Home

User`s Manual

Contents

1. If so it s probably safe to click Yes If not continue with step 2 ZoneAlarm Pro 3 1 User s Manual Page 46 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 15 Do you recognize the name of the program in the Alert pop up and if so does it make sense for the program to need permission If so it s probably safe to click Yes If not or if you re not sure continue with step 3 16 Click the More Info button in the alert box This submits your alert information for example the name of the program and the address it was trying to reach to AlertAdvisor which then displays a Web page with information about the alert and the program Use the AlertAdvisor information to help you decide if it s safe to answer Yes Tip If you re really not sure what to do it s best to answer No You can always grant permission later by going to the Programs tab See page 98 How you can see fewer of these alerts To keep from seeing Repeat Program alerts select Remember this answer the next time I use this program before clicking Yes or No in any New or Repeat program alert This sets the permission for the program to Allow or Block in the Programs tab Server Program alert Y Server Program Do pou wart lo aloe Marraco Outlook lo accepl cornectora bora des heed petal T Technical Infoamalion Saga PI lel Pe 0165 fac DUTLOOR EXE Panor AU ANTE Moe Infomation Available Eat CEET TUS pd ra a a ed Ge err AlertAdvi
2. Congratulations ZoneAlarm Pro is ready to Show me the ZoneAlarm Pro tutorial now protect you Skip the tutorial and start ZoneAlarm Pro can always view the tutorial later trom the Overview Get a head start on using and i panel or Window s Start menu understanding oneAlarm Pro 3 0 Check outthe all new oneAlarm Pro tutorial It s fast and easy Your ZoneAlarm Pro configuration is complete You have the choice of viewing the tutorial in order to get an overview of ZoneAlarm Pro security and alerts Choose Skip the tutorial to launch ZoneAlarm Pro immediately You can open the tutorial later from the Status tab Your ZoneAlarm Pro configuration is complete ZoneAlarm Pro 3 1 User s Manual Page 37 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Using ZoneAlarm Pro Setting up Your setup may already be complete After you have installed ZoneAlarm Pro and run the Configuration Wizard ZoneAlarm Pro is ready to protect you You don t have to perform any setup tasks unless you have special networking or security needs Should change the default security settings ZoneAlarm Pro s default settings are appropriate for most Internet users To learn about the default settings and to find out if they are right for you see Choosing Security Settings page 39 Should engage the Internet Lock No You don t need to close the Internet Lock except in emergency situations For more
3. majority of the components needed by your Internet accessing programs and will remind you to raise the Program Authentication level to High 1 Component access The Component list automatically displays all components loaded by programs that have requested access permission or server permission Permission for a newly listed component is automatically set to Allow if You answered Yes to a Program Component alert or Component Loading alert Program Control is set to Medium or lower Component learning mode Permission for a new component is set to Ask if e You answered No to the Program Component alert Note There is no Block option for components Changing component permissions To change access permission for a component click in the Access column the select Allow or Ask from the shortcut menu Selecting multiple components To select a range of components from the list 5 Select a component by clicking it 6 Hold down the SHIFT key while dragging the mouse upward or downward 2 Entry detail The entry detail window displays information about the component currently selected in the list ZoneAlarm Pro 3 1 User s Manual Page 102 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Field Component name File name File type Authentication Version Created date File size Last written Last accessed Information The common name of the component for example DHCP Client API DLL
4. ooconccocccocccocnccnnocanocanenanonanonanonnrnanenanenas 59 AMUEVITUS SOMWATS us ted nd lso aliado aadelel 59 BOWS OLS ua o 60 Chau Instant MessagiNdiu ss eee A eae ia 61 E mail programs e g MS Outlook ooocccococcoccccoconcococonccnanoncoconnnonnaronnnnannnconannnnnnnns 61 A A a a A E 61 A A A EEE ent 62 GAMES AS 62 Internet call waiting Internet answering MachiNesS ooccocooccnconoccnncnonnnnnnnnnccononcnnononnononnanonoos 63 Remote control and display ccccccccccssececesececesececeseeseseceeeseeeeseessseessueeeseueteneeeesnaeesenes 64 StTeamihg AUdIO MIEO cuela lts 65 VOCE OVER IP VOIP a ade ce Sessa ipe O E GounieiS aiecten eas euSaelseseaeucale 65 Networking with ZoneAlarm PrO ooooccoccccccccccocccocccocononcnoncnnnnenanenarenarenanonnronnrnanenanenas 66 Making your computer visible on your local network ooocccconccccoccnconcnccnncncnnncnonononnnncnnnos 66 Sharing files and printers across a local network ooocccconcnccccoccnconoccnnononcnnnoncnncnnanoncononons 66 VPN Virtual Private NetWork sao ios 66 ICS Internet Connection SNAMinG snacia A aaeieteaaeceee sess 67 PrOxy SOI Oi oi 68 ISP WG AMDC AL sivas okatwuasndss seetemd onal ely descent a e cute tune lua akatih 68 Customizing your security c coocccocnccccnnocnncncnncnnconnnnonnncnnnnnnnrennncnnnnrnnnrnnanennrrnnarennnrnnnnnns 69 Firewall DYOLC cua A a a E de 70 ZoneAlarm Pro 3 1 User s Manual Page 5 of 145 Copyright
