from you, ZoneAlarm Pro will detect this and prompt you for permission. file:///C|/Documents and Settings/rwilliams/Des...Alarm_Pro_Help_new_TOC/ZoneAlarmProHelp60_3.htm (1 of 2) [4/12/2001 11:52:43 AM] ZoneAlarm Pro - Allow Server BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...Alarm_Pro_Help_new_TOC/ZoneAlarmProHelp60_3.htm (2 of 2) [4/12/2001 11:52:43 AM] ZoneAlarm Pro - Adding Programs to the Programs List Adding Programs to Programs List Select Add Program from the popup menu to add a program to the Program List. Adding a program here enables you to control the connection and server behavior performed by a program that has not accessed the Internet since ZoneAlarm Pro has been up and running. Once a program is added to the Program List, you can restrict its ability to connect to the Internet or its ability to listen as a potentially destructive server. To add a program to the Program List, right-click on the program entry and select Add Program. Even before a program is added, ZoneAlarm Pro is monitoring it for Internet activity. However, once it is added you have the ability to: ● ● Prevent the program from connecting to the Internet or from listening as a server Severely limit the program's ability to access the Internet by defining specific ports through which the application absolutely must pass in order to connect to the Internet. It will not be able to connect via any other port but the ones you define. file:///C|/Documents and Settings/rwilliams/Des...arm_Pro_Help_new_TOC/ZoneAlarmProHelp60_Add.htm (1 of 2) [4/12/2001 11:52:43 AM] ZoneAlarm Pro - Adding Programs to the Programs List BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...arm_Pro_Help_new_TOC/ZoneAlarmProHelp60_Add.htm (2 of 2) [4/12/2001 11:52:43 AM] ZoneAlarm Pro - Right-click on the Programs Panel Right-click on the Programs Panel Right-click on a program in the Program List to define access rights or port restrictions for a specific program or to add or remove a program. The rights you define will be specific to either the Local Zone or the Internet Zone. You can also view the version statistics about a program by clicking on Properties for. Local Network - Access and server rights for programs Internet - Access and server rights for programs Pass Lock - Set programs to bypass the Automatic Lock Changes Frequently - Set up program name only checking Options... - Set port and protocol restrictions for programs Properties for ... - Product + version statistics for programs Remove ... - Remove programs from the Program List Add program... - Add programs to the Program List BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop...arm_Pro_Help_new_TOC/ZoneAlarmProHelp60_Options.htm [4/12/2001 11:52:43 AM] ZoneAlarm Pro - Properties For Properties For The Properties menu gives you an easy way to view statistics about the program you've selected. The dialog has two tabs General and Version. General Version General file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options_2.htm (1 of 3) [4/12/2001 11:52:44 AM] ZoneAlarm Pro - Properties For The General tab lists the main statistics about the program in an easy-to-read panel. The program name and the official program icon appear in this dialog: ● the program type, such as application ● the program's location, such as c:\Program Files ● the program's size in megabytes and bytes ● the MS-DOS name, such as netscape.exe ● the date the program was installed on your machine ● the date the version you are using was installed on your machine ● the date the version you are using was modified by the software manufacturer ● ● the most recent date the program was used on your machine the remaining attributes: Read-only, Archive, Hidden and System, are attributes you can assign to the program using the Apply button. Version file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options_2.htm (2 of 3) [4/12/2001 11:52:44 AM] ZoneAlarm Pro - Properties For The Version tab contains a convenient selectable list to display the major version-related statistics about the program: ● the file's version number, such as 4.4.1.6 ● the file's description, such as Cherios Navigator the file's copyright date as a software product in the selectable list, you can easily view the following by selecting each consecutive statistic in the list: 1. software company name ● ● 2. 3. 4. 5. 6. the program's internal name, such as iecherio the language the product is written in, such as English the executable file name, such as cherios.exe the product name, such as CheriosPro the product version number, such as 4.4.1.6 (usually the same as the file version.) BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options_2.htm (3 of 3) [4/12/2001 11:52:44 AM] ZoneAlarm Pro - First-time Settings for Programs First-time Settings for Programs When you click on the Advanced button on the Programs Panel, you are ready to set up access rights for any of your programs that have not yet accessed the Internet. This means programs that are not yet on the Program List. The connection permissions you define here will be in effect for every first-time Internet connection one of your program's attempts. Use the two tabs at the top of the dialog to set your first-time permissions, Access Permissions and Alerts and Functionality. Access Permissions Alerts and Functionality Access Permissions This dialog gives you the control you need to set separate permissions for programs passing through Local Zone computers to make their connections, and those trying to make a connection through Internet Zone. The first row of radio buttons controls Local Zone connections. file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options_3.htm (1 of 4) [4/12/2001 11:52:44 AM] ZoneAlarm Pro - First-time Settings for Programs Local Zone buttons: The first set of radio buttons controls whether or not programs can connect to the Internet when the connection passes through elements in your Local Zone. Or whether they must ask your permission each time. Internet Zone buttons:The radio buttons in the second row control whether your programs can make an Internet connection when it goes through Internet Zone computers. Check the Identify Program by full pathname only checkbox if you feel comfortable having ZoneAlarm Pro checking only the pathname statistics, such as c:\program files\cherios. This choice will cause ZoneAlarm Pro not to check program size and other statistics. Alerts and Functionality file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options_3.htm (2 of 4) [4/12/2001 11:52:44 AM] ZoneAlarm Pro - First-time Settings for Programs In this panel, you can have ZoneAlarm Pro alert you when access is denied when new programs attempt a connection. You can set an option here to protect your machine if ZoneAlarm Pro is shut down: specifically, you can deny access if you set the Always Ask Permission option in the first tab of this panel. Select Show alert when Internet access is denied if you want to see an alert each time a Internet connection to computers in either zone is attempted for the first time by one of your programs. Select Deny access if permission is set to "ask" to stop any new program from connecting to the Internet if ZoneAlarm Pro is shut down. Select Require administrative privileges to only allow a program temporary access to the Internet if administrator privileges are set. file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options_3.htm (3 of 4) [4/12/2001 11:52:44 AM] ZoneAlarm Pro - First-time Settings for Programs BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options_3.htm (4 of 4) [4/12/2001 11:52:44 AM] ZoneAlarm Pro - Local Network Popup Local Network Popup Set a program's rights in the Internet Zone Options Set program rights to Local Zone computers Using the Local Network menu on the popup menu is one way to define access rights and server privileges for the specific program on which you right-clicked to call the popup menu. Another method is to click directly on the checkboxes in the yellow area of the Allow Connect or Allow server column shown below. When you use the popup menu, your change(s) will immediately be reflected in the checkboxes. As an example, the first green checkmark you see on the Local line above, corresponds to the first green check you see in the popup menu directly below. The result in this case is that you are granting access rights to Microsoft Internet Explorer to computers in your Local Zone. Options file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options1a.htm (1 of 2) [4/12/2001 11:52:44 AM] ZoneAlarm Pro - Local Network Popup Six choices are available under Local Network: 1st three choices: Server choices: Select Allow, Disallow or Ask for the selected program. When you select Ask, you are instructing ZoneAlarm Pro to use a popup menu to ask your permission each time the program attempts to connect to a computer in your Local Zone. Select Allow server , Disallow server or Ask server to allow or disallow the program to act as a server listening for connections from computers in your Local Zone. When you select Ask server, you are instructing ZoneAlarm Pro display the popup menu as a permission request each time the program attempts to act as a server to a computer in your Local Zone. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options1a.htm (2 of 2) [4/12/2001 11:52:44 AM] ZoneAlarm Pro - Internet popup menu Internet Popup menu Set a program's rights in the Internet Zone Options Set a program's rights in the Internet Zone Using the Internet menu on the popup menu is one way to define Internet Zone access rights and server privileges for the specific program on which you right-clicked to call the popup menu. Another method is to click directly on the checkboxes in the yellow area of the Allow Connect or Allow server column shown below. When you use the popup menu, your change(s) will immediately be reflected in the checkboxes. As an example, the first green checkmark you see on the Internet line above, corresponds to the first green check you see in the popup menu directly below. The result in this case is that you are granting access rights to Distribute COM Services to computers in the Internet Zone. Options file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options1b.htm (1 of 2) [4/12/2001 11:52:45 AM] ZoneAlarm Pro - Internet popup menu Six choices are available when you select Internet: 1st three choices: Server choices: Select Allow, Disallow, or Ask for the selected program. When you select Ask, you are instructing ZoneAlarm Pro to use a popup menu to ask your permission each time the program attempts to connect to a computer in the Internet Zone. Select Allow server , Disallow server or Ask server to allow or disallow the program to act as a server listening for connections from computers in the Internet Zone. When you select Ask server, you are instructing ZoneAlarm Pro display the popup menu as a permission request each time the program attempts to act as a server to a computer in the Internet Zone. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options1b.htm (2 of 2) [4/12/2001 11:52:45 AM] ZoneAlarm Pro - The Set Password Button The Set Password Button Setting a password ensures that only authorized users have access to each individual copy of ZoneAlarm Pro. Use the Set Password pushbutton If you are not using the established password Why set up a password? Use the Set Password pushbutton Use the Set Password pushbutton to enter a password or to change your current password. After setting a password, use the Login pushbutton to turn on the administrative privileges controlled by your password. These privileges let you to use the Advanced pushbuttons in the Security panel and the Programs panel, or to uninstall the product. If you try to use a ZoneAlarm Pro function that is password-protected when not logged on, this dialog will be displayed. Whenever this dialog is displayed, enter your password directly in the dialog or click on the Login button in the Configuration panel to enter your password. This will allow you to to make changes to the Firewall or to uninstall the product. The checkbox at the bottom of the dialog will always be checked if company policy establishes centralized control of employees' ZoneAlarm Pro passwords. The System Administrator of your organization has the exclusive right to maintain file:///C|/Documents and Settings/rwilliams/Des...ro_Help_new_TOC/ZoneAlarmProHelp70_Password.htm (1 of 3) [4/12/2001 11:52:45 AM] ZoneAlarm Pro - The Set Password Button passwords to ensure Internet security in the organization. In such cases, individual ZoneAlarm Pro users will only be able to enter a password in this dialog. The ability to change a password will not ba available in the Set Password dialog. If you are using the established password When a password is set up and you have not logged in with that password, only the three fields shown below can be modified. All other settings are protected by the established password: in the Configuration panel in the Alerts panel Why set up a password? Establishing a password gives you extra protection against anyone but you making changes to ZoneAlarm Pro. Password protection gives you these advantages: ■ Keeps unauthorized users from logging on to ZoneAlarm Pro without using the authorized password ■ Prevents unauthorized users from modifying security levels you've established for Zones and Programs ■ Keeps anyone except authorized users from shutting down ZoneAlarm Pro because the password is required to shut down ZoneAlarm Pro ■ Prevents users from changing lock settings on the Lock Panel ■ Prevents users from adding members to or removing members from the Local Zone or the Internet Zone. file:///C|/Documents and Settings/rwilliams/Des...ro_Help_new_TOC/ZoneAlarmProHelp70_Password.htm (2 of 3) [4/12/2001 11:52:45 AM] ZoneAlarm Pro - The Set Password Button BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...ro_Help_new_TOC/ZoneAlarmProHelp70_Password.htm (3 of 3) [4/12/2001 11:52:45 AM] ZoneAlarm Pro - Keyboard Shortcuts Keyboard Shortcuts You can use a combination of keystrokes on your keyboard to access many features of ZoneAlarm Pro. This provides an alternative to using your mouse. Shortcuts Shortcuts inside Alert Popups Shortcuts A list of features you can activate with keystrokes is provided below. To perform most shortcuts, you press either the Cntl or the Alt key in conjunction with one of the letter keys on your keyboard: Ctrl+L Ctrl+S Lock/Unlock Emergency Stop Ctrl+H Zone Labs Information Overview Alt+A Alt+L Alt+S Alt+P Alt+C Alt+Z ESC F1 Expand/Close the Alerts Panel Expand/Close the Lock Panel Expand/Close the Security Panel Expand/Close the Programs Panel Expand/Close the Configure Panel Zoom/Unzoom -- Expand/Close the current panel Unzoom -- Close the open panel Access the help file Shortcuts inside Alert Popups In the alert popup dialog, these keys let you navigate multiple alerts: PgUp PgDn Home End Previous Alert Next Alert First Alert Last Alert file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp90.htm (1 of 2) [4/12/2001 11:52:45 AM] ZoneAlarm Pro - Keyboard Shortcuts BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...neAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp90.htm (2 of 2) [4/12/2001 11:52:45 AM] ZoneAlarm Pro - The Configure Panel The Configure Panel Click on the Configure button to display the Configuration Panel. This button is located directly below the Help button in the top right corner of ZoneAlarm Pro Options Windows 95 and NT Options Use the checkboxes and pushbuttons in the Configuration Panel to determine: ● Whether, on your computer screen, ZoneAlarm Pro should be displayed ON TOP OF other applications when Internet activity is detected ● Whether the shell tool bar should be displayed Whether ZoneAlarm Pro should load when you start your computer To check for product updates ● To set your password ● To change your ZoneAlarm Pro License Key ● To change the registration information you've submitted to Zone Labs ● ● file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp70.htm (1 of 3) [4/12/2001 4:10:51 PM] ZoneAlarm Pro - The Configure Panel The first checkbox on the Configuration Panel is On top during Internet activity. This checkbox controls whether or not ZoneAlarm Pro will be displayed ON TOP of other applications whenever Internet activity is detected. The Load ZoneAlarm at Startup checkbox is selected by default. This causes ZoneAlarm Pro to be loaded when you start your computer. If you uncheck this checkbox, Internet traffic monitoring will not begin until you start ZoneAlarm Pro on your machine. Click on the Set Password pushbutton to set or modify a password. Once your password is set, use the "Login" pushbutton to login to ZoneAlarm Pro using your file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp70.htm (2 of 3) [4/12/2001 4:10:51 PM] ZoneAlarm Pro - The Configure Panel password. License key Your License Key is a number that you receive from Zone Labs. It indicates that you are the owner of a valid license for ZoneAlarm Pro. If you did not enter your License Key number when you installed the product, you can do so at any time by clicking on the Change Key button. When you click on the Change Key button, the License info dialog will be displayed: Enter your License key in the dialog, the click on the Go button. Windows 95 and NT Older versions of Windows 95 or Windows NT (those without the Windows Shell Update) let you choose a "Show shell toolbar" checkbox. Under newer versions and Windows 98 or Windows 2000, this option is part of the Windows Shell. See the Desk Band Toolbar for more information. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp70.htm (3 of 3) [4/12/2001 4:10:51 PM] ZoneAlarm Pro - The Automatic Lock The Automatic Lock The Automatic Lock will activate at whatever set intervals you select in the Automatic Lock section of the Lock panel. It is a very useful tool for stopping Internet traffic at times when you are not using your computer. By simply selecting a few radio buttons on the Lock panel, you can program the Automatic Lock to activate in the following situations: ● When you are not using the Internet ● When your computer has not been used for a preset number of minutes ● When the screen saver takes control of your desktop Turning on the Automatic Lock Select the Enable radio button to turn on the Automatic Lock. Engage Internet Lock after X minutes of inactivity: Set a time of inactivity at the end of which the lock is to be activated. If you have activated the Automatic Lock using the minutes-of-inactivity option, unlock the lock by clicking on the padlock inside the Lock icon. After clicking on the padlock to deactivate the lock, the Timer Bar under the padlock will be set to Green. This means that the lock is no longer stopping Internet traffic. Engage Internet Lock when screensaver activates: Screen saver activation turns on the lock rather than a number of minutes. Pass Lock programs may access the Internet: Choose between this and the High Security, all Internet activity stopped button by either allowing certain programs to break through the Automatic Lock, or allowing no exceptions at all. The Pass Lock button stops all traffic except programs that bypass the Lock. The High Security radio button stops ALL TRAFFIC, regardless of whether they are set to bypass the Lock. Note: ICS & NAT: If you are using ZoneAlarm Pro on an ICS or NAT gateway machine, the Automatic Lock will not lock Internet access for client computers. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp12.htm [4/12/2001 4:12:04 PM] ZoneAlarm Pro - The STOP Button The STOP Button Pressing the STOP button immediately stops all Internet traffic, including traffic to programs set to bypass the lock. Press this button if you think a program might be using the Internet improperly. The STOP button will stop all Internet access, overriding the Pass Lock settings in the Programs panel. This is useful for stopping: ● Trojan horses ● Programs that want to gain access to your private information To reactivate Internet access press the stop button again. Note: Using the emergency stop button completely cuts off connections to the Internet. Connections and data transfer by all programs on your computer must be restarted. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp40.htm [4/12/2001 4:13:22 PM] ZoneAlarm Pro - Understanding and Using Alerts Understanding and Using Alerts ZoneAlarm Pro gives you all kinds of ways to view alerts and Internet traffic. New Network alert Main panel Advanced button What is Internet traffic? What is an Internet Alert? What will ZoneAlarm Pro block? Red and green traffic indicators On top during Internet activity Bytes sent / received via the Internet Why did I get that alert? More info about a particular alert Where should I put my alerts? Use the Advanced button for Options 1. Hide your IP Address 2. Suppress a specific alert type 3. Tweak your alert log What is Internet traffic? ZoneAlarm Pro keeps an eye on all Internet traffic. Internet traffic includes all data movement to and from the Internet. It also includes all connection attempts from your machine to the Internet and vice versa. The ZoneAlarm Pro firewall only stops undesired traffic. When it does stop an instance of traffic, ZoneAlarm Pro will issue an alert. The alert can be displayed and stored in a number of places. Data movement and connection attempts that are allowed according to your rules in ZoneAlarm Pro, will be allowed to pass through the firewall. This kind of traffic is good traffic, in the sense that you are allowing it in and out. What is an Internet alert? An alert is basically a blocked Internet connection. When ZoneAlarm Pro blocks some kind of inbound or outbound Internet traffic, an alert is produced based on the rules you've set up in the various ZoneAlarm Pro panels. When we talk about alerts, we are talking about a description of why, in its role as a firewall, ZoneAlarm Pro has blocked inbound or outbound Internet access to your computer. By going to the Alerts panel, you can easily find out the basic information behind an alert. You can always view the text version of the alerts you received by clicking on this button, at the bottom of the Alerts panel. This file is called the Alert log. Each line in the left represents a single alert. Here are a few sample entries, the first of which indicates a PE alert. PE alerts tell you file:///C|/Documents and Settings/rwilliams/Deskto...o_Help_new_TOC/Getting_Started_Tutorial_Alerts.htm (1 of 10) [4/12/2001 4:53:23 PM] ZoneAlarm Pro - Understanding and Using Alerts that a specific application, which is named in the Alert, tried to access the Internet. What will ZoneAlarm Pro block? What ZoneAlarm Pro blocks is the result of how selections are made in ZoneAlarm Pro panels in these two ways: ■ Default settings that were installed with the product that you did not change ■ Modifications made to those settings by you or your system administrator Settings can be changed by clicking on selections in the panels, or by having those selections automatically made and implemented in your copy of the product by a system administrator operation from a central console. The higher the security setting in a zone, the more ZoneAlarm Pro will block. In the Security panel, if you allow overall security for the Internet Zone to be set to high, the firewall will block, and create an alert, for the three protocols shown in the lower part of this screen shot from the Security panel. Red and green traffic indicators file:///C|/Documents and Settings/rwilliams/Deskto...o_Help_new_TOC/Getting_Started_Tutorial_Alerts.htm (2 of 10) [4/12/2001 4:53:23 PM] ZoneAlarm Pro - Understanding and Using Alerts The most visible Internet traffic indicators are the red and green bars you can see at any time inside the first box on the left side of the DeskBand Toolbar. Red bars indicate data being uploaded; green bars indicate data being downloaded. These indicators don't indicate alerts or illegal traffic, but simply that Internet traffic is occurring between the Internet and your machine. When you open the product, you see a larger version of these indicators on the Alerts icon: Whenever red or green flashing bars appear in the Alerts icon, the application receiving or sending traffic is shown as a blinking icon inside the Programs icon. On top during Internet activity If you really want to see Internet traffic every single time it occurs, make sure the first checkbox below, located on the Configuration panel, is checked: This means that, in addition to being able to view the red and green bars, you will also see the main ZoneAlarm Pro panel pop up to be displayed on top of all the other applications on your desktop. This will make it obvious that Internet traffic is occurring. Since so much Internet traffic can occur when you have a live Internet connection, many ZoneAlarm Pro users uncheck this box and rely on the red and green bars only. Bytes you've sent and received via the Internet file:///C|/Documents and Settings/rwilliams/Deskto...o_Help_new_TOC/Getting_Started_Tutorial_Alerts.htm (3 of 10) [4/12/2001 4:53:23 PM] ZoneAlarm Pro - Understanding and Using Alerts About Internet traffic, you can always view how many bytes have been sent to your PC and how many have been received since you launched ZoneAlarm Pro. These statistics are available at the top of the Alerts panel: Why did I get that alert? Just below the Bytes received area in the Alerts panel, statistics are always available immediately after your ZoneAlarm Pro firewall detects an Internet connection attempt that is being blocked by the firewall rules you've set up throughout ZoneAlarm Pro. The example below shows that a connection attempt by Internet Explorer was blocked: A number of rules could be responsible for this alert. One possibility is that, in the Allow connect column of the Programs panel, you have established a rule to block Internet Explorer's access to the Zone where the IP address mentioned in the alert. In this case, the IP address would be in the Internet zone, because the Red X is in the Internet Zone area. More info about a particular alert file:///C|/Documents and Settings/rwilliams/Deskto...o_Help_new_TOC/Getting_Started_Tutorial_Alerts.htm (4 of 10) [4/12/2001 4:53:23 PM] ZoneAlarm Pro - Understanding and Using Alerts Clicking on the More Info button, located to the right of the alert description, gives you access to the Alert Analyzer, located on the Zone Labs web site. Where should I put my alerts? The area at the bottom of the Alerts panel allows you to control whether you want the Alert Log to be created, and whether or not you want alert popups to be displayed each time there is an alert. If you select the second checkbox, you'll get a display like this each time firewall rules trigger an alert: file:///C|/Documents and Settings/rwilliams/Deskto...o_Help_new_TOC/Getting_Started_Tutorial_Alerts.htm (5 of 10) [4/12/2001 4:53:23 PM] ZoneAlarm Pro - Understanding and Using Alerts This can be helpful unless too many alerts are happening and you don't want to be interrupted. Use the Advanced button for options ZoneAlarm Pro lets you hide part of your IP address when the Alert Analyzer is used, or to decide how often you want to start a new Alert Log because you may be receiving many alerts. Use the Advanced button to call this three-tab dialog which lets you easily set up alert-related customizations. file:///C|/Documents and Settings/rwilliams/Deskto...o_Help_new_TOC/Getting_Started_Tutorial_Alerts.htm (6 of 10) [4/12/2001 4:53:23 PM] ZoneAlarm Pro - Understanding and Using Alerts 1. Hide your IP address After clicking on the Advanced button, click on the Submitting Info tab if you want to hide your IP address from the Alert Analyzer. When you receive an alert then click on the Submitting Info button hoping to find out something about its source, the web-based Alert Analyzer takes your IP address into account as one piece of analytical data. For your protection, you can keep part or all of your IP address from being sent to the Analyzer (and thus made visible on the Internet) by selecting one of the radio buttons in the dialog. file:///C|/Documents and Settings/rwilliams/Deskto...o_Help_new_TOC/Getting_Started_Tutorial_Alerts.htm (7 of 10) [4/12/2001 4:53:23 PM] ZoneAlarm Pro - Understanding and Using Alerts 2. Suppress a specific alert type To make things less complicated for you, you can prevent some alerts from being created and displayed. If there are alert types, such as NetBIOS broadcasts, that you decide you do not need to go back to examine, you can select them in the dialog below. Click on the Suppress alerts tab to open the dialog. Alerts of the type you check will not appear in the Alert Log and no messages will be displayed about them. 3. Tweak your Alert Log or file:///C|/Documents and Settings/rwilliams/Deskto...o_Help_new_TOC/Getting_Started_Tutorial_Alerts.htm (8 of 10) [4/12/2001 4:53:23 PM] ZoneAlarm Pro - Understanding and Using Alerts What if your alert log gets so big you'd like to archive its contents? Or what if you'd like to be able to read it more easily? The Log File tab or the Log Properties button at the bottom of the Alerts panel will open the dialog below, where you can determine how often you want to archive your log file and create a new one. The current log file always has the name ZALog.txt. You can also set the fields of each line in the log to be separated with a tab or semicolon rather than a comma, which is the default setting. An example of a renamed archived log file created on October 2, 2000 is ZALog2000.10.02.txt, which you can see in the Internet Logs subdirectory below. This example is from a Window NT operating system. file:///C|/Documents and Settings/rwilliams/Deskto...o_Help_new_TOC/Getting_Started_Tutorial_Alerts.htm (9 of 10) [4/12/2001 4:53:23 PM] ZoneAlarm Pro - Understanding and Using Alerts ZALog.txt is the current log where alerts that are happening right now are being stored. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt..._Help_new_TOC/Getting_Started_Tutorial_Alerts.htm (10 of 10) [4/12/2001 4:53:23 PM] ZoneAlarm Pro - Program Settings Program Settings The Programs panel has three work areas: the Programs panel itself, the Right-click function, and the Options button. Right-click on a program line as an alternative way to perform main panel functions or to Add a new program. Click on the Options button to set server rights or to limit a program's access rights to specific ports. Main panel Right-click and Options button Programs panel as it looks at first Programs panel with programs in it Will you allow the program to connect? Allowing or denying access to a program What the checkmark and X mean What a permission message looks like Allowing the program to be a server Server permission message example Right-click to set access & server options Click on the Options button to set server rights & specify ports Access permissions tab Ports tab Click on Add to add a port or range of ports Click on Custom to add a TCP or UDP port Programs panel as it looks at first The Programs panel will probably display an empty white area when you first open it, unless some programs have already accessed the Internet since you opened the program, or unless the product was configured for you by your System Administrator. It will probably look like this: file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Programs.htm (1 of 13) [4/12/2001 4:55:13 PM] ZoneAlarm Pro - Program Settings Programs panel with Programs in it file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Programs.htm (2 of 13) [4/12/2001 4:55:13 PM] ZoneAlarm Pro - Program Settings The white area of the Programs panel starts filling up as your applications start accessing the Internet. A separate line in the white area is reserved for each program that connects. Microsoft Outlook is the first program that connected in the panel shown below. We'll use that example as we quickly look at this panel. Notice that the version number of Outlook is displayed along with the name and the Outlook icon: file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Programs.htm (3 of 13) [4/12/2001 4:55:13 PM] ZoneAlarm Pro - Program Settings Will you allow the program to connect? On each program line, the second column is the Allow connect column. This column allows you to resolve this issue: Will you allow the program to connect to the Internet? If you have not changed anything, two ZoneAlarm Pro will ask your permission: appear in the column, meaning that Question marks mean you will always receive a message asking your permission when the Program on that line, in this case Microsoft Outlook, attempts to connect to the Internet Allowing or denying access to a program Remember that access the Internet. means that your permission will be asked for a program to Click on the to make any changes. The leftmost checkbox is for allowing: denies: or What the or . Clicking on the middle one . and mean file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Programs.htm (4 of 13) [4/12/2001 4:55:13 PM] ZoneAlarm Pro - Program Settings The top yellow section governs the Local Zone: The bottom blue section governs the Internet Zone: Keep those zone-specific distinctions in mind and it will be clear that when you click on the top section, you are managing the program's access to the Internet only via locations you have included in your Local Zone. When you click on the bottom section, you are managing the program's access to the entire Internet, as described here: Allows the program to connect to Internet locations in the Local Zone. Prevents the program from connecting via the Local Zone. Allows the program to connect to Internet locations outside the Local Zone. Prevents the program from connecting via the Internet Zone. Permission message When ZoneAlarm Pro asks your permission for a program to connect, a message like this one is displayed, containing the name of the program and your IP address: file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Programs.htm (5 of 13) [4/12/2001 4:55:13 PM] ZoneAlarm Pro - Program Settings Will you allow the program to be a server? Programs can play the role of a server, waiting or listening for incoming connections from the Internet. This column gives you the choice to stop server behavior for each program if you think it would be wise. The Allow server column gives you the same choices as in the Allow Connect column: ZoneAlarm Pro can request your permission each time, or you can allow or deny server behavior to each program. These permissions also function by zone. If a program tries to act as a server to a Local Zone location, permission is asked. Allows the program to act as a server to Internet locations in the Local Zone. Prevents the program from acting as a server to a Local Zone location. If a program tries to be a server to Internet Zone locations, permission is asked. Allows the program to act as a server to Internet locations outside the Local Zone. file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Programs.htm (6 of 13) [4/12/2001 4:55:13 PM] ZoneAlarm Pro - Program Settings Prevents the program from acting as a server to Internet Zone locations. Allow server permission message When ZoneAlarm Pro asks your permission for a program to connect, a message like this one is displayed, containing the name of the program: RIGHT-CLICK on the Programs panel file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Programs.htm (7 of 13) [4/12/2001 4:55:13 PM] ZoneAlarm Pro - Program Settings When you right-click on a program in the Program List, all the following choices are available to you. Right-clicking on a program lets you define access rights or port restrictions for the program you clicked on, or to add or remove a program. The rights you define will be specific to either the Local Zone or the Internet Zone. You can also view the version statistics about a program by clicking on Properties for. Click on to set server rights & limit program access specific ports Click on the Options button to call a dialog with two tabs: file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Programs.htm (8 of 13) [4/12/2001 4:55:13 PM] ZoneAlarm Pro - Program Settings Click on the Access Permissions tab to grant connection and server rights to a program. Click on the Ports tab to limit the way a program connects to specific ports. Access permissions tab file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Programs.htm (9 of 13) [4/12/2001 4:55:13 PM] ZoneAlarm Pro - Program Settings Use the radio buttons on this panel to define precise permissions for each of your programs. Use the yellow section of this panel to define, for a specific program, access permissions to computers or addresses defined in your Local Zone. Use the blue section of the panel to grant programs access permissions to computers and addresses in the Internet Zone. The yellow and blue sections allow you to define whether or not your programs can act as servers listening for connections from computers from either of those zones: yellow for the Local Zone, blue for the Internet Zone. Radio buttons on left side of the panel: Radio buttons on the left side control whether or not individual programs can actually make an Internet connection, or whether the program needs your permission each time. Radio buttons on the right side of the panel: Radio buttons on the right side control whether or not the program can receive incoming Internet connections as a server. Ports tab Use the Ports tab to specify ports and protocols that an application is permitted to use. The title bar, at the top of the Ports tab, displays the program name you are defining port access for, such as Outlook Express or Netscape Navigator. file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Programs.htm (10 of 13) [4/12/2001 4:55:13 PM] ZoneAlarm Pro - Program Settings Use Allow access to all ports and protocols to allow the program to have Internet connections via all ports. Use Allow access for ONLY the ports checked below to limit the program's connections to the protocols and ports with checkmarks. The IGMP and ICMP checkboxes are selected by default as the protocols you will limit the program's connections to. Use Allow access for any port EXCEPT for those checked below to allow connections to every protocol and port that is not checked in the list below. The IGMP and ICMP checkboxes are selected by default as the port types denied to the program's for Internet access utilization. All protocols and ports not checked in the list are fair game. Click on to add a port or range of ports file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Programs.htm (11 of 13) [4/12/2001 4:55:13 PM] ZoneAlarm Pro - Program Settings Clicking on the Add button displays the popup shown below, which has a number of server-specific entries, such as Web Servers and Mail Servers: When you click on a server-specific choice like Mail Servers, ZoneAlarm Pro adds the ports used by the server type and each entry is preselected. For ease of use, three ports are added for Mail Servers. You can deselect any that you may want to omit from the authorized list. All three mail server ports remain selected in the list shown below: Click on to define a single TCP or UDP port Click on Custom to define a single TCP or UDP port, or a range of ports: file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Programs.htm (12 of 13) [4/12/2001 4:55:13 PM] ZoneAlarm Pro - Program Settings Clicking on Custom displays the Add a range of ports dialog: In the Description field: Type in a meaningful name for the port or range of ports you're adding. Then, click on OK to add the port(s), which will be displayed in the Ports panel. The dialog above mentions that the PC has a total of 65,535 ports. When adding a port, the first thing to do is to specify whether the port, or range of ports, is TCP, UDP or both. For example, DNS uses port 53, which is a TCP port. DHCP uses port 67, which is a UDP port. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...elp_new_TOC/Getting_Started_Tutorial_Programs.htm (13 of 13) [4/12/2001 4:55:13 PM] ZoneAlarm Pro - Zones Definition of Zones ZoneAlarm Pro uses the concept of zones to protect your computer from unknown malicious entities on the Internet. Local Zone The Local Zone defines permissible traffic through the firewall. The Local Zone contains domains, IP addresses, IP ranges and subnets of trusted sources. If you go to the Security Panel and press the Advanced button, locate the Local Zone Settings tab. This tab defines ports, protocols, and permissions that will apply rules to protect your computers in the Local Zone. For help setting up security in the Local Zone, click here. Please go to the Local Zone Contents Tab for information on how to add computers to your trusted Local Zone Internet Zone The Internet Zone protects against any computer attached to the Internet that is not on your network. If you go to the Security Panel and press the Advanced button, locate the Internet Zone Settings tab. This tab defines ports, protocols, and permissions that will apply rules to protect your computers in the Internet Zone. For help setting up security in the Internet Zone, click here. Restricted Zone The Restricted Zone is designed to block domains, IP addresses, IP ranges and subnets that you do not want your computer to access. Essentially, this feature is a reverse of the Local Zone. If you go to the Security Panel and press the Advanced button, locate the Restricted Zone tab. Check here for functionality of the Restricted Zone. file:///C|/Documents and Settings/rwilliams/Desk...Pro_Help_new_TOC/ZoneAlarmProHelp50_ZoneDefs.htm (1 of 3) [4/12/2001 4:57:07 PM] ZoneAlarm Pro - Zones Security Levels The Local and Internet zones each have a security level selector, which you can slide up and down to change the security level. Local zone security is displayed in yellow, and Internet zone security in blue. The default settings are: ● Medium for the Local Zone ● High for the Internet Zone file:///C|/Documents and Settings/rwilliams/Desk...Pro_Help_new_TOC/ZoneAlarmProHelp50_ZoneDefs.htm (2 of 3) [4/12/2001 4:57:07 PM] ZoneAlarm Pro - Zones As levels increase, the dynamic firewall places more access restrictions to your computer to protect you from potential threats. The security level for the Internet Zone should be equal or higher than the level selected for the Local Zone. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...Pro_Help_new_TOC/ZoneAlarmProHelp50_ZoneDefs.htm (3 of 3) [4/12/2001 4:57:07 PM] ZoneAlarm Pro - Networking Issues Networking Issues This section provides some direction about specific issues for individual ZoneAlarm Pro users as well as users working on a local area network. Detecting a new network Control Internet Access to Your PC by LAN Computers Use ICS and NAT to Protect Your Network Include Network Adapters in the Local Zone VPN Connections Server Not Receiving Incoming Connections Control Internet Access to Your PC by LAN Computers You can easily adjust settings in your Local Zone to establish customized Internet access for computers on your local area network. You start this overall process by making sure that the computers and web sites that you trust are members of ZoneAlarm Pro's Local Zone. This sets up ZoneAlarm Pro's firewall for trusted network components. The default security setting is medium. Once this security setting is established, you can customize your overall Local Zone security by allowing or blocking specific protocols or ports. You can even allow specific network programs and servers to run via specific ports only. You can also create a Restricted Zone to isolate IP addresses and web sites so that they cannot contact your Local Zone computers via the Internet. Use ICS and NAT to Protect Your Network file:///C|/Documents and Settings/rwilliams/Desk...Help_new_TOC/ZoneAlarmProHelp_FAQ_Networking.htm (1 of 4) [4/12/2001 4:58:07 PM] ZoneAlarm Pro - Networking Issues Most firewalls only protect the system where it is installed. Using the ICS and NAT support bundled into ZoneAlarm Pro, you can protect your entire network you have the product installed on the computer you're using to share your Internet connection. Once you have defined a gateway and client machines on your network, you can use ZoneAlarm Pro's ICS or NAT support to define the gateway and client definitions to ZoneAlarm Pro. This will allow the gateway machine to handle Internet security for all client machines. Include Network Adapters in the Local Zone By default, ZoneAlarm Pro includes the network adapter subnets that correspond to your network cards as part of your Local Zone. You can check to make sure that the subnets of network adapter cards are included in your Local Zone by following these steps: ● Click on the Advanced button in the Security panel ● Click on the Local Zone Contents tab ● Under Networks, the network adapter that corresponds to your network is checked by default If you have resources such as printers attached to your computer that others working on the network need to access, we recommend that you disable the Automatic Lock feature. When engaged, the Automatic Lock will block access to these resources from the Local Zone. DHCP for Dial-Up Internet Users file:///C|/Documents and Settings/rwilliams/Desk...Help_new_TOC/ZoneAlarmProHelp_FAQ_Networking.htm (2 of 4) [4/12/2001 4:58:07 PM] ZoneAlarm Pro - Networking Issues If you are using dial-up or a broadband connection with a non-static IP address, your ISP uses DHCP to allocate IP addresses. This probably mean that your ISP will periodically renew your non-static IP address. To make sure that Internet connections are configured to accept DHCP renewals, review the settings in the Local Zone Custom Settings panel. Here's how you review the settings: ● Go to the Security Panel ● Click on the Advanced button and click on Local Zone Custom Settings. ● Make sure these two checkboxes are checked: When these two checkboxes are checked, all Internet connections are configured to accept DHCP renewals. VPN connections There are many kinds of VPN connections. Not all VPN connection methods are the same. If you are not able to make a connection via your VPN while running ZoneAlarm Pro, check the following settings: ● Make sure that the VPN server has been added to Local Zone ● Make sure the network subnet you are connecting to via VPN is included in your Local Zone If you are experiencing a connection problem, the VPN initiation and authentication may be running into a conflict. Some users have lowered their Internet Zone security from High to Medium during VPN initiation and authentication only. They then immediately reset security to HIGH. Server Not Receiving Incoming Connections file:///C|/Documents and Settings/rwilliams/Desk...Help_new_TOC/ZoneAlarmProHelp_FAQ_Networking.htm (3 of 4) [4/12/2001 4:58:07 PM] ZoneAlarm Pro - Networking Issues If your server application, such as an FTP or Web server, is not accepting incoming connections, check these settings: 1. Make sure your server application has "Allow Server" permission: in the Programs panel, click on the Options button for the server application. In the Access permissions panel, make sure that server permission is not denied. The permission can be set to Always allow or Always ask, as shown below: 2. Make sure the "Block Local Servers" and "Block Internet Servers" option is not checked. To do this, go to the Security panel and click on the Advanced button. Under the General tab, go to the bottom of the panel and make sure these two checkboxes are not checked: 3. Make sure that the Automatic Lock is not enabled, or that your server application has permission to bypass the lock. Go to the Programs panel to find this option. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...Help_new_TOC/ZoneAlarmProHelp_FAQ_Networking.htm (4 of 4) [4/12/2001 4:58:07 PM] ZoneAlarm Pro - Computer Games Computer Games Many games run in "exclusive" full screen mode. This prevents the display of ZoneAlarm Pro alerts as well as normal windows error messages on your screen. If you are not able to see ZoneAlarm Pro alerts while you are playing a full screen game, you can try to rectify the problem in one of the following ways: Set the game to run in a window Change the rendering mode Press Alt+Tab to toggle Set the game to run in a window Setting your game to run in a window will allow you to see the alert if the game is running in a resolution lower than your desktop. If your mouse is locked to the game, try pressing the windows key, and you should be able to use the mouse to click on the alert. Then reset the game to run full screen after allowing it Internet access. Change the rendering mode Changing the rendering mode to "Software Rendering" will allow Windows to overlay the ZoneAlarm Alert on top of your game screen. After allowing Internet access, you can change back to your preferred rendering device. Use ALT + TAB to toggle Pressing Alt + Tab to toggle back into windows will allow the game running, but it will allow you to respond to the alert. Once you have allowed Internet access you press Alt-Tab again to restore your game. This may cause some applications to crash, especially if you are using Glide or OpenGL; however, the problem should be corrected the next time you run the game. Sometimes you can use Alt-Enter in the place of Alt-Tab. file:///C|/Documents and Settings/rwilliams/Des...Pro_Help_new_TOC/ZoneAlarmProHelp_FAQ_Games.htm (1 of 2) [4/12/2001 4:58:58 PM] ZoneAlarm Pro - Computer Games BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Des...Pro_Help_new_TOC/ZoneAlarmProHelp_FAQ_Games.htm (2 of 2) [4/12/2001 4:58:58 PM] ZoneAlarm Pro - QuickTour of ZoneAlarm Pro QuickTour of ZoneAlarm Pro This QuickTour won't take long. But it will save you the trouble of figuring things out for yourself. Basic Tour Panels Where is the main panel? Main panel Black bar along the top of the main panel Five main Icons Buttons below the Icons Icon display without panels Alerts panel Lock panel Security panel Programs panel Configuration panel WHERE IS the main panel? After you install ZoneAlarm Pro on your machine, only a portion of the main panel will be displayed, the Control Center: To display the entire panel, click on one of the five buttons in the lower portion of the Control Center, such as the Alerts buttton. Another way to open the main ZoneAlarm Pro panel, whenever it is not fully displayed, is to double-click on the ZA icon in your system tray, directly below the Desk Band Toolbar: file:///C|/Documents and Settings/rwilliams/Deskto...elp_new_TOC/Getting_Started_Tutorial_QuickTour.htm (1 of 11) [4/12/2001 5:01:03 PM] ZoneAlarm Pro - QuickTour of ZoneAlarm Pro As shown below, the ZA icon also lights up with red and green bars whenever Internet traffic is happening. Double-clicking on this icon will still open the main ZoneAlarm Pro panel even though Internet traffic is showing: * As long as ZoneAlarm Pro is installed on your machine and has not been shut down, the ZA icon will remain in the System Tray. You cannot remove it. Main ZoneAlarm Pro panel ZoneAlarm Pro has five different panels. Each one has a different function. The panel shown here is the Configuration panel where you set your password and check for upgrades. You can also set some general behavior options in the Configuration field at the top of this panel. file:///C|/Documents and Settings/rwilliams/Deskto...elp_new_TOC/Getting_Started_Tutorial_QuickTour.htm (2 of 11) [4/12/2001 5:01:03 PM] ZoneAlarm Pro - QuickTour of ZoneAlarm Pro The checkboxes at the top of the Configuration panel also allow you to determine overall behavior: ■ should this panel be on top of all applications during Internet activity? ■ should the deskband toolbar be visible? should you load ZoneAlarm Pro at startup time? ■ Black bar along the top of the panel file:///C|/Documents and Settings/rwilliams/Deskto...elp_new_TOC/Getting_Started_Tutorial_QuickTour.htm (3 of 11) [4/12/2001 5:01:03 PM] ZoneAlarm Pro - QuickTour of ZoneAlarm Pro A black bar with the name ZoneAlarm Pro spans the very top of the main panel. At the extreme right of the black bar, you can use the ZoneAlarm Pro. tool to minimize Five main icons Directly below the black bar you have a row with five icons. Each icon has a specific function. The first one lights up when Internet traffic is occurring on your PC. Watch this icon! It contains four small bars: two UP rows and two DOWN rows. These bars show a graphic display of uploading & downloading. The top two bars show real time Internet traffic on your PC; the lower two bars show Internet traffic over a period of time. Click on this icon to block Internet traffic! When you do, the padlock will close and the green text will change to this: This is the Stop button! Click on it when you think trouble has arrived. It will immediately stop all Internet Traffic and, unlike the Lock button described directly above, it will allow now exceptions, thereby not respecting the passlock. Watch this icon to get a quick graphical look at which applications are currently connected to the Internet. Inside this icon, ZoneAlarm Pro displays the icon for each program on your PC that has a current Internet connection file:///C|/Documents and Settings/rwilliams/Deskto...elp_new_TOC/Getting_Started_Tutorial_QuickTour.htm (4 of 11) [4/12/2001 5:01:03 PM] ZoneAlarm Pro - QuickTour of ZoneAlarm Pro Click on this icon to open the Help file. The Help file not only provides reference material, but also Internet basics, information on how other software programs interact with ZoneAlarm Pro, and much more. Buttons below the Icons Use these buttons to navigate between ZoneAlarm Pro panels. This means that the entire display in lower portion of the panel changes. Click on the buttons below to see how it works. If you are already using the panel represented by a button, like the Configuration panel we looked at briefly above, and you click on the Configuration button, notice that the lower part of the main panel is removed, leaving only the icons and buttons: The Alerts Panel file:///C|/Documents and Settings/rwilliams/Deskto...elp_new_TOC/Getting_Started_Tutorial_QuickTour.htm (5 of 11) [4/12/2001 5:01:03 