5. A persistent cookie that is placed on your computer not by the Web site you are visiting but by an advertiser or other third party These cookies are commonly used to deliver information about your Internet activity to that third party Back Trojan horse A malicious program that masquerades as something useful or harmless such as a screen saver Some Trojan horses operate by setting themselves up as servers on your computer listening for connections from the outside If a hacker succeeds in contacting the program he can effectively take control of your computer This is why it s important to only give server permission to programs you know and trust Other Trojan horses attempt to contact a remote address automatically Back TrueVector security engine The primary component of ZoneAlarm Pro security It is the TrueVector engine that examines Internet traffic and enforces security rules Back Trusted Zone The Trusted Zone contains computers you trust want to share resources with For example if you have three home PCs that are linked together in an Ethernet network you can put each individual computer or the entire network adapter subnet in the ZoneAlarm Pro Trusted Zone The Trusted Zone s default medium security settings enable you to safely share files printers and other resources over the home network Hackers are confined to the Internet Zone where high security settings keep you safe Back U no entries
6. Use the Ports tab to specify the ports the selected program can use For example you can limit an e mail client to SMTP POP and or IMAP protocols This provides an extra layer of security against program tampering Caution Use this tab to restrict a program s port access only you are very familiar with the needs of the program Misconfiguring port permissions could cause your program to stop working properly 1 Port and protocol options Choose from the following options e Allow access to all ports and protocols The program is able to access the Internet through all ports and use any necessary protocols When not in use by a permitted program the ports are protected by ZoneAlarm Pro s firewall e Allow access for ONLY the ports checked below Select this option to limit the program s access to a few ports and protocols e Allow access for any port EXCEPT for those checked below ZoneAlarm Pro 3 1 User s Manual Page 108 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Select this option to exclude only a few ports from program access Tip If you choose either of the last two options use the Add button to add ports to the list 2 Adding removing custom ports These controls are enabled only when Allow access to all ports and protocols is not selected Use the Add and Remove buttons to modify the contents of the list Important By adding to the list you may be specifying ports the program can acces
7. Outbound Protection and E mail protection areas to 0 These counters are also reset if uninstall and reinstall ZoneAlarm Pro 4 Update and tutorial information Click ZoneAlarm Pro Tutorial to learn the basics of how ZoneAlarm Pro works Update box The update box helps you make sure you re running the latest version of ZoneAlarm Pro and gives you quick access to product updates when they arrive ZoneAlarm Pro 3 1 User s Manual Page 81 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Message Meaning Check for Click the link to see if there are any important updates to ZoneAlarm update Pro available for download An update Your automatic update subscription indicates an update to ZoneAlarm IS Pro is available Click the link to go to the Zone Labs Web site to obtain available the update Update metes dl Your automatic update subscription has expired Click the link to renew Dae it Click to renew Note When you purchase ZoneAlarm Pro you receive an automatic update subscription valid for one year Product Info tab Overview Version information ZoneAlarm Pro version 30 062 True ector secunty engine version 3 0 062 Draven version 20 062 Gateway enforcement amp enabled Licensino information License number 6bol heaS wk4tb ug Er tdhc Bela icense expires in 59 days Support and Update Information Tral Beta license does not include an update service For technical su
8. Scroll to the bottom of the high security list 2 Click the port type desired incoming UDP outgoing UDP incoming TCP or outgoing TCP A text box labeled Ports appears at the bottom of the dialog box 3 Type the ports or port ranges you want to allow in the Ports text box separated by commas Example 139 200 300 4 Click Apply or OK 2 Medium security settings for the Internet Zone These are the port and protocol restrictions applied to the Internet Zone when Medium security is selected in the Main tab of the Firewall panel Default configuration The default settings for medium security allow inbound and outbound traffic through all ports except of incoming NetBIOS traffic ports 135 137 139 445 The NetBIOS protocol enables file and printer sharing on local networks It is blocked at medium security for the Internet Zone because if exposed to the Internet it is vulnerable to common intrusion attempts Blocking Additional Ports You can block additional ports at medium security either by selecting one of the preconfigured protocols shown ICMP IGMP and so forth or by specifying ports To specify ports follow these steps 1 Scroll to the bottom of the medium security list ZoneAlarm Pro 3 1 User s Manual Page 90 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 2 Click the port type desired incoming UDP outgoing UDP incoming TCP or outgoing TCP A text box labeled Ports appears at t
9. Show cord high rated alerts Evert Loca On Evert logging is enabled Of Program Logging f High Log all program alerts C Medium Off Custom 4 Casonas Use this tab to choose e What types of informational alerts ZoneAlarm Pro will display all high rated only or none e What types of informational alerts ZoneAlarm Pro will log e What types of program alerts ZoneAlarm Pro will log Note Program alerts are always displayed because they ask you to decide whether to grant program access or not For more information about informational alerts and program alerts see Responding to alerts page 41 1 Alert events shown This control determines what types of informational alerts ZoneAlarm Pro will display The default Medium setting displays only high rated alerts The High setting displays all firewall alerts both medium rated and high rated ZoneAlarm Pro 3 1 User s Manual Page 111 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 2 Alert Events Logged This control turns the logging of informational alerts informational alerts on and off 3 Program Logging This control determines what types of program alerts are to be recorded in the ZoneAlarm Pro log The default Medium setting logs only high rated alerts The high setting logs all program alerts Click the Custom button to customize program alert logging in the Program Logs tab If you have customized Program L
10. The fully qualified name of the component for example C WINNT system32 dnsapi dll The type of component for example Dynamic Link Library The method used to authenticate the component Windows Protected System Files are automatically authenticated by ZoneAlarm Pro The version number of the component The date the component was created The size of the component file The last time this file was modified on your machine The last time this file was accessed by a program on your machine 3 Reset to default Click this button to set the access permission for all components to Ask 4 More Info Click the More Info button to learn more about program components from Zone Labs AlertAdvisor ZoneAlarm Pro 3 1 User s Manual Page 103 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Auto lock tab Lock Mode to Use When Enabled Lock after i J T minutes of inactivity f Lock when screencever activates When Lock Engages f Allow pass lock programes to access the Internet O Block al Intenet access Use these controls to determine e How the Automatic Internet Lock will engage e Whether the lock will block all traffic or allow pass lock traffic Tip Settings in this tab go into effect only when the Automatic Internet Lock is turned on in the Program Control panel Main tab For more information on the Internet Lock see Using the Internet Lock and Stop button page 57 1 Lo
11. Ws cent PH Tet m doubbeclich net ICL pea Ae graphics dir times Entry Detail 3 sie Name mdoubdecick net Motde cocie Alora TEHON EocikdE Elock ae ote ones Pinri Use the Site List tab of the Privacy panel to customize cookie control and mobile code control settings for specific Web sites The list displays sites you have visited in your current ZoneAlarm Pro session and sites for which you have previously customized settings If you do not customize settings for a site you ve visited it is dropped from the list when you shut down your computer or shut down ZoneAlarm Pro 1 Site Edited A pencil icon in the Edited column indicates that you have customized privacy settings for that site and the site will remain in your list If there is no icon in the column the site is one you have visited in your current session and will disappear from the list when your session ends 2 Mobile Code and Cookie Control The site list shows two types of Web sites e Sites that have delivered cookies to your computer during your current Internet session e Sites for which you have already edited custom cookie or mobile code settings By default the list is sorted by site name You can re sort it by setting by clicking any of the column headers The arrow next to the header tells you whether the sort is in ascending or descending order Privacy symbols Symbol Meaning ZoneAlarm Pro 3 1 User s Manual Page 123 of 145 Copyrigh
12. ZoneAlarm Pro 3 1 User s Manual Page 143 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 V Virtual Private Network VPN A network that is constructed by using public wires to connect nodes When using VPN over the Internet encryption and other security mechanisms are used to ensure that only authorized users can access the network and the data Back W web bug An image file often 1x1 pixel designed to monitor visits to the page or HTML e mail containing it Web bugs are used to find out what advertisements and Web pages you have viewed Back XYZ no entries ZoneAlarm Pro 3 1 User s Manual Page 144 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 ZoneAlarm Pro 3 1 User s Manual Page 145 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15
13. cooooccccoconnnncono 30 Configuration Wizard 3 Review Cookie Control Settings cccoooccococonnonconononononennononons 31 Configuration Wizard 4 Review Ad Blocking Defaults oooocccccooccncococnnnoconconcnnannnononons 32 Configuration Wizard 5 Create a password oococcccocccnccnccnncnnncnncnnncononnnncnnononnnnnnnrnnconanennnnanens 33 Configuration Wizard 6 Configure for ICS ooocccccoccccccnnccnnononcnnnnnonnnconanonnonnnnnononnnnnonanencnnanens 34 Configuration Wizard 7 Preconfigure BroWS8T ooocccccccccnccconcnnccnnconconononcononnnonnnnoncnnanenennonens 35 Configuration Wizard 8 Secure Programs sics asirini a Aa S 36 Configuration Wizard 9 Congratulati0nS coooonncncoconcncccocnnnccononcnnonnnnononcnnnnnnnoncnnanenononens 37 4 Using ZoneAlarm Pro 00cocconconconcocconconcnncnnennenconnnnnnnos 38 SENNO Uni 38 Should change the default security settings occcccooncnncccnccncononcnnononcnnnoncnnconarenonnonons 38 Should engage the Internet LOCK oooocccccoccccccccccnccnccnnononcnncnnanoncnnnncnnononcnnnnrnnnonanennnnanens 38 How do know ZoneAlarm Pro is working ooccccconnncccconcnconoccncononennononcnnnnnnonoonanennonancnnnnnos 38 What do ales Mea liada 38 How do I set up for my NEWARK dd 38 How do customize My security ooccccccnnnncccccnncocononoconcnnnonanonnnnannnnonnnnnonnnnnnnannnnnnannannnnns 39 Choosing Security Settings iii eek 39 Security ANC
14. 2 Click Advanced 3 Under Internet Connection Sharing select This computer is a client of an ICS gateway running ZA Pro 4 In the combination box select or type the IP address of the gateway machine 5 Select Forward alerts from gateway to this computer if you want alerts occurring on the gateway machine to be displayed on this client Proxy server To enable your computer to connect to the Internet through a proxy server add the proxy to your Trusted Zone See Zones tab page 87 ISP heartbeat Most ISPs periodically send heartbeat messages to their connected dial up customers to make sure they are still there If it appears a customer is not there the ISP might disconnect her so that her IP address can be given to someone else By default ZoneAlarm Pro blocks the protocols most commonly used for these heartbeat messages which may cause you to be disconnected from the Internet If this happens you can solve the problem in any of the three ways described below ZoneAlarm Pro 3 1 User s Manual Page 68 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Identify the server sending the message and add it to your Trusted Zone This is the preferred solution because it will work whether your ISP uses NetBlOS or ICMP to check your connection and it allows you to maintain high security for the Internet Zone To identify the server your ISP uses to check your connection follow these steps 1 Wait until your