PM] ZoneAlarm Pro - QuickTour of ZoneAlarm Pro Use this panel to see statistics about Internet traffic alerts on your PC and to minimize the display of alerts if you find there are so many that the displays become distracting. To find out the IP address, the time and, when appropriate, the application involved in an Internet traffic alert, look in the Current alerts box in the middle of the panel: file:///C|/Documents and Settings/rwilliams/Deskto...elp_new_TOC/Getting_Started_Tutorial_QuickTour.htm (6 of 11) [4/12/2001 5:01:03 PM] ZoneAlarm Pro - QuickTour of ZoneAlarm Pro Go to the checkboxes at the bottom of the panel to instruct ZoneAlarm Pro to save alerts to a text file that you can comfortably read at any time. You can also initiate the alert popup window from here, so that each time an alert occurs, a balloon alert is displayed with pertinent information. The Advanced button lets you stop the display of specific types of alerts, like NetBIOS broadcasts or blocked applications. You can also use this button to set log file options to prevent your alert log file from getting too large. Lock Panel ZoneAlarm Pro has a programmable lock to stop Internet traffic. Use the Lock panel to determine whether the lock should be turned on after a time of inactivity on your PC or whether your screen saver should turn it on. file:///C|/Documents and Settings/rwilliams/Deskto...elp_new_TOC/Getting_Started_Tutorial_QuickTour.htm (7 of 11) [4/12/2001 5:01:03 PM] ZoneAlarm Pro - QuickTour of ZoneAlarm Pro Passlock, the ability for a program to disregard the lock and access the Internet, is enabled or disabled in this panel. If pass lock is enabled, individual applications that you select in the Programs panel will be able to break through the lock. This is useful for programs like e-mail. Security Panel file:///C|/Documents and Settings/rwilliams/Deskto...elp_new_TOC/Getting_Started_Tutorial_QuickTour.htm (8 of 11) [4/12/2001 5:01:03 PM] ZoneAlarm Pro - QuickTour of ZoneAlarm Pro This panel is where you set up your zones. Use the yellow and blue boxes in the middle of the panel to set overall security for your Local Zone and your Internet Zone. For maximum security, it is a good idea to keep security in the Internet Zone set to High. Once High security is set, you can allow protocols through the firewall, or allow specific programs access through specific ports. This panel also controls MailSafe. file:///C|/Documents and Settings/rwilliams/Deskto...elp_new_TOC/Getting_Started_Tutorial_QuickTour.htm (9 of 11) [4/12/2001 5:01:03 PM] ZoneAlarm Pro - QuickTour of ZoneAlarm Pro The Advanced button puts you more in the driver's seat. This button takes you to a dialog with six tabs. Each tab takes you to a different panel. Four of the panels let you define and customize your zones. The Local Zone Contents tab is very important because that is where you define which computers and addresses are allowed to be members of the trusted and protected area called the Local Zone. The General tab lets you further define MailSafe by adding specific file types you do not want to be opened when they come as attachments to an e-mail. The Restricted tab lets you create an isolation tank zone, where no Internet traffic is allowed. Programs Panel Use the Programs Panel to see which programs have been connecting to the Internet and also to restrict or broaden a program's ability to access the Internet. Every line in the panel is dedicated to one of your programs that has been accessing the Internet. file:///C|/Documents and Settings/rwilliams/Deskt...lp_new_TOC/Getting_Started_Tutorial_QuickTour.htm (10 of 11) [4/12/2001 5:01:03 PM] ZoneAlarm Pro - QuickTour of ZoneAlarm Pro BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...lp_new_TOC/Getting_Started_Tutorial_QuickTour.htm (11 of 11) [4/12/2001 5:01:03 PM] ZoneAlarm Pro - How to add a program to the Program List How to add a program to the Program List Any program that is installed on your computer will be added to the Programs List at the time ZoneAlarm Pro detects that it is accessing the Internet. For LAN users, your system administrator may have preconfigured your Programs List to include specific programs. If so, these will appear on the list. Why add programs to the Programs List? Empty Programs List? Programs List showing programs How to add a program Why add programs to the Programs List? If one of your programs has not yet accessed the Internet since ZoneAlarm Pro has been running, you can set up security behavior for that Program by adding it to the Program List. Once a program is added to the Program List, use the Programs panel to restrict its ability to connect to the Internet or its ability to listen as a potentially destructive server. To add a program to the Program List, right-click anywhere in the main area of the Programs panel. Empty Programs List? Unless a system administrator configured the installation on your network, the Programs panel will probably display an empty white area when you first open it: file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/How_to_add_program.htm (1 of 5) [4/12/2001 5:02:07 PM] ZoneAlarm Pro - How to add a program to the Program List Programs panel with Programs in it file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/How_to_add_program.htm (2 of 5) [4/12/2001 5:02:07 PM] ZoneAlarm Pro - How to add a program to the Program List The white area of the Programs panel starts filling up as your applications start accessing the Internet. A separate line in the white area is reserved for each program that connects. Microsoft Outlook is the first program that connected in the panel shown below. We'll use that example as we quickly look at this panel. file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/How_to_add_program.htm (3 of 5) [4/12/2001 5:02:07 PM] ZoneAlarm Pro - How to add a program to the Program List How to add a program Right-click anywhere in the Program List to add a Program to the Program List. In the popup menu, a number of choices are available. Select Add Program... to add a program to your Programs List: After selecting Add program..., select the program you want to add from the list displayed in the Add Program dialog. file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/How_to_add_program.htm (4 of 5) [4/12/2001 5:02:07 PM] ZoneAlarm Pro - How to add a program to the Program List After you've added the program to the Program List, you have the ability to: ● Prevent the program from connecting to the Internet or from listening as a server ● Severely limit the program's ability to access the Internet by defining specific ports through which the application absolutely must pass in order to connect to the Internet. It will not be able to connect via any other port but the ones you define. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/How_to_add_program.htm (5 of 5) [4/12/2001 5:02:07 PM] ZoneAlarm Pro - Using the Programs List Using the Programs List The Programs List is your tool for controlling the Internet connection behavior of your applications. What are they allowed to do and what are you going to prevent them from doing on the Internet? Right-click Options Allow Connect Allow Server Options Adding Ports Right-click Options When you right-click on a program in the Program List, all the following choices are available to you. For more information on these options, click here. Right-clicking on a program lets you define access rights or port restrictions for the program you clicked on, or to add or remove a program. The rights you define will be specific to either the Local Zone or the Internet Zone. You can also view the version statistics about a program by clicking on Properties for. Unless your System Administrator has preconfigured your copy of ZoneAlarm Pro, there are no programs in your Programs List. Right-click anywhere in the main area of the Programs panel to Add a new program. After adding the program, you can establish how a program will interact with the Internet. file:///C|/Documents and Settings/rwilliams/Deskt...ZoneAlarm_Pro_Help_new_TOC/Using_program_list.htm (1 of 7) [4/12/2001 5:02:55 PM] ZoneAlarm Pro - Using the Programs List Allow Connect file:///C|/Documents and Settings/rwilliams/Deskt...ZoneAlarm_Pro_Help_new_TOC/Using_program_list.htm (2 of 7) [4/12/2001 5:02:55 PM] ZoneAlarm Pro - Using the Programs List On each program line, the second column is the Allow connect column. This column allows you to resolve this issue: Will you allow the program to connect to the Internet? If you have not changed anything, two question marks appear in the column, meaning that ZoneAlarm Pro will ask your permission: Allow Server When ZoneAlarm Pro asks your permission for a program to connect, a message like this one is displayed, containing the name of the program: Programs can play the role of a server, waiting or listening for incoming connections from the Internet. This column gives you the choice to stop server behavior for each program if you think it would be wise. For more information on the allow server function, click here. The Allow server column gives you the same choices as in the Allow Connect column: ZoneAlarm Pro can request your permission each time, or you can allow or deny server behavior to each program: ● The ? means it will ask permission each time ● The checkmark means it will allow the program to act as a server file:///C|/Documents and Settings/rwilliams/Deskt...ZoneAlarm_Pro_Help_new_TOC/Using_program_list.htm (3 of 7) [4/12/2001 5:02:55 PM] ZoneAlarm Pro - Using the Programs List ● The X means it will not allow the program to act as a server Options Click on the Options button to call a dialog with two tabs: Click on the Access Permissions tab to grant connection and server rights to a program. file:///C|/Documents and Settings/rwilliams/Deskt...ZoneAlarm_Pro_Help_new_TOC/Using_program_list.htm (4 of 7) [4/12/2001 5:02:55 PM] ZoneAlarm Pro - Using the Programs List Use the radio buttons on this panel to define precise permissions for each of your programs. Use the yellow section of this panel to define, for a specific program, access permissions to computers or addresses defined in your Local Zone. Use the blue section of the panel to grant programs access permissions to computers and addresses in the Internet Zone. The yellow and blue sections allow you to define whether or not your programs can act as servers listening for connections from computers from either of those zones: yellow for the Local Zone, blue for the Internet Zone. Click on the Ports tab to limit the way a program connects to specific ports. Use the Ports tab to specify ports and protocols that an application is permitted to use. The title bar, at the top of the Ports tab, displays the program name you are defining port access for, such as Outlook Express or Netscape Navigator. The radio buttons are arranged as follows: ● Allow access to all ports and protocols - allows the program to have file:///C|/Documents and Settings/rwilliams/Deskt...ZoneAlarm_Pro_Help_new_TOC/Using_program_list.htm (5 of 7) [4/12/2001 5:02:55 PM] ZoneAlarm Pro - Using the Programs List ● ● Internet connections via all ports. Allow access for ONLY the ports checked below - limits the program's connections to the protocols and ports with checkmarks. The IGMP and ICMP checkboxes are selected by default as the protocols you will limit the program's connections to. Allow access for any port EXCEPT for those checked below - allows connections to every protocol and port that is not checked in the list below it. The IGMP and ICMP checkboxes are selected by default as the port types the program cannot use for Internet access. All protocols and ports not checked in the list are allowed. Adding Ports Clicking on the Add button displays the popup shown below, which has a number of server-specific entries, such as Web Servers and Mail Servers: When you click on a server-specific choice like Mail Servers, ZoneAlarm Pro adds the ports used by the server type and each entry is preselected. For ease of use, three ports are added for Mail Servers. You can deselect any that you may want to omit from the authorized list. All three mail server ports remain selected in the list shown below: Click on Custom to define a single TCP or UDP port, or a range of ports: file:///C|/Documents and Settings/rwilliams/Deskt...ZoneAlarm_Pro_Help_new_TOC/Using_program_list.htm (6 of 7) [4/12/2001 5:02:55 PM] ZoneAlarm Pro - Using the Programs List Clicking on Custom displays the Add a range of ports dialog: In the Description field: Type in a meaningful name for the port or range of ports you're adding. Then click on OK to add the port(s), which will be displayed in the Ports panel. The dialog above mentions that the PC has a total of 65,535 ports. When adding a port, the first thing to do is to specify whether the port, or range of ports, is TCP, UDP or both. For example, DNS uses port 53, which is a TCP port. DHCP uses port 67, which is a UDP port. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...ZoneAlarm_Pro_Help_new_TOC/Using_program_list.htm (7 of 7) [4/12/2001 5:02:55 PM] ZoneAlarm Pro - How to use the Restricted Zone How to use the Restricted Zone How to add an element to the Restricted Zone The Restricted Zone is a place for enemies. As soon as you determine that a web site, server, IP addresses or subnet is dangerous to your network: You can immediately open the Restricted Zone panel to add the dangerous element to it. Once the dangerous element is added to the Restricted Zone, no Internet traffic can take place between it and your Local Zone. Everything you add to the Restricted Zone will be isolated from your Local Zone computers. This a way to keep out hacks and intrusions from identified dangerous sites. How to add an element to the Restricted Zone Step 1 Click on the Advanced button in the Security panel, then on the Restricted Zone tab. This message at the top of the dialog gives you directions: Step 2 file:///C|/Documents and Settings/rwilliams/Deskt...eAlarm_Pro_Help_new_TOC/Using_restricted_zone.htm (1 of 4) [4/12/2001 5:04:15 PM] ZoneAlarm Pro - How to use the Restricted Zone Click on the Add button This dialog will be displayed: Step 3 In this example, we're adding a web site. So, we've clicked on Host/Site... Next, enter a description and web site address as shown below: Enter a description for display purposes, then the web site address. This should be a web site, unlike google.com, which you have doubts about. Step 4 file:///C|/Documents and Settings/rwilliams/Deskt...eAlarm_Pro_Help_new_TOC/Using_restricted_zone.htm (2 of 4) [4/12/2001 5:04:15 PM] ZoneAlarm Pro - How to use the Restricted Zone A follow-up dialog displays the IP addresses of the web site. ZoneAlarm Pro finds the IP addresses for you. Click on Finish to confirm the placement of the web site's IP addresses into your Restricted Zone. Step 5 The site you entered now shows up in the Restricted Computers area of the dialog. Notice that your description is displayed after the . Step 6 Click on the OK button. This places the web site in the Restricted Zone, meaning that no inbound or outbound Internet communications can be done with that site from your PC. file:///C|/Documents and Settings/rwilliams/Deskt...eAlarm_Pro_Help_new_TOC/Using_restricted_zone.htm (3 of 4) [4/12/2001 5:04:15 PM] ZoneAlarm Pro - How to use the Restricted Zone BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...eAlarm_Pro_Help_new_TOC/Using_restricted_zone.htm (4 of 4) [4/12/2001 5:04:15 PM] ZoneAlarm Pro - New Program Alert New Program Do you want to allow a specific program to access the Internet? What is a new program? What should I answer? How do I know what program is trying to gain access? What else should I know? For further Information What is a new program? A new program is a program that is requesting to access the Internet or local area network for the first time. In other words, you haven’t yet told this program whether it can or cannot access the Internet or local network. There are many programs that may ask for Internet access. A Web browser, such as Internet Explorer, must have Internet access for you to surf the Internet. An e-mail client must have Internet access for you to get e-mail. If you are on a local network, your e-mail client may request local network access to retrieve your e-mail. How should I answer? Follow the rules below and you'll be able to answer program alerts with confidence. The rule of expectancy: If you're using a program for the first time that requires Internet access, you should expect to receive a pop-up alert as soon as the program tries to initiate Internet access. In this case, it's probably safe to grant the program access rights. ● Example: You've just opened your Web browser to surf the Internet, and you immediately receive a pop-up alert asking if your Internet browser may file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/zap_new_program.htm (1 of 3) [4/12/2001 5:04:57 PM] ZoneAlarm Pro - New Program Alert access the Internet. The rule of logic: For some programs such as Web browsers and e-mail clients, it's only logical that they need Internet access. But for other programs, it's not always so obvious. Take your word processor, for example. There are times when it's logical for it to access the Internet, and other times when it is not: ● You're not even using your word processor and it suddenly asks for Internet access. Logic: Why would it need Internet access? Be suspicious. ● You're doing nothing more than typing a document and your word processor asks for access. Logic: Why would it need Internet access? Be suspicious. ● You've just clicked a link to the Internet within your document, or you've told your word processor to import a graphic from the Internet. Logic: It now makes sense for it to need Internet access. It's probably safe. ● You've just cut and pasted formatted text from a web page into your document, and your word processor asks for Internet access. Logic: Your word processor may be trying to get the formatting information from the Internet. It makes sense for it to need access. It's probably