15. 7 Preconfigure Browser ZUNE Secure Programs PRECONFIGURE BROWSER Do you want ZoneAlarm Pro to AND COMPONENTS preconfigure access permission The programs and Windows components listed below need internet access for you to be able to do things like sum the Web and collect e mail ZoneAlarm Pro can setthem Up now for sate Internet access O Advanced Let me customize access and saving vou time and effort later server permissions for a broader range of programs and components now e Yes No Alert me later when my browser and these components need Internet access E Default Web browser IE PLOAE EXE gt Note A Windows Web component Generic qa i Host Process svchost exe Returning users yon ve already set COMMISSIONS for any of thost programa this setting will overwrite those permissions P Windows Web component Services and Controller App services exe This part of the Wizard enables you to secure your browser and the system components it uses so that they can safely access the Internet Choices e Yes This is the default setting Choose this to have ZoneAlarm Pro record the MD5 digital signature of your default browser and the system components it uses and give them Internet access permission This way you won t be bothered by a Program Alert later the first time you open your browser to access the Internet e No Choose this if you want to wait until the browser req
16. Address Resolution Protocol requests except broadcast requests for the address of the target machine Also blocks all incoming ARP replies except those in response to outgoing ARP requests Allows the use of VPN protocols ESP AH GRE even when high security is applied When this control is not selected these protocols are allowed only at medium security Allows the use of uncommon protocols When this control is not selected these protocols are allowed only at medium security 4 Network Settings Automatic network detection helps you configure your Trusted Zone easily so that traditional local network activities such as file and printer sharing aren t interrupted You can have ZoneAlarm Pro silently include or exclude every detected network in the Trusted Zone or ask you in each case whether the newly detected network should be added Note ZoneAlarm Pro detects only networks that you are physically connected to Routed or virtual network connects are not detected ZoneAlarm Pro 3 1 User s Manual Page 95 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Program Control panel Main tab Program Control Program Control Med Prograens mA ask hos riena access ard pave mhis 7 Component control i in leairing mode Antoni l DE E T i Oi C On Automate Intemet lock is disabled of Uh No 3 Program Wizard Acvancad Use this panel to choose a program control level and to
17. Default Use the Security tab in the Advanced Settings dialog box to establish global network and security settings ZoneAlarm Pro 3 1 User s Manual Page 93 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 1 Gateway security Some companies require their employees to use ZoneAlarm Pro when connecting to the Internet through their corporate gateway When this control is selected ZoneAlarm Pro checks for any compatible gateways and confirms that it is installed so that gateways requiring ZoneAlarm Pro will grant Internet access You can leave this control selected even if you are not connecting through a gateway it will not affect your Internet functions If you are on a network that uses gateway enforcement and this control is not selected you will not be able to access the network 2 Internet Connection Sharing If you are using Internet Connection Sharing use these controls to configure ZoneAlarm Pro to recognize the ICS gateway and clients Use the radio buttons to Indicate whether your computer is an ICS client or an ICS gateway ZoneAlarm Pro automatically detects the IP address of the ICS gateway and displays it in the Address box This box is labeled Local Address if you are the gateway and Gateway Address if you are the client Note For ICS clients running ZoneAlarm Pro to work properly the ICS gateway must run ZoneAlarm Pro as well Alert forwarding You can determine whether the al
18. ISP disconnects you 2 Goto the Alert Log tab Alerts amp Logs panel 3 In the alerts list find the alert that corresponds to the time you were disconnected If you re not able to identify the server this way contact your ISP They should be able to tell you what servers your need to allow After you have identified the server add it to the Trusted Zone Allow ping messages through the Internet Zone If your ISP uses ICMP echo or ping messages for connectivity checks use the Internet Zone tab Custom Securities dialog box to configure ZoneAlarm Pro to allow ping messages from the Internet Zone To do this 1 Goto the Main tab in the Firewall Panel 2 In the Internet Zone section click Custom 3 Select check box labeled Allow incoming ping ICMP echo 4 Click OK Set the security level for the Internet Zone to medium The quickest but least secure solution is to reduce the security level for the Internet Zone to medium Customizing your security If you re not the set it and forget it type ZoneAlarm Pro enables you to manage the details of your Internet security ZoneAlarm Pro 3 1 User s Manual Page 69 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Firewall protection Block or unblock ports ZoneAlarm Pro s preconfigured security levels Low Medium and High specify the ports that are open or closed to each Zone Customize security levels by blocking or unblocking specific ports