safe. The rule of caution: If you're not sure whether a program should have access rights, start by denying it access rights. Then, investigate the program by asking ● Is the program you've denied access to one you recognize? If not, you may want to research the program to try and identify it as legitimate or illegitimate. ● ● Is it reasonable this program needs Internet access to perform its funtions? Is the program you've denied access to still able to perform the functions you want it to without Internet access? Consider all of the above questions before deciding if your decision was right. You may change your decision at any time in the Programs panel. How do I know what program is trying to gain access? file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/zap_new_program.htm (2 of 3) [4/12/2001 5:04:57 PM] ZoneAlarm Pro - New Program Alert Sometimes you can tell what a program is by its name; other times you may not. An unfamiliar program may be an important component of a known program, and may be needed by the known program in order to function: ● "Services and controller app" is a Windows component used by Microsoft Internet Explorer(TM) to access the Internet. ● "Microsoft Windows(TM) Messaging Subsystem Spooler" is a component of Microsoft Outlook(TM), used to get e-mail. Therefore, some unfamiliar programs do need Internet access. Other unfamiliar programs, however, may be potentially harmful. If you don't recognize a program, start by reading our FAQ for a list of commonly unrecognized programs. If you can't find your answer there, try entering the program name into a search engine. What else should I know? There are a few ways you may answer a pop-up: ● Answer, "Yes," to give a program access rights just this one time. The next time the program needs to access the Internet , it will ask again. ● Answer, "No," to deny access rights just this one time. The next time the program needs to access the Internet, it will ask again. ● If you check, "Remember this answer the next time I use this program," before you click "Yes," or "No," the program will NOT ask you again. Your answer will be saved and applied each time the program tries to access the local network or the Internet. You may change your answer any time in the Programs panel for any program by clicking on the interface. A red X = deny access, a green checkmark = allow access, a black ? means ask me every time. For further information Knowledgebase Main Page Zone Labs Home Page Zone Labs Support Page BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/zap_new_program.htm (3 of 3) [4/12/2001 5:04:57 PM] ZoneAlarm Pro - Repeat Program Alert Repeat Program Do you want to allow a specific program to access the Internet? What is a repeat program? What should I answer? How do I know what program is trying to gain access? What else should I know? For further Information What is a repeat program? A repeat program is a program that has previously asked you for permission to access the Internet or the local network. When it did, you either allowed or denied the program access for that instance only. If you would like to allow or deny this program access for every future instance, check the box, "Remember this answer each time," before you click "Yes" or "No" . Some people like to make their programs ask permission every time they try to access the network. That way, for example, they will know when some other application is launching their browser. You don't have to do anything special to be asked each time. Asking is ZoneAlarm's default behavior. How should I answer? Follow the rules below and you'll be able to answer program alerts with confidence. The rule of expectancy: If you're using a program for the first time that requires Internet access, you should expect to receive a pop-up alert as soon as the program tries to initiate Internet access. In this case, it's probably safe to grant the program access rights. file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/zap_repeat_program.htm (1 of 3) [4/12/2001 5:05:31 PM] ZoneAlarm Pro - Repeat Program Alert ● Example: You've just opened your Web browser to surf the Internet, and you immediately receive a pop-up alert asking if your Internet browser may access the Internet. The rule of logic: For some programs such as Web browsers and e-mail clients, it's only logical that they need Internet access. But for other programs, it's not always so obvious. Take your word processor, for example. There are times when it's logical for it to access the Internet, and other times when it is not: ● You're not even using your word processor and it suddenly asks for Internet access. Logic: Why would it need Internet access? Be suspicious. ● You're doing nothing more than typing a document and your word processor asks for access. Logic: Why would it need Internet access? Be suspicious. ● You've just clicked a link to the Internet within your document, or you've told your word processor to import a graphic from the Internet. Logic: It now makes sense for it to need Internet access. It's probably safe. ● You've just cut and pasted formatted text from a web page into your document, and your word processor asks for Internet access. Logic: Your word processor may be trying to get the formatting information from the Internet. It makes sense for it to need access. It's probably safe. The rule of caution: If you're not sure whether a program should have access rights, start by denying it access rights. Then, investigate the program by asking ● Is the program you've denied access to one you recognize? If not, you may want to research the program to try and identify it as legitimate or illegitimate. ● ● Is it reasonable this program needs Internet access to perform its funtions? Is the program you've denied access to still able to perform the functions you want it to without Internet access? Consider all of the above questions before deciding if your decision was right. You may change your decision at any time in the Programs panel. How do I know what program is trying to gain access? file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/zap_repeat_program.htm (2 of 3) [4/12/2001 5:05:31 PM] ZoneAlarm Pro - Repeat Program Alert Sometimes you can tell what a program is by its name; other times you may not. An unfamiliar program may be an important component of a known program, and may be needed by the known program in order to function: ● "Services and controller app" is a Windows component used by Microsoft Internet Explorer(TM) to access the Internet. ● "Microsoft Windows(TM) Messaging Subsystem Spooler" is a component of Microsoft Outlook(TM), used to get e-mail. Therefore, some unfamiliar programs do need Internet access. Other unfamiliar programs, however, may be potentially harmful. If you don't recognize a program, start by reading our FAQ for a list of commonly unrecognized programs. If you can't find your answer there, try entering the program name into a search engine. What else should I know? There are a few ways you may answer a pop-up: ● Answer, "Yes," to give a program access rights just this one time. The next time the program needs to access the Internet , it will ask again. ● Answer, "No," to deny access rights just this one time. The next time the program needs to access the Internet, it will ask again. ● If you check, "Remember this answer the next time I use this program," before you click "Yes," or "No," the program will NOT ask you again. Your answer will be saved and applied each time the program tries to access the local network or the Internet. You may change your answer any time in the Programs panel for any program by clicking on the interface. A red X = deny access, a green checkmark = allow access, a black ? means ask me every time. For further information Knowledgebase Main Page Zone Labs Home Page Zone Labs Support Page BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...oneAlarm_Pro_Help_new_TOC/zap_repeat_program.htm (3 of 3) [4/12/2001 5:05:31 PM] ZoneAlarm Pro - Overview file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp.htm (2 of 2) [4/12/2001 5:06:24 PM] ZoneAlarm Pro - Troubleshooting and Tech Support Troubleshooting and Tech Support Deciphering a technical problem on your computer can be a complex task but there are a few methods of making the process easier. The first one is to carefully note specifics to what is occurring as the problem occurs. The sequence of events, the type of software and operating system in use as well as the limitations of hardware on the system all play a factor. Checking your available RAM, what software you have running as a service play in an influential role in articulating a troubleshoot. If you have too many items loading at startup, this can cause complications as well. Most desktop problems occur as a result of Operating System malfunctions. If more than one program is attempting to use the same resources, errors are likely to occur. If you experience a blue screen, make note of the error and match it against known problems reported in the software manufacturer's FAQ or KnowledgeBase. It's also a good idea to check Microsoft's web site as well as other Internet resources for known issues with particular operating systems and software. There are anomalies on the Internet which also need to be paid attention to. For suspected problems with your Internet service, bookmark the web page for system status of your ISP and routinely check for outages and disruptions in service. If you run into a technical problem using ZoneAlarm Pro, please visit our convenient ZoneAlarm Pro Support Site. BACK HOME Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp100.htm [4/12/2001 5:11:45 PM] ZoneAlarm Pro - Server Activity Server Activity A server is defined as an application requiring access to the Internet in order to perform certain functions. When an application is given server rights via ZoneAlarm Pro's Programs Panel, the application is essentially waiting or listening for connections and instructions from remote file servers or in some cases, a manual response from a host. Examples of server programs include chat programs, FTP, and e-mail software. The Programs Icon highlights Internet servers and applications listening for connections with a hand holding the program icon. The Programs panel lets you choose which programs are allowed to act as servers. ZoneAlarm Pro will deny connection, and display a popup warning when a program to which you have not given server permission tries to establish a connection. When ZoneAlarm Pro detects server activity, the firewall will block the incoming connection for any program that is already on your Programs List where a red X appears in the Allow Server column. You can configure these settings via the Advanced button. Communication applications such as ICQ or NetMeeting require server rights in order to function properly with ZoneAlarm Pro. You will need open port access to any application, including programs that need to listen and accept incoming requests to connect to the Internet. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp15.htm [4/13/2001 11:33:45 AM] ZoneAlarm Pro - Current Alerts Current Alerts The large display area on the Alerts panel is Current Alerts. This area displays the following information about current connection alerts on your machine: ● the IP address ● the port ● the protocol ● the time and date of the connection attempt ● whether the connection attempt was incoming or outgoing ● possibly, but not always, the name of the application causing the alert Getting More from More Info Similar Topics Getting More from More Info You can submit a request to the Zone Labs Alert Analyzer to get detailed information about the block by clicking on the More Info button. When you click on the More Info button, your alert statistics are submitted to the Zone Labs web site where our knowledge base will determine as accurately as possible the reason why the firewall blocked your Internet communication. Results are displayed directly on the web page in your browser. If you wish to track the IP address of a blocked incoming connection, you can use products such as whois or traceroute to attempt to find the owner of the IP address. Similar Topics Here are some similar topics if you are interested in more information: ● Alert Settings ● Sample Log Entries ● FWIN Sample: An incoming request was blocked ● FWOUT Sample: An outbound request was blocked ● PE Sample: One of your applications tried to connect BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/...larm_Pro_Help_new_TOC/ZoneAlarmProHelp20_Current.htm [4/13/2001 11:45:12 AM] ZoneAlarm Pro - Log File Panel Log File Panel When you instruct ZoneAlarm Pro to save alerts in the Alert Log, every alert you receive will be entered into a file named ZALog.txt. You can find this file in a folder called Internet Logs in your Windows install directory. Archiving Logs Archiving Logs The buttons on the left side of the Log File panel allow you to archive your Alert Log on a daily, weekly or monthly basis. By selecting one of these options, you are telling ZoneAlarm Pro to create a fresh ZALog.txt file on a daily, weekly or monthly basis. Whenever the archiving takes place, the previous file is renamed using the current date. An example of a renamed archived log file created on February 30, 2001 is ZALog2001.02.30.txt. When you archive your log file on a regular basis, you'll be able to read the file more easily and be able to find a specific alert more quickly. On the other hand, you can retain the default setting and never archive the log. file:///C|/Documents and Settings/rwilliams/Deskt...Help_new_TOC/ZoneAlarmProHelp20_LogProperties.htm (1 of 3) [4/13/2001 2:48:59 PM] ZoneAlarm Pro - Log File Panel Archive Log options: Never: This is the default setting: never archive your log file. Daily: Refresh your log file every day. Weekly: Refresh your log file every week. Monthly: Refresh your log file once a month. Separate fields options: Each entry in the log file is a series of characters. Some people prefer to have these fields separated with spaces for readability. Select your preferred separator: Tab: Fields in the log will be separated by Tabs Comma: Commas will separate log fields Semicolon: Fields in the log will be separated by semicolons. file:///C|/Documents and Settings/rwilliams/Deskt...Help_new_TOC/ZoneAlarmProHelp20_LogProperties.htm (2 of 3) [4/13/2001 2:48:59 PM] ZoneAlarm Pro - Log File Panel BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...Help_new_TOC/ZoneAlarmProHelp20_LogProperties.htm (3 of 3) [4/13/2001 2:48:59 PM] ZoneAlarm Pro - FWIN Sample Log Entry FWIN Sample Log Entry ZoneAlarm Pro blocked an incoming request FWIN,2000/03/07,14:44:58,-8:00 GMT, Src=192.168.168.116:0, Dest=192.168.168.113:0, Incoming, ICMP FWIN indicates that the firewall blocked an incoming request to connect to your computer. The entry also includes the following information: ● Date and Time ● ● ● Source IP Address and port number Destination IP Address and port number Transport-Indicates that the transport was either TCP, UDP, ICMP, or IGMP BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop...ro_Help_new_TOC/ZoneAlarmProHelp20_LogSamples_1.htm [4/13/2001 2:50:53 PM] ZoneAlarm Pro - FWOUT Sample Log Entry FWOUT Sample Log Entry FWOUT,2000/03/07,14:47:02,-8:00 GMT,QuickTime Player Application tried to access the Internet. Remote host: 192:168:1:10 ZoneAlarm Pro blocked an outbound request. FWOUT indicates that the firewall blocked an outbound request from your computer. The entry also includes the following information: ● Date and Time ● ● ● Source IP Address and port number Destination IP Address and port number Transport-Indicates that the transport was either TCP, UDP, ICMP, or IGMP BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop...ro_Help_new_TOC/ZoneAlarmProHelp20_LogSamples_2.htm [4/13/2001 2:51:36 PM] ZoneAlarm Pro - PE Sample Log Entry PE Sample Log Entry PE,2000/03/22,17:17:11 -8:00 GMT,Netscape Navigator application file,192.168.1.10 The "PE" entry informs you that an application on your computer attempted to access the Internet. The entry also includes the following information: ● Date and Time ● ● The application on your computer that attempted to access the Internet The IP Address and Port number that the application was trying to connect to. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop...ro_Help_new_TOC/ZoneAlarmProHelp20_LogSamples_3.htm [4/13/2001 2:52:21 PM] ZoneAlarm Pro - ACCESS Sample Log Entry ACCESS Sample Log Entry ACCESS,2000/09/07,16:45:57 -5:00 GMT,Microsoft Internet Explorer was not allowed to connect to the Internet (64.55.37.186).,N/A,N/A The "ACCESS" entry informs you that an application on your computer attempted to access the Internet when the Allow connect setting in the Programs List was set to X (denied) for the application named in the Alert. At the same time, the Blocked applications checkbox was not checked on the Suppressed Alerts panel. The combination of these two permissions settings caused this alert to be generated. When a checkbox on the Suppressed Alerts panel is not checked, an alert will be generated in the Alert Log for the type of connection named on the checkbox. The entry also includes the following information: ● Date and Time ● The application on your computer that attempted to access the Internet ● The IP Address that the application was trying to connect to. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop...ro_Help_new_TOC/ZoneAlarmProHelp20_LogSamples_5.htm [4/13/2001 2:53:47 PM] ZoneAlarm Pro - MS Sample Log Entry MS Sample Log Entry MS,2000/09/08,09:45:56 -5:00 GMT,Microsoft Windows(TM) Messaging Subsystem Spooler,Renamed email attachment of type .HLP to .zla,N/A The "MS" entry informs you that an e-mail containing an attachment of a file type that you have asked MailSafe to quarantine was received by your e-mail client. At the same time, the MailSafe quarantined attachments checkbox was not checked on the Supressed Alerts panel. The combination of these two settings caused this alert to be generated. When a checkbox on the Supressed Alerts panel is not checked, an alert will be generated in the Alert Log for the type of connection named on the checkbox. The entry also includes the following information: ● Date and Time ● The system that handles e-mail delivery on your system, like Microsoft Windows(TM) Messaging Subsystem Spooler in the message above ● The name of the file, including file type, that was renamed by MailSafe to a .zla filetype for quarantining purposes. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop...ro_Help_new_TOC/ZoneAlarmProHelp20_LogSamples_6.htm [4/13/2001 2:54:32 PM] ZoneAlarm Pro - Alert Settings Alert Settings The Alert settings section in the Alerts panel lets you control where ZoneAlarm Pro sends firewall alerts. The options are located at the bottom of the Alerts panel: ● Log Alerts to a text file: saves alerts to a text file in CSV format. ● Show the Alerts Popup window: either displays the Visual Alert window or turns it off altogether. Log Properties: lets you change the directory of the log file and archive the file daily, weekly or monthly. This allows you to keep the file readable and of a manageable size. ● ● ● Log Properties: establishes where on your network you want to save the log file. View Log: opens your Alert log. The log file is called ZALog.txt by default and is located in a folder called Internet Logs in the Windows install directory on your machine. The size of the log is displayed next to the location, and the log can be deleted when you feel it is appropriate so it does not get too big. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/...arm_Pro_Help_new_TOC/ZoneAlarmProHelp20_Settings.htm [4/16/2001 9:44:34 AM] ZoneAlarm Pro - Local Zone Contents tab Local Zone Contents tab This is where you populate your Local Zone with the computers and IP addresses that ZoneAlarm Pro will protect. Use this panel to add any of the following to your Local Zone: ● Web sites ● ● IP addresses or ranges of IPs Subnets General Configuration Networks Section General Configuration The Local Zone Contents tab lets you add other computers to your Local Zone. Pressing the Add button gives you the choice to add a host (or site) by name, an IP address, a range of IP addresses, or an IP subnet. When a red checkmark appears in the checkbox, this means that the element is an active member of your Local Zone. Uncheck the checkbox if you want to remove the element from active membership in your Local Zone, but retain it on your list for later. file:///C|/Documents and Settings/rwilliams/Desk...Pro_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab1.htm (1 of 3) [4/16/2001 9:45:25 AM] ZoneAlarm Pro - Local Zone Contents tab Add Options: Host/Site - Adds a computer name to your Local Zone. You'll be prompted to enter the name of the computer, and you can enter either a domain-style name (such as "ftp.zonelabs.com") or a Windows-style name (such as "FTPSERVER"). Please note that a single computer name might refer to more than one actual computer, if two or more servers cooperate to balance their loads. If this is the case, all the matching computers will be added to the Local Zone. IP Address - Adds a single IP Address that refers to a single computer to your Local Zone. IP Range - Adding an IP range adds a series of consecutive IP addresses to your Local Zone. IP Subnet - Adds a subnet to your Local Zone. This is useful in offices where the Local-Area Network is divided into multiple subnets. For example, if the Network printer is on a different subnet than your computer, the Dynamic Firewall will file:///C|/Documents and Settings/rwilliams/Desk...Pro_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab1.htm (2 of 3) [4/16/2001 9:45:25 AM] ZoneAlarm Pro - Local Zone Contents tab block access to the printer. Adding the printer's subnet to the Local Zone enables you to use the Network printer from your computer, as well as any other services, such as file-shares and computers on the printer's subnet. If you are in a corporate setting, your computer may be part of a larger corporate network. This network might be divided into smaller networks, or subnets. ZoneAlarm Pro will not recognize the subnets that your computer is not on as being part of your Local Zone. This becomes a problem if your computer is on a different subnet than certain resources such as a network printer and file-shares. The Advanced Properties of the Dynamic Firewall enable you to add such a resource to your Local Zone. Networks Section The Networks section lists all your network and dialup adapters. Checking an adapter automatically adds all the other computers in that network adapter's local subnet to the local zone. If your network is a small local area network, this automatically adds all the nearby computers to your local zone. If your computer is part of a Local Area Network, you will need to place a checkmark next to the network adapter cards under Networks. This will ensure that you have access to necessary resources of your Local Area Network. A note for Cable modem users: If you use a network adapter card connected directly to a cable modem to connect to the Internet, you will want to leave the cable subnets unchecked, to prevent your neighbors from being able to access your computer. If these default settings for the Local Zone don't meet your needs, ZoneAlarm Pro lets you add computers and networks of computers to your Local Zone. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...Pro_Help_new_TOC/ZoneAlarmProHelp50_Adv_Tab1.htm (3 of 3) [4/16/2001 9:45:25 AM] ZoneAlarm Pro - Advanced Security Properties Advanced Security Properties The tabs on this dialog can make your protection levels much more powerful. They can help you: set up protocols and ports that are allowed in on High Security or that are blocked on Medium Security, enable protection against malicious e-mail attachment file types such as VBScript and JavaScript files, and much more. If the message You are not logged in to ZoneAlarm Pro. Any changes you make will not be realized until you log in is displayed when you click on the Advanced button, you have an established ZoneAlarm Pro password but have not yet logged in. General - Enable or disable the PC as an ICS or NAT gateway or client Local Zone Contents - Add computers to your Local Zone Restricted Zone - Add computers to your Restricted Zone Local Zone Custom Settings - Customize security settings for your Local Zone Internet Zone Custom Settings - Customize security settings for your Internet Zone MailSafe - Define e-mail attachment file types you want to block and allow BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop...rm_Pro_Help_new_TOC/ZoneAlarmProHelp50_Advanced.htm [4/16/2001 9:46:45 AM] ZoneAlarm Pro - Local Zone Security Settings Local Zone Security Settings The default security level for the Local Zone is Medium. One difference between Medium and High security levels is that High security instructs the Dynamic Firewall to block access to the network and system services. The security levels you set in this panel will not conflict with, or override, access privileges you have assigned to specific programs in the Programs panel. The same is true for your Internet Lock settings. Low, Medium and High security levels are described below: Low Security: Low security only enforces application privileges and Internet Lock settings, leaving your computer visible to other computers in the Local Zone. The firewall does not block file or printer shares or traffic to and from the Local Zone. Medium Security: This is the default Local Zone setting. At this security level, the computer is visible to the Local Zone and file shares, printer shares and Windows services are allowed for computers in the Local Zone. At Medium security, the Automatic Lock is enhanced by the firewall and blocks all ports. High Security: This is the highest security level available providing strong application flexibility. At High security, the firewall blocks access from the Local Zone to Windows (NetBIOS) services and file and printer shares. When High Security is set, your computer is in Stealth Mode. This means that all ports not currently in use by a program are blocked and at the same time, they are not visible to the Local Zone. High security opens ports only when an approved program needs them. By default, no computer belongs to the Local Zone. Please see the Local Zone Contents Tab for information on how to add computers to your trusted Local Zone. file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp50_LocalZone.htm (1 of 2) [4/16/2001 9:47:46 AM] ZoneAlarm Pro - Local Zone Security Settings BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp50_LocalZone.htm (2 of 2) [4/16/2001 9:47:46 AM] ZoneAlarm Pro - The Programs Icon The Programs Icon This is the Programs icon. To display the entire panel which contains the Program List, click on the Programs button. The Programs icon gives you a bird's eye view of the most recent instance of Internet access by one of your applications. A blinking application icon means that the program is actually sending or receiving Internet data. A server application that has been listening for connections is displayed with a hand under the icon. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp60_1.htm [4/16/2001 9:48:49 AM] ZoneAlarm Pro - Setting Program Access Rights Setting Program Access Rights Programs installed on your computer have access rights to computers in two different zones. According to the security rules set up in ZoneAlarm Pro, no program is allowed to have greater access to the Internet Zone than it has to the Local Zone. Setting Access Rights Access Rights Symbols Setting Access Rights You can set access rights in three different ways from the Programs panel: ● clicking directly on the checkboxes on the Program List, shown below ● clicking on the Options button on the Programs panel then making choices in the Access Permissions panel ● selecting the Options popup menu, then clicking on the Access Permissions tab This makes it easier for you choose the easiest way for you to quickly set access rights once you are used to ZoneAlarm Pro. Access Rights Symbols A program's access rights are identified by a check mark, X or ?. You can easily change a program's access rights by going to the Program List and making a selection in the Allow connect column or by right-clicking on the program name. If you right-click, select Local Network to define Local Zone settings. Select Internet to define Internet Zone settings. file:///C|/Documents and Settings/rwilliams/Desk...eAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp60_2.htm (1 of 2) [4/16/2001 9:49:22 AM] ZoneAlarm Pro - Setting Program Access Rights A green check mark means that the program always has permission to connect without asking for your explicit permission. SECURITY RULE: When you grant a program the permission to access the Internet Zone at this level, ZoneAlarm Pro automatically allows the program to have the same access to the Local Zone. You will see this when a green check mark is automatically added to the Local Zone area. ● A red X means that the selected program is denied Internet access until you reset the permission. SECURITY RULE: When Local Zone access permission is denied using the red X, the selected program will automatically inherit the same access restrictions to the Internet Zone. You will see this when a red X is automatically placed in the Internet Zone area of the Program List. This is the result of the following security rule: the Internet Zone cannot have greater access rights than the Local Zone. ● A green ? means that the program will ask permission each time it tries to connect. The permission will be displayed on your computer screen as a popup window. In response, you decide whether or not to grant the requested permission by clicking on Yes or No. This is the default permission level assigned to all programs when they are added to the Program List. SECURITY RULE: For any given program, you cannot enter a green check mark for Internet Zone access if that program's Local Zone access is only established as green ?. Example: A web browser cannot have access to the Internet Zone if it does not have access to the Local Zone. If you place a green check mark in the Internet Zone area of the Program List for your web browser, ZoneAlarm Pro will automatically place one in the Local Zone area. Conversely, you can place a green check mark in the Local Zone area without increasing the program's access rights to the Internet Zone. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...eAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp60_2.htm (2 of 2) [4/16/2001 9:49:22 AM] ZoneAlarm Pro - Pass Lock Pass Lock Select the Pass Lock popup menu for a specific program to allow that program to connect to the Internet even though the Automatic Lock is engaged. The Pass Lock menu is located on the popup menu. This feature is very useful to allow a program like your e-mail client to check for mail when access to all zones is locked for other programs. To enable Pass Lock, right-click on any application in the Programs panel and select Pass Lock. By default, the pass lock feature is deactivated for every program on the Program List. When the lock is deactivated, there is no check mark to the left of the word Pass Lock. To turn on the feature, thus allowing the program where you right-clicked to bypass the Automatic Lock, simply select Pass Lock. After making your selection, a check mark will be displayed to the left of the Pass Lock selection. You can view this check mark to verify that the Program has pass lock turned on by going back to the popup menu. You will see a check mark to the left of Pass Lock, as shown below: file:///C|/Documents and Settings/rwilliams/Desk...eAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp60_4.htm (1 of 2) [4/16/2001 9:50:11 AM] ZoneAlarm Pro - Pass Lock You can also use this feature to allow server applications to bypass the Automatic Lock. If you have an FTP, or Web server application running on your computer, the Pass Lock button will allow you to let those applications remain connected to the Internet when the Automatic Lock activates. Note: When the Emergency STOP button is pressed, Internet access will be denied to all applications including those that have been given Pass Lock rights. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...eAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp60_4.htm (2 of 2) [4/16/2001 9:50:11 AM] ZoneAlarm Pro - Removing Programs from the Programs List Removing Programs from the Programs List To remove a program from the Program List, right-click on the program entry and select Remove from the popup menu. Removing a program from the list does not prevent ZoneAlarm Pro from monitoring the application. ZoneAlarm Pro will detect the program next time it attempts to access the Internet. You can also change a program's Internet access rights using the right-click menu. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarm_Pro_Help_new_TOC/ZoneAlarmProHelp60_5.htm [4/16/2001 9:50:51 AM] ZoneAlarm Pro - Options Options The Options menu displays a dialog with two tabs: the Access and Server Permissions tab and the Ports tab. These tab provide powerful security tools that help you to set up rules that very precisely govern the way your applications access the Internet. In ZoneAlarm Pro, you apply these rules by zone so that you have varying degrees of protection throughout your fortress. The protection available here is set for the Local Zone and the Internet Zone independently. This extraordinary degree of control lets you allow or deny the following for any application: Overall connections for each application: ● Allow the connection ● Deny the connection Don't deny it but have ZoneAlarm Pro ask permission each time ● Port and Protocol connections for each application: ● No restrictions - allow all connections to occur ● Limit connections to the list you specify Limit connections to everything that is not specified on your list ● Ability to be a listening server: file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options_1.htm (1 of 2) [4/16/2001 9:51:44 AM] ZoneAlarm Pro - Options ● ● ● Always allow the application to act as a server Never let the application act as a server Don't deny server behavior but have ZoneAlarm Pro ask permission each time You could theoretically use the Options menu to keep everyone out of your Local or Internet zone except two or three applications using ports you define using the Ports tab. Or else, instead of categorically denying access, you could instruct ZoneAlarm Pro to send a message asking your permission for each Internet connection attempted by the two or three applications whose connection properties you've set up using the Options menu. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options_1.htm (2 of 2) [4/16/2001 9:51:44 AM] ZoneAlarm Pro - Access Permissions Program Permissions The Access permissions panel is displayed when you select the Options button on the Programs panel or when you right-click on a program then select Options from the popup menu. The radio buttons on this panel allow you define precise permissions for each of your programs. Use the yellow section of this panel to define, for a specific program, access permissions to computers or addresses defined in your Local Zone. Use the blue section to grant programs access permissions to computers and addresses in the Internet Zone. In addition, the yellow and blue sections allow you to define whether or not your programs can act as servers listening for connections from computers from either of those zones: yellow for the Local Zone, blue for the Internet Zone. file:///C|/Documents and Settings/rwilliams/Desk...new_TOC/ZoneAlarmProHelp60_Options_AccessTab.htm (1 of 2) [4/16/2001 9:52:47 AM] ZoneAlarm Pro - Access Permissions Left-side buttons: Radio buttons on the left side control whether or not individual programs can actually make an Internet connection, or whether the program needs your permission each time. Right-side buttons: Radio buttons on the right side control whether or not the program can receive incoming Internet connections as a server. If your program changes frequently and it is accessing the Internet, use the Identify program by full path name only checkbox or the Changes Frequently popup menu. By selecting one of these choices for a specific program, you are instructing ZoneAlarm Pro to look only at the path name when it runs its identification at the time of Internet access. If you don't check either one for a program that you are developing, a new instance of the program will be added to the program list whenever a new version connects to the Internet. You can also click on the Changes Frequently popup to set screening by path name only by checking the box next to Identify program by full path name only. This means that ZoneAlarm Pro will not enforce other checking rules. It will not, for example, check for file size. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...new_TOC/ZoneAlarmProHelp60_Options_AccessTab.htm (2 of 2) [4/16/2001 9:52:47 AM] ZoneAlarm Pro - Ports Tab Ports Tab The Ports tab enables you to specify ports and protocols that an application is permitted to use. The title bar, at the top of the Ports tab, displays the program name you are defining port access for, such as Outlook Express or Netscape Navigator. Radio buttons on the dialog Right-hand Options Adding port access permissions Adding custom ports Radio buttons on the dialog Select Allow access to all ports and protocols to allow your program unlimited access (all ports and protocols). Select Allow access for ONLY the ports checked below to place port and protocol restrictions between each of your applications and the Internet. file:///C|/Documents and Settings/rwilliams/Desk...new_TOC/ZoneAlarmProHelp60_Options_Ports_Tab.htm (1 of 5) [4/16/2001 9:53:18 AM] ZoneAlarm Pro - Ports Tab Allow access to all ports and protocols: Allows the program to have Internet connections via all ports. Allow access for ONLY Allows the program access only via any protocol or port the ports checked that is selected with a check mark below: Limits the program's connections to the protocols and ports with checkmarks. The IGMP and ICMP checkboxes selected by default as the protocols you will limit the program's connections to. file:///C|/Documents and Settings/rwilliams/Desk...new_TOC/ZoneAlarmProHelp60_Options_Ports_Tab.htm (2 of 5) [4/16/2001 9:53:18 AM] ZoneAlarm Pro - Ports Tab Allow access for any port EXCEPT for those Allows the program access via all ports and protocols checked below: except those checked. Allows connections to every protocol and port that is not checked in the list below. The IGMP and ICMP checkboxes are selected by default as the port types denied to the program's for Internet access utilization. Right-hand Options Click on to add a port or range of ports for which permission can be included or excluded for the selected program Click on to remove any ports already defined for the application Adding port access permissions Clicking on the Add button displays the popup shown below, which has a number of server-specific entries, such as Web Servers and Mail Servers: When a server-specific choice such as Mail Servers is selected, ZoneAlarm Pro adds the most common default ports used by the server type. For example, three ports are added for Mail Servers, SMTP, POP and IMAP. Though, different mail server types have their own requirements which you can verify through your mail server documentation. You might not need IMAP for instance. Preselected entries are customizable. In the example below, all three mail server ports remain selected. You would need to know what type of protocol your mail server uses. In most cases with ISPs, it will be POP. Also, if your mail server uses IDENT, you might need to open port 113 for example. file:///C|/Documents and Settings/rwilliams/Desk...new_TOC/ZoneAlarmProHelp60_Options_Ports_Tab.htm (3 of 5) [4/16/2001 9:53:18 AM] ZoneAlarm Pro - Ports Tab Adding Custom ports Click on Custom to define a single TCP or UDP port, or a range of ports: Clicking on Custom displays the Add a range of ports dialog: As the dialog mentions, your machine has a total of 65,535 ports. When adding a file:///C|/Documents and Settings/rwilliams/Desk...new_TOC/ZoneAlarmProHelp60_Options_Ports_Tab.htm (4 of 5) [4/16/2001 9:53:18 AM] ZoneAlarm Pro - Ports Tab port, the first thing to do is to specify whether the port, or range of ports, is TCP, UDP or both. For example, DNS uses port 53, which is a TCP port. DHCP uses port 67, which is a UDP port. Description field: Type in any name for the port or range of ports you're adding. Click on OK to add the port(s), which will be displayed in the Ports panel. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...new_TOC/ZoneAlarmProHelp60_Options_Ports_Tab.htm (5 of 5) [4/16/2001 9:53:18 AM] ZoneAlarm Pro - Changes Frequently Changes Frequently For application developers whose program stats change Example of how it works For developers whose program stats change The identifying statistics about a program change each time it is compiled. These statistics include date and time of program compilation, program size, version number, and path name. ZoneAlarm Pro uses these statistics to identify a program when it accesses the Internet. If the statistics of a program don't match any other program on the Program List, a new entry will be made for the program on the Program List even if a prior version of that program is already on the list. Example of how it works Directly below you can see two instances of the ZoneAlarm Pro program on the Program List. For developers, using the Changes Frequently popup will prevent you from accumulating additional instances of the same program on the Program List. This additional instance on the Program List will be added unless you select the Changes Frequently popup or, alternatively, unless you check the Identify program checkbox, shown below. This checkbox is located at the bottom of either the Program options or the Advanced Programs options panel. The checkbox performs the same function as the Changes Frequently popup. By selecting either the popup menu or the checkbox for a specific program, you are instructing ZoneAlarm Pro to look only at the path name when it runs its identification at the time of Internet access. If you don't check either one for a program that you are developing, a new instance of the program will be added to the program list whenever a new version connects to the Internet. file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options1c.htm (1 of 2) [4/16/2001 9:53:56 AM] ZoneAlarm Pro - Changes Frequently BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...ro_Help_new_TOC/ZoneAlarmProHelp60_Options1c.htm (2 of 2) [4/16/2001 9:53:56 AM] ZoneAlarm Pro - The Change Registration button The Change Registration button Click on the Change Registration button to review or modify your ZoneAlarm Pro registration information. Provide any new information, such as a new name or e-mail address, in the Registration Information dialog, shown below. If your PC is not for business use, put your name in the company field. If you make any changes to the registration information, ZoneAlarm Pro will automatically reregister for you. ZoneAlarm Pro displays the date and time of your last registration BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/...arm_Pro_Help_new_TOC/ZoneAlarmProHelp70_Register.htm [4/16/2001 9:54:41 AM] ZoneAlarm Pro - Trojan Horses Trojan Horses & Portscanning "Why would hackers single me out of all the computers attached to the Internet?" Unfortunately, it's not usually a matter of choice when a hacker comes calling, especially if you are using a broadband connection that is "always on." One method used to identify potential hack targets is through the widespread practice of portscanning. In a nutshell, portscanning is a tool that allows for information gathering on computers attached to a network. Online vandals will regularly portscan vast blocks of IP addresses. By doing so, they are able to determine what services are currently listening for connections on a computer and what specific ports they are listening on. Thus, providing clues to form an attack strategy. How ZoneAlarm & ZoneAlarm Pro Handle Portscans ZoneAlarm & ZoneAlarm Pro handle portscans by simply dropping the packets as they hit your machine. You might see a string of alerts, letting you know there have been X attempts to access your computer and the alerts run sequentially by port number. That is a portscan in progress. ZoneAlarm/ZoneAlarm Pro will log up to 500 alerts and will not report the scans after that point. However, ZoneAlarm/ZoneAlarm Pro does continue to block the scans. The 500 alert maximum is in effect because there are over 65,000 ports on a Windows Operating System, it would not make sense to consume such a large quantity of disk space to report blocked scans so that is why ZoneAlarm/ZoneAlarm Pro stops at 500. You can break a portscan just by shutting off your Internet connection but bear in mind, most portscans are run by automated commands so there is no predicting when they could return. What Happens If I Don't Have ZoneAlarm or ZoneAlarm Pro Protecting My Computer? Once an unprotected computer is singled out as worthy of an attack, a common means to gain control of the computer is via a Trojan Horse - also known as a Remote Administration Tool (RAT). Trojan Horses are easy for even the most rudimentary of programmers to create and are therefore very common on the Internet. If installed correctly, Trojans can be highly intrusive because they 1) can cause consternation and mayhem, 2) can establish a direct mechanism for stealing data stored on the PC and 3) can serve as a launching pad for attacks directed elsewhere on the Internet. How do Trojan Horses get distributed? Trojan Horses can come from seemingly innocent sources, typically as e-mail attachments, file transfers or downloads. Since Trojans can be bundled with a legitimate file, there is no obvious tip-off of a bundled Trojan but such a file must retain an .exe or .scr extension. The objective is for the victim to unwittingly launch the file believing it to be legitimate. In this manner, a Trojan will extract in stealth and attempt to take over your machine at a later time when you least expect it. Thus, you can see why the Trojan Horse analogy is used to describe the file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/trojan.htm (1 of 2) [5/23/2001 2:13:18 PM] ZoneAlarm Pro - Trojan Horses phenomena. The best bet to avoid Trojan Horses in the first place is to not launch .exe or .scr files from an untrusted source. ZoneAlarm Pro users can configure MailSafe to catch files with these extensions coming through e-mail. There is another dimension to acquiring Trojan Horses and it involves safe surfing habits. It is possible to acquire Trojans through a browser but only if you are tricked into clicking on a self-extracting payload. Pop-up banners and similar enticements can be Trojans so be careful! Use good judgment in deciphering what is a legitimate click-through and what falls under the category of suspicious. How ZoneAlarm & ZoneAlarm Pro Recognize Trojan Horses Once installed on the target machine, a Trojan Horse can be difficult to identify because it can have cryptic a file name or even masquerade as a legitimate file name. You'll be able to recognize a cryptic application trying to access the Internet simply by examining your Programs List. ZoneAlarm & ZoneAlarm Pro will detect and prevent Trojans re-named as legitimate applications from accessing the Internet. Many of the other firewalls today, do their application verification process through name recognition. Hackers can easily exploit this weakness by creating a Trojan Horse that has the same name or properties as a legitimate application, enabling it to bypass a firewall. With ZoneAlarm and ZoneAlarm Pro, even if a hacker changes the name of an application to make it look legitimate, it will still be stopped because of an MD5 Checksum verification process. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/trojan.htm (2 of 2) [5/23/2001 2:13:18 PM] ZoneAlarm Pro - The Alerts Panel The Alerts Panel The Alerts icon is located at the top of the panel. Click on the "Alerts" button to display the entire Alerts panel. Alerts Icon Statistics Advanced More Info Alerts Icon Notice the two sets of UP/DN (Up/Down) graphs inside the Alerts icon. On your machine, whenever data is being sent to the Internet, red bars are displayed inside the two UP graphs. Whenever data is being received (downloaded), green bars are displayed inside the DN graphs. ● The two graphs in the top portion of the icon display Internet traffic as it happens. ● The two graphs in the lower portion of the icon display a chronological history of Internet traffic as it is generated on your machine. ● Whenever red or green flashing bars appear in the Alerts icon, the application receiving or sending traffic is shown as a blinking icon inside the Programs icon. Statistics file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/ZoneAlarmProHelp20.htm (1 of 3) [5/23/2001 2:14:38 PM] ZoneAlarm Pro - The Alerts Panel Use the Alerts panel to see statistics on Internet alerts since you launched ZoneAlarm Pro. At the top of the panel, Today's Summary shows the total amount of data sent and received by all applications. Advanced file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/ZoneAlarmProHelp20.htm (2 of 3) [5/23/2001 2:14:38 PM] ZoneAlarm Pro - The Alerts Panel Click on this button to: ● Stop display of your IP address when you use the More Info button ● Suppress specific alert types ● Select options about the behavior of the Alert Log. In the Alert Settings area, at the bottom of the panel, select the first checkbox to save Alerts to a text file. Click on the Advanced button, then Log File tab to set up an archiving schedule for the Log file. More Info Use this button to submit alert information to the Zone Labs Alert Analyzer. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/ZoneAlarmProHelp20.htm (3 of 3) [5/23/2001 2:14:38 PM] ZoneAlarm Pro - Web Browser Preconfiguration Preconfiguration of your Web Browser in the Installer This feature is for new users who have never run ZoneAlarm Pro before. As part of the installation process, you will be asked if you want to automatically give your default browser (and services and controller app for Windows 2000 users) Internet access. If you choose Yes What is the purpose of this feature?Two If you choose Yes If you choose Yes, your browser will have permission to access the Internet. If you choose No, you will be asked to give Internet access rights to your browser the first time you try to access the Internet. Note: If the installer cannot locate your default browser or if you've run ZoneAlarm previously, you will not see this feature. What is the purpose of this feature? By automatically giving your default browser Internet access rights in the installer, you won't have to do it yourself later. This feature, then, is for your convenience and ensures that you will have immediate Internet access after installing ZoneAlarm Pro. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/zap_default_browser.htm (1 of 2) [5/23/2001 2:17:09 PM] ZoneAlarm Pro - Web Browser Preconfiguration BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/zap_default_browser.htm (2 of 2) [5/23/2001 2:17:09 PM] ZoneAlarm Pro - MailSafe MailSafe MailSafe can be enabled or disabled on the Security Panel. MailSafe identifies potentially harmful scripts in e-mail attachments, then disables the script's ability to execute by changing the file type. MailSafe does not replace the functionality of a virus scanner. Rather, it quarantines the potentially harmful attachments and provides you the opportunity to keep the identified script program from running. MailSafe works with Internet mail clients that use POP3 and IMAP - the most common Internet e-mail protocols. Configuring MailSafe Clicking on the Configure pushbutton within the Security Panel, opens the MailSafe options tab. By default, every file type in the list is selected for quarantining. This provides maximum protection. If you specifically do not want protection against any of the file types on the list, deselect the corresponding checkbox. If the file type you are looking for is not in the selectable list shown below, you can add it yourself by clicking on the Add button. file:///C|/Documents and Settings/rwilliams/Desk...Pro_Helps_Source/ZoneAlarmProHelp50_Adv_Tab6.htm (1 of 6) [5/23/2001 2:27:34 PM] ZoneAlarm Pro - MailSafe You can select from nearly 40 file types that you want MailSafe to quarantine. ● .VBS Visual Basic script: many viruses are sent with this extension ● .EXE executable file ● .COM executable file ● .VB Visual Basic file ● .JS Java Script file ● .BAT Batch file ● .CHM Compiled HTML ● .COM MS-DOS app ● .SCR Screen Saver ● .LNK Shortcut ● and many more In the Add e-mail attachment type dialog, enter a description and, in the second field, the file:///C|/Documents and Settings/rwilliams/Desk...Pro_Helps_Source/ZoneAlarmProHelp50_Adv_Tab6.htm (2 of 6) [5/23/2001 2:27:34 PM] ZoneAlarm Pro - MailSafe file type you want ZoneAlarm Pro to quarantine. Quarantined Files ZoneAlarm Pro's MailSafe feature re-names the attachment's extension to .zl* (the * representing a number or a letter -- either 0-9 or a-z). Double-clicking the quarantined file launches a dialog box asking if you want to open or save the attachment. If you choose the "Save it to disk" option, then the file extension can be re-named and placed in a directory of your choice. If you select "Open it", a wizard will launch which provides additional options. file:///C|/Documents and Settings/rwilliams/Desk...Pro_Helps_Source/ZoneAlarmProHelp50_Adv_Tab6.htm (3 of 6) [5/23/2001 2:27:34 PM] ZoneAlarm Pro - MailSafe If you select "Run", MailSafe will prompt you for an assurance that you really want to open the file. If you have configured MailSafe to block the types of files you do not want to allow, then there would be no reason to run the file. Take heed if the file is something you genuinely want to open. As previously described, you can also select the "Save As" option. This brings up a dialog box to save the file. The default location is your Temp folder. file:///C|/Documents and Settings/rwilliams/Desk...Pro_Helps_Source/ZoneAlarmProHelp50_Adv_Tab6.htm (4 of 6) [5/23/2001 2:27:34 PM] ZoneAlarm Pro - MailSafe You can re-name the file extension to something harmless such as .txt for closer examination Alternatively, you can also select the "Inspect with Notepad" option which opens the attachment in a textual format. This option is probably best for advanced users who would like to closer examine the contents of the attachment. The safest option is to simply select "Do not run" and delete the file if you do not recognize the sender and you do not recognize the file name as something you want on your system. Useful Tips ● ● ● ● Even when running ZoneAlarm Pro with MailSafe active, it is important to use an anti-virus scanner. If you use MailSafe, then it is advised to turn off the e-mail scanner within your anti-virus software. If you are using McAfee's VShield and ZoneAlarm's deskband: 1. Exit McAfee's VShield from the system tray 2. Right click on the task bar to launch the zone alarm desk band 3. Load McAfee's Vshield from the McAfee anti-virus's options --->V shield's properties ------->clicking OK and clicking "yes " when promoted "Do you want to load V shield now?" McAfee's Vshield and ZA/ZAP should now function together. When using Web-based e-mail, such as Yahoo or Hotmail, MailSafe will not quarantine e-mail attachments that arrive via those systems. If you are testing the functionality of MailSafe, keep in mind that if mail is received from the same MS Exchange server it was sent from, MailSafe will not register the file. Thus, you cannot test MailSafe by sending yourself a .VBS or other file intended to test quarantine. For tests not on the same Exchange server, go to the Security panel, click Configure to ensure that the extensions coming through are in the list of suppressed attachments. file:///C|/Documents and Settings/rwilliams/Desk...Pro_Helps_Source/ZoneAlarmProHelp50_Adv_Tab6.htm (5 of 6) [5/23/2001 2:27:34 PM] ZoneAlarm Pro - MailSafe BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desk...Pro_Helps_Source/ZoneAlarmProHelp50_Adv_Tab6.htm (6 of 6) [5/23/2001 2:27:34 PM] ZoneAlarm Pro - Internet Components Internet Components Click through the links below to review some basics of the the Internet and how ZoneAlarm/ZoneAlarm Pro serve as protectors of individual machines. The Internet Connections TCP/IP Firewall Protection The Internet The Internet is a worldwide infrastructure that allows millions of computers, each of which is part of a smaller network, to communicate with each other. Participants on the Internet include individual users, corporations, government agencies, universities, ISPs and various online services. Data traffic between networks is managed by routers. The primary function of a router is to make sure that data traffic in the form of packets arrive at their destination. The concept of a firewall is to be a sentry, allowing authorized network traffic through while blocking unauthorized network traffic through the network. However, many threats and vulnerabilities exist on the Internet which makes having protection only on the network impractical. Since time and experience have proven that unseen threats can penetrate a network, additional protection has become a necessity at the desktop, especially for users with "always on" connections to the Internet. ZoneAlarm and ZoneAlarm Pro are desktop firewalls, ensuring a secure environment while connected to the Internet by allowing the user to dynamically control traffic in and out of the PC. Unseen threats to the desktop include viruses, worms, Trojan horses, denial of service attacks, various direct intrusion methods and many other forms of privacy invasion. ZoneAlarm and ZoneAlarm Pro are equipped with sophisticated means of reporting suspicious activity to log files as well as alert notifications. Since Internet activity is unpredictable, ZoneAlarm and ZoneAlarm Pro arm users with the ability to protect their PCs from unwanted and potentially damaging occurrences. Connections Networks can be connected by a variety of transports. The most common file:///C|/Documents and Settings/rwilliams/Deskt...armPro_Helps_Source/ZoneAlarmProHelp_Basics_1.htm (1 of 3) [5/23/2001 2:28:42 PM] ZoneAlarm Pro - Internet Components examples of Internet access include ordinary telephone lines (dial-up), broadband services such as DSL and cable modems, ISDN, T1 and T3 lines. Either a modem or leased lines are the most common methods of transport. Traditional dial-up modems provide Internet access via the public telephone network at up to 56 Kbps. ISDN modems are capable of speeds up to 10 Mbps. DSL modems transmit and receive data as digital with a capacity of 1.544 Mbps. Cable modems provide high-speed Internet access through a cable television network at more than 1 Mbps. This is approximately 20 times faster than dial-up modems. T1 lines don't require a modem and can transmit and receive data with a capacity of 1.544 Mbps. T3 lines don't require a modem and can transmit and receive data with a capacity of 45 Mbps. TCP/IP TCP/IP is the standard protocol for data traffic on the Internet. An IP address is a unique identifier for each computer or device on the Internet and any TCP/IP network. An example of an IP address would be 127.0.0.1. All data moving through the Internet is comprised of segmented packets. Routers read the IP packet headers to determine their appropriate destination for the traffic. Once the packets reach their destination, they are re-assembled and read by the receiving computer. The known and verifiable IP addresses of computers that you trust can be input into your Local Zone so that ZoneAlarm and ZoneAlarm Pro recognize them. In ZoneAlarm Pro Clicking the Add button on the Local Zone Contents panel allows you to add a single IP address or a range of IP addresses. If you are on a network, please go here for instructions on adding your subnet adapter to your local zone. Firewall Protection Many firewalls use a packet filtering method for distinguishing permissible traffic. This type of protection only examines the IP packet headers. A packet filtering firewall does not protect against attacks directed at the application layer. For instance, if a packet filtering firewall was set to allow incoming e-mail from the Internet, then an attack on the SMTP service would pass through the firewall without a problem. In other words, as long as the rule set is passed, a connection is made directly from outside the firewall to inside the firewall. file:///C|/Documents and Settings/rwilliams/Deskt...armPro_Helps_Source/ZoneAlarmProHelp_Basics_1.htm (2 of 3) [5/23/2001 2:28:42 PM] ZoneAlarm Pro - Internet Components One step up from packet filtering is the Stateful Inspection model of firewall. This type of firewall will analyze incoming packets until it has enough information (using information such as TCP sequence numbers) to determine the state of the connection. Then, if the packets pass the rules set, they're forwarded to the correct interface. Using this information, the firewall builds dynamic state tables. It uses these tables to keep track of the connections that go through the firewall, rather than allowing all packets that meet the rule set's requirements to pass, it allows only those packets which are part of a valid, established connection. Like packet filtering, a Stateful Inspection does not guard the application layer where many types attacks are focused. A core feature of ZoneAlarm and ZoneAlarm Pro is providing protection at the application layer, ensuring nefarious applications such as Trojan horses and spyware are unable to achieve their purpose of reaching the Internet from your computer. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...armPro_Helps_Source/ZoneAlarmProHelp_Basics_1.htm (3 of 3) [5/23/2001 2:28:42 PM] ZoneAlarm Pro - Configuring a VPN Connection Configuring a VPN Connection When using a VPN, the primary objective of ZoneAlarm Pro is to protect your computer and/or network from malicious activity when an IPSec, PPTP or L2TP tunnel is established from a VPN client to the VPN server. Outgoing packets are examined by ZoneAlarm Pro before encryption and incoming packets are examined by ZoneAlarm Pro after decryption. This allows the combined product to take full advantage of the capabilities of the firewall. There are many varieties of VPNs and all have unique components and configurations. In all scenarios, it is necessary to configure ZoneAlarm Pro to allow trusted traffic to pass through it. This is accomplished by populating the Local Zone. with trusted IP addresses, IP ranges, subnets and domains. Add to the local zone: VPN server IP address ● All of the LAN/WAN subnets that interact with the internal network you are connecting to. This would include your POP and SMTP servers for e-mail ● If you are using a RADIUS server, add it's IP address ● DNS servers used that are not on your internal network ● Depending on the operating system the VPN client is installed on, it may be necessary to add the local host address (NIC loopback): 127.0.0.1 ● You'll know if the loopback address needs to be added to your local zone if you receive an alert such as this: Note: Make sure there is no proxy software running on the local host if the loopback address needs to be added. file:///C|/Documents and Settings/rwilliams/Deskt...oneAlarmPro_Helps_Source/How_to_configure_VPN.htm (1 of 5) [5/23/2001 2:29:43 PM] ZoneAlarm Pro - Configuring a VPN Connection How To Populate the Local Zone ● ● ● Go to the Security Panel and select the Advanced button In the Local Contents tab, select the "Add button" Select the appropriate field (Host/Site, IP address, IP range, Subnet) Under "Description", enter a name or description for entry. This description is for display purposes only ● Enter the Host/Site, IP address, IP range or Subnet. Note: A server name can be resolved by entering the name or IP address. ZoneAlarm Pro will automatically resolve and confirm the domain as reachable before accepting the entry. Though, when adding a subnet, the subnet mask must be known. ● ● Press OK or Finish as prompted You will now see the element you've added, including the description you entered, displayed under Other Computers. Configuring Interoperability with a VPN Client ZoneAlarm Pro will recognize services and applications on the machine when they are launched or a related service is invoked. For example: file:///C|/Documents and Settings/rwilliams/Deskt...oneAlarmPro_Helps_Source/How_to_configure_VPN.htm (2 of 5) [5/23/2001 2:29:43 PM] ZoneAlarm Pro - Configuring a VPN Connection Upon the prompt, if the tick box asking to remember the program is checked, the Programs List entry will look like this: Some applications require server rights in order to listen for and receive incoming connections from the Internet. Ordinarily, the VPN Client will prompt for server rights. For example: file:///C|/Documents and Settings/rwilliams/Deskt...oneAlarmPro_Helps_Source/How_to_configure_VPN.htm (3 of 5) [5/23/2001 2:29:43 PM] ZoneAlarm Pro - Configuring a VPN Connection You can confirm server status in ZoneAlarm's Programs Panel. In a VPN environment, some network configurations require ZoneAlarm Pro to be configured with medium security settings. Medium security enforces full application control. To access security settings, go to the Security panel. file:///C|/Documents and Settings/rwilliams/Deskt...oneAlarmPro_Helps_Source/How_to_configure_VPN.htm (4 of 5) [5/23/2001 2:29:43 PM] ZoneAlarm Pro - Configuring a VPN Connection BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Deskt...oneAlarmPro_Helps_Source/How_to_configure_VPN.htm (5 of 5) [5/23/2001 2:29:43 PM] ZoneAlarm Pro - Program Alerts Program Alerts There are four types of program alerts: New, Changed, Repeat, and Server. When a program asks for permission to access the Internet or private LAN or act as a server for the first time (i.e. it is not listed in the Programs Panel), it will be labeled as "New Program." Once the program does either, it is no longer a new program. The "New Program" alert will be displayed whenever one of the applications on your computer attempts to access the Internet. The example shown below indicates that TCP/IP Ping Command, which has never accessed the Internet from the the user's machine before, is attempting to reach an IP address on the Internet. By selecting Yes on this pop-up, you are indicating that the application is allowed to contact the Internet destination indicated under Technical Information in the pop-up. At the time you receive a pop-up message like the one above, you can easily instruct ZoneAlarm not to bother sending any more messages about that particular application. Do this by selecting the "Remember this answer the next time I use this program" box, located at the bottom of the pop-up message. If you do not select the "Remember this answer the next time I use this program" file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/programalerts.htm (1 of 4) [5/23/2001 2:33:08 PM] ZoneAlarm Pro - Program Alerts box, you will receive a message like the one shown below the next time TCP/IP Ping Command tries to reach an Internet destination: If the application is already in your Programs List and has server rights, you will receive a Server Program Alert. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/programalerts.htm (2 of 4) [5/23/2001 2:33:08 PM] ZoneAlarm Pro - Program Alerts If you do not mark the "Remember this answer the next time I use this program" box, then ZoneAlarm Pro will still recognize the application and put it into your Programs List. It will not however, have access to the Internet (allow connect will not be checked). Once in your Programs List, you can either allow it access or remove it. Changed Program If a program that already has a rule listed in the programs panel tries to access the Internet or LAN and/or act as a server and any of the following events happen, the alert will be labeled "changed program." ● The The The The The The ● The certificate has changed ● ● ● ● ● MD5 or CRC checksum has changed version number of the program has changed name of the program has changed name of the executable has changed path/directory of the program has changed file size has changed For additional information on MD5 Checksum, go here. Alert Content ZoneAlarm Pro program alerts will contain the following information: file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/programalerts.htm (3 of 4) [5/23/2001 2:33:08 PM] ZoneAlarm Pro - Program Alerts ● ● ● ● ● ● the IP address the port the protocol the time and date of the connection attempt whether the connection attempt was incoming or outgoing possibly, but not always, the name of the application causing the alert More Info Button The More Info button is the way to find out additional information about the meaning of a specific Program alert pop-up you have received. The information displayed when you click on the More Info button comes from the Zone Labs knowledge base. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/programalerts.htm (4 of 4) [5/23/2001 2:33:08 PM] ZoneAlarm Pro - Easy Online Help Interactive Tour of ZoneAlarm Pro Click on graphics in the online help system for quick help and cross-referencing: Overview of ZoneAlarm Pro Default web browser BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/ZoneAlarmProHelp_Online_1.htm [5/23/2001 2:34:46 PM] ZoneAlarm Pro - Overview ZoneAlarm Pro Overview ZoneAlarm Pro provides Internet security for the individual computer it is installed on. This can include any network transport using TCP/IP. ZoneAlarm Pro fully supports the most common Internet transports available such as DSL, Cable, T1/T3, ISDN along with specialized network configurations such as ICS and NAT. ZoneAlarm Pro protects a computer from malicious or unwanted programs such as Spyware and Trojan horses, by allowing the user to control what applications are allowed access to the Internet. ZoneAlarm Pro provides users the ability to establish protection levels for several zones. The Local Zone serves to identify and recognize permissible traffic such as file-sharing and print-sharing operations within your LAN. If the Internet Zone is set to High Security, this puts your computer in stealth mode, meaning it is invisible to other computers throughout the Internet. You can customize security settings by clicking on the Advanced button in the Security Panel or apply application-specific security by right-clicking on a program name in the Programs Panel. ZoneAlarm Pro appears as a panel on your Windows desktop. You can also make use of the ZoneAlarm Pro DeskBand Toolbar. Use the Interactive Tour of ZoneAlarm Pro to get a quick overview of how ZoneAlarm Pro works. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/ZoneAlarmProHelp.htm [5/23/2001 2:39:20 PM] ZoneAlarm Pro - Press the F1 key Press F1 Key for specific help All ZoneAlarm Pro panels and dialogs are linked to a specific topic in the help system. To display help information about a panel or dialog in the product where you are currently working, press the F1 key. In response, help information will be immediately displayed in your browser. BACK HOME NEXT Copyright © 1999-2001 Zone Labs, Inc. All rights reserved. ZoneAlarm and ZoneAlarm Pro include TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, ZoneAlarm Pro, and TrueVector are registered trademarks of Zone Labs, Inc. file:///C|/Documents and Settings/rwilliams/Desktop/ZoneAlarmPro_Helps_Source/ZoneAlarmProHelpF1.htm [5/23/2001 2:41:04 PM]
Similar documents
ZoneAlarm - Table of Contents
worms, Trojan horses, denial of service attacks, various direct intrusion methods and many other forms of privacy invasion. ZoneAlarm and ZoneAlarm Pro are equipped with sophisticated means of repo...
More information