19. Mobile code control ls disabled Allows senpls embedded objects mane f Off objects Use this tab to select general settings for cookie control ad blocking and mobile code control 1 Cookie Control Use the slider to select a global setting for cookie control ZoneAlarm Pro provides two preconfigured cookie control settings High and Medium The default Medium setting provides an optimal balance of security and convenience for most situations Click Custom to open the Cookies tab where you can customize cookie control settings Settings e High blocks persistent cookies and third party cookies but allows the use of session cookies e Medium blocks third party cookies but allows the use of session cookies and persistent cookies e Off Allows the use of all types of cookies Note If you have customized your cookie control settings the slider control is disabled To abandon your customized settings and return to preconfigured settings click the Default button ZoneAlarm Pro 3 1 User s Manual Page 121 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 2 Ad Blocking Use the slider to select a global setting for ad blocking ZoneAlarm Pro provides two preconfigured settings High and Medium The default Medium setting provides an optimal balance of security and convenience for most situations If Medium ad blocking is selected use the spin box to set a time limit for banner and skyscraper ad
20. Winnt Internet Logs for Windows NT Windows 2000 Use the Browse button to designate the location for the current log and archived log files You can also change the name of the log file Use the View Log button to open the current log file Use the Delete Log button to delete the current log file This will not delete the archived log files Tip To view archived log files use Windows Explorer to browse to the directory your logs are stored in 3 Log Archive Appearance Use these controls to determine the field separator for your log files Select Tab to separate fields with a tab character Select Comma to separate log fields with a comma Select Semicolon to separate log fields with a semicolon 4 Buttons Click Reset to Default to return log control settings to Zone Labs defaults Click Cancel to close the dialog box without saving any changes you have made Click Apply to save your changes but leave the dialog box open Click OK to save your changes and close the dialog box ZoneAlarm Pro 3 1 User s Manual Page 120 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Privacy Panel Main tab Privacy Cookie Control High Medium Blocks cookies from backing sites T Med Allows cookies for personalized services Off Achertisements Medium Miah Block ads that do not load in 3 seconds Med Blocks all popup under and animated ads Off Mobile Code Control On m On
21. Zone 3 Set the security level for the Internet Zone to medium Tip To find the server IP address contact the vendor s technical support ZoneAlarm Pro 3 1 User s Manual Page 63 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Use the Zones tab to place servers in the Trusted Zone Remote control and display PCAnywhere and Timbuktu If your computer is either the host or the client of a remote access system such as PCAnywhere or Timbuktu 1 Add the IP address es of the hosts or clients to which you connect to your Trusted Zone 2 Add the subnet of the network you are accessing remotely to your Trusted Zone 3 Ifa dynamic IP address is assigned to the remote machine add the DHCP server address or range of addresses to the Trusted Zone Use the Zones tab to place subnets in the Trusted Zone Note If your remote control client or host is on a network not under your control for example on a business or university LAN perimeter firewalls or other features of the network may prevent you from connecting If you still have problems connecting after following the instructions above contact your network administrator for assistance VNC In order for VNC and ZoneAlarm Pro to work together follow the steps below 1 On the server machine do one of the following If you Know the IP address or subnet of the viewer client you will be using for remote access and it will always be the same add that IP or
22. Zone Labs Inc 2002 1 0003 0301 2002 08 15 Program Logs tab Program Logs Check the program event types for which pon want to generate log entries Program Logs Changed programs Repeat programs Server programs Mew program components Changed program components 2 3 Check All Clear All Reset ta Default Use the Program Logs tab to choose which types of Program alerts to record in the ZoneAlarm Pro log Note By default ZoneAlarm Pro logs all program alerts Alerts that are not recorded in the log cannot be reviewed later 1 Program Logs list Select the types of Program alerts you want recorded in the ZoneAlarm Pro log Deselect the types of Program alerts you do not want recorded in the log 2 Check all clear all Click Check All to have ZoneAlarm Pro display all types of Program alerts Click Clear All to have ZoneAlarm Pro hide all types of Program alerts 3 Reset to default Click Check All to have ZoneAlarm Pro display all types of Program alerts Click Clear All to have ZoneAlarm Pro hide all types of Program alerts ZoneAlarm Pro 3 1 User s Manual Page 115 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Alert Events tab In the event hat bathe is Blocked an alert can be generated and logged From the list of events below check the events for which you wth to generate alerts amd log enines Alert Log Events Blocked NWetBiOS broadcasts Blocked outgoing NetBIOS name
23. a large number of alerts if you raised the Program Authentication level to high soon after installing ZoneAlarm Pro With authentication set to High ZoneAlarm Pro cannot automatically secure the large number of DLLs and other components commonly used by browsers and other programs ZoneAlarm Pro 3 1 User s Manual Page 52 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 To greatly reduce the number of alerts lower the authentication level to medium for the first few days after installing ZoneAlarm Pro If you re not sure what to do or if you decide to answer No investigate the component to determine if it is safe See Investigating changed programs and components page 56 MailSafe alert y ZoneAlarm Pro Alert Mallsafe Renard eal re of ype bal bo 40 Froya Miori Duio Ima 113202 120046 PM E Dot do De dhog un ce MailSafe alerts let you Know that ZoneAlarm Pro has quarantined a potentially dangerous attachment to an incoming e mail message By clicking Yes you re not letting anything into your computer Why these alerts occur MailSafe alerts occur when you open an e mail that has an attachment whose filename extension is on the list of extensions to be quarantined in the MailSafe panel The alert informs you that ZoneAlarm Pro has changed the extension to prevent the attachment from being opened without warning About e mail borne viruses and worms E mail messages are the most common way Interne
24. cookies Use this control to allow or block third party cookies third party cookie A persistent cookie that is placed on your computer not by the Web site you are visiting but by an advertiser or other Vthird party These cookies are commonly used to deliver information about your Internet activity to that third party 4 Cookie expiration The sites that use persistent cookies may set those cookies to remain active for a few days several months or indefinitely While a cookie is active the site or third party that created it can use the cookie to retrieve information After the cookie expires it can no longer be accessed If you choose to allow persistent cookies you can override their expiration dates and specify how long they will remain active before expiring e Immediately after receipt allows persistent cookies to operate during the session in which they were received only The cookie expires as soon as you leave the site e After X days allows persistent cookies to remain active for the number of days you specify You can choose any number from 1 to 999 The default setting is 1 5 Privacy Advisor Control Use these controls to enable or disable the Privacy Advisor and to control when it will be displayed Select Always to display the bubble whenever ZoneAlarm Pro blocks cookies or mobile code Select Only when a Web site to display the bubble only when ZoneAlarm Pro blocks a cookie or mobile code ZoneA
25. determine what network it is If you are connected to the Internet through a standard modem and dial up connection a Digital Subscriber Line DSL or a cable modem it is likely that ZoneAlarm Pro has detected your ISP s network To secure your Internet connection click OK in the New Network alert pop up ZoneAlarm Pro 3 1 User s Manual Page 42 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Caution If you click Cancel you will ZoneAlarm Pro will block your Internet connection Do not add your ISP network to your Trusted Zone About wireless networks Use caution if ZoneAlarm Pro detects a wireless network It is possible for your wireless network adapter to pick up a network other than your own Be sure that the IP address displayed in the New Network alert is your network s IP address before you add it to the Trusted Zone How you can see fewer of these alerts It is unusual to receive a lot of New Network alerts New Program alerts 1 ZoneAlarm Pro Alert y Hew Program Cho podi ari lo aboa eed E p lo poega ha niemei Technical Information Distri iP 127 00 1 Po 197177 Pepicabor EXPLORE EE Ben 5 00 LA Ce More Infomation Available Dict de thee pegs Beth aho ba ciuda Leg liken reed AlertAdvisor More into r Fersnba hi ame the re ira l use this pega New Program alerts are central to your Internet security They ensure that no program on your computer can use your Internet connectio
26. from accessing computers in the Internet Zone Trusted Zone Ask whether the program should have access permission show Repeat Program alert Back act as a server A program acts as a server when it listens for connection requests from other computers Several common types of applications such as chat programs e mail clients and Internet Call Waiting programs may need to act as servers to operate properly However some hacker programs act as servers to listen for instructions from their creators ZoneAlarm Pro prevents programs on your computer from acting as servers unless you grant server permission Back ActiveX control ZoneAlarm Pro 3 1 User s Manual Page 131 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Based on Microsoft s ActiveX technology these controls are mostly used to embed interactive elements buttons checkboxes etc in Web pages Because they have full access to the Windows operating system malicious ActiveX controls can be dangerous Back ad blocking A ZoneAlarm Pro feature that enables you to block banner pop up and other types of advertisements Back AlertAdvisor Zone Labs AlertAdvisor is an online utility that enables you to instantly analyze the possible causes of an alert and helps you decide whether to respond Yes or No to a Program alert To use AlertAdvisor click the More Info button in an alert pop up ZoneAlarm Pro sends information about your alert to Aler
27. in the Internet Zone tab and the Trusted Zone tab Use the Security tab to customize general firewall options See Internet Zone tab page 89 Trusted Zone tab page 91 and Security tab page 93 Program control Allow or block new programs ZoneAlarm Pro asks your permission each time a new program wants access or server rights To avoid seeing these alerts you can automatically allow or block new programs using the Access Permissions tab See Access Permissions tab page 105 Specify the ports a program can use By default programs given access permission or server permission can use any port Tighten program security by specifying the types of servers each program can access and the ports it can and cannot use in the Ports tab See Ports tab page 108 Customize authentication for a program For each program you can specify whether ZoneAlarm Pro will authenticate the base executable only or the executable and the components it loads If a program is frequently updated you can avoid repeated alerts by using file path authentication only Choose these options in the Security tab of the Program Options dialog box See Security tab page 110 Alerts and logs Show or hide informational alerts for specific firewall events By default ZoneAlarm Pro displays informational alerts for firewall events only if they are likely to have resulted from hacker activity You can customize alert display by enabling or suppressing alerts for spe
28. information see Using the Internet Lock and Stop button page 57 How do know ZoneAlarm Pro is working The ZA icon in the lower right corner of your screen tells you ZoneAlarm Pro is protecting you The icon becomes a red and green traffic indicator whenever network traffic leaves or enters your computer What do alerts mean If you see alerts don t panic Alerts help you configure your Program Control settings and let you know that ZoneAlarm Pro is protecting you To find out about the different types of alerts and to learn how to respond to them see Responding to Alerts page 41 How do set up for my network If VANI rA an A hama Ar hi IoiInnce lanal nahaimrls ANAMA Nlatararlina with TanaAlarm ZoneAlarm Pro 3 1 User s Manual Page 38 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Pro page 66 How do customize my security If you are an expert computer user and you want to take control of the details of your Internet security see Customizing your Security page 69 Choosing Security Settings Security and convenience In choosing Internet security settings your goal is to ensure the highest possible security with the least loss of Internet convenience Our security professionals have chosen ZoneAlarm Pro s default security settings with this double goal in mind They protect your computer from harm and safeguard your information while keeping your Internet experience convenient E
29. one of the preconfigured protocols ICMP IGMP and so forth or by specifying a port number To specify a port number follow these steps 1 Scroll to the bottom of the medium security list ZoneAlarm Pro 3 1 User s Manual Page 92 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 2 Click the port type desired incoming UDP outgoing UDP incoming TCP or outgoing TCP A text box labeled Ports appears at the bottom of the dialog box 3 Type the ports or port ranges you want to block in the Ports text box separated by commas Example 139 200 300 4 Click Apply or OK Security tab Security Gateway Securty ANA 1 M Automatically check the gateway for security enforcement Internet Connection Sharing f This computer is not on an ICS NAT network This computer is a client of an ICS NAT gateway running Zonedlarm Pro This computer is an ICS NAT gateway Address Forward alerts from gateway to this computer P Suppress alerts locally if forwarded to clients General settings _ 3 Block all fragments M Allow YPN protocols at high security 0 Block local servers Allow uncommon protocols at high Security Block Internet servers Enable ARP protection Network settings Include networks in the Trusted Zone upon detection Exclude networks from the Trusted Zone upon detection Ask which Zone to place new networks in upon detection Reset To
30. or executable Web page content Some examples include Java applets ActiveX controls and Javascript Properly used mobile code makes Web pages more interactive and dynamic But malicious mobile code can copy files wipe out a hard disk steal passwords or command servers When you open a Web page that contains mobile code Se ZoneAlarm Pro blocks the code and _ displays the Privacy Advisor highlighted at left at the bottom of your screen The Advisor tells you that ZoneAlarm Pro has blocked a page element and gives you access to controls to unblock it for the current Web site if you want to For more information about the Privacy Advisor see below Note Mobile code control is turned OFF by default To turn it on go to the Overview tab of the Privacy panel Tip You can choose to block some types of mobile code and allow others See Mobile Code tab page 128 Privacy Advisor ZoneAlarm Pro 3 1 User s Manual Page 18 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 HA Privacy settings have affected this website Click here to view your settings Privacy settings have blocked elements on this page The Privacy Advisor appears whenever ZoneAlarm Pro blocks cookies or mobile code from the Web site you are visiting If want to allow the page elements that ZoneAlarm Pro has blocked click the Advisor pop up The ZoneAlarm Pro Control Center opens to the Privacy panel where you can chang
31. permission for the Trusted Zone or Internet Zone Choose Always deny to have ZoneAlarm Pro deny server rights silently Choose Always allow to have ZoneAlarm Pro allow server rights silently Choose Always ask to have ZoneAlarm Pro show a Server Program alert when a new program asks for server rights Alerts amp Functionality tab Use this dialog to set alert and secunty behavior for all programs Global program properties Show alert when Internet access is denied 1 Deny access i permission e set lo ask andthe Tmevector 2 service running But Zone dlarm Pro is not Require admin strative privileges to allow a program temporary 3 Internet access The Alerts 4 Functionality tab provides access to advanced options for program control These settings apply to all programs ZoneAlarm Pro 3 1 User s Manual Page 106 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 1 Show alert when access is denied If ZoneAlarm Pro is set to deny Internet access to a particular program for example XProgram exe in the example at left but you want to be notified with an alert when it attempts to gain access anyway select this option If you prefer to have ZoneAlarm Pro deny access silently deselect this option 2 Deny access if permission is set to ask In rare cases an independent process such as a Trojan horse could shut down the ZoneAlarm Pro user interface but leave the TrueVector ser
32. product available AOneAlarm Pro comes pre configured with default settings to give you maximum security and privacy with minimal distraction YOu can always change these settings later ZoneAlarm F o v Option M Review default settings now Youll be running soon The security experts at Zone Labs choose default security settings that are appropriate for most users Choose the Review default settings now check box to review default settings for e Firewall Alerts e Cookie Control e Ad Blocking If you want to accept the default settings without review just click Next The next three screens will be skipped Note You can always change the default settings later by using the ZoneAlarm Pro Control Center ZoneAlarm Pro 3 1 User s Manual Page 29 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Configuration Wizard 2 Review Firewall Alert Settings Optional Configuration Wizard E xj ZNE Review Default Settings peee FIREWALL ALERTS What kind of blocked traffic do you want to be alerted to By default ZoneAlarm Pro only Alet me whenever ZoneAlarm Pro blocks alerts you to blocked inbound traffic trafic when itis likely hacker activity not traffic thatis uninvited but probably harmless Alert me only when blocked traffic is probably hacker activity Don talern me atall protect my computer silently Note This setting does NOT affect the level of y
33. the properties of the component click the description then choose Properties from the shortcut menu To view the Windows directory that the component is located in click the description then choose Open containing folder from the shortcut menu Follow these steps to investigate the component 1 Go to the Microsoft support site http support microsoft com and search the knowledgebase using the file name and description of the component as search terms 2 Contact the technical support staff of the manufacturer of the program that loaded the changed component They may be able to tell you why the component changed 3 Perform an Internet search using the file name of the component as a search term We suggest using the Google search engine Using the Internet Lock and Stop button The Stop button enables you to instantly shut the doors to your computer if you think you are under attack while the Internet Lock offers extra protection when you leave your computer unattended for a time The lock can be activated manually or automatically ZoneAlarm Pro 3 1 User s Manual Page 57 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 What s the difference between Stop and Lock The Stop button stops ALL traffic to and from your computer no exceptions The Internet Lock stops all traffic to and from your computer EXCEPT traffic initiated by programs to which you have given pass lock permission These programs c
34. 002 1 0003 0301 2002 08 15 e Select the Alerts box to have ZoneAlarm Pro display an alert box when that type of event occurs e Select the Log box to have ZoneAlarm Pro record the event in the log 2 Check All Clear All Click Check All to log and display alerts for all of the event types listed Click Clear All to suppress logging and alert display for all of the event types listed 3 Reset to Defaults Click Reset to Default to restore settings in the Alert Events tab to their Zone Labs defaults System Tray Alert tab stem Tray Alert When pou suppress secunty event alerts you still have the option of beng notified of secunty events through the silent flashing system tray icon alert shown here _ Enable system bay icon alert System Tray Icons Zone Alarm Pro sysber tray soon mdicabes your Zone lam application is running Traffic metes indicates that data Es incoming oF outgoing hom your machine System Tray loon alet When enabled blinks in Moni of the svshem tray ale whenever a secunty ever takes place OK cancel J Apply Use the System Tray Alert tab to enable or disable the display of an alert icon in the system tray in the lower right corner of your Windows desktop 1 System Tray Alert When you choose to hide some or all informational alerts ZoneAlarm Pro can still keep you aware of those alerts by showing a small alert icon in the system tra
35. 08 15 Chat Instant Messaging Chat and instant messaging programs for example AOL Instant Messenger and ICQ may require server permission in order to operate properly You can grant server permission by e Answering Yes to the Server Program alert caused by the program or e Using the Programs tab For more information see Server Program alert page 47 and Programs tab page 98 Caution We strongly recommend that you set your chat software to refuse file transfers without prompting first File transfer within chat programs is a means to distribute malware such as worms viruses and Trojan horses Refer to your chat software vendor s help files to learn how to configure your program for maximize security Tip For best security we suggest that mIRC users disable the IDENT function in the mIRC interface E mail programs e g MS Outlook In order for your e mail program for example Microsoft Outlook to send and receive mail it must have access permission for the Zone the mail server is in In addition some e mail client software may have more than one component requiring server permission For example MS Outlook requires both the base application OUTLOOK EXE and the Messaging Subsystem Spooler MAPISP32 exe to have server permission While you can give your e mail program access to the Internet Zone and leave the mail server there it s safer to place the mail server in the Trusted Zone and limit the program s access to
36. 1 2002 08 15 Firewall panel Main tab Firewall F Main s internet Zone Security _ q z High Stealth mode Your computer is High hidden and protected from hackers i Sharing ls not alowed This Med setting if recommended Tor the Low Custom Trusted Zone Security 3 Mediumi Sharing mode Computers can see your computer and share is resources This seting if Ip Mei recommended forthe Trusted Jone 3 Blocked Zone Ho communication te adorwed trough this ae Blocked 7one Sc My Eons Use this tab to choose the basic level of security ZoneAlarm Pro will apply to traffic from computers you know and trust the Trusted Zone and computers you don t know the Internet Zone To learn about Zones see What is a Zone page 13 1 Internet Zone Security Use the slider to set the security level for the Internet Zone The recommended security level for the Internet Zone is High Click the Custom button to open the Internet Zone tab where you can block or unblock specific ports See also Internet Zone tab page 89 About Internet Zone security levels e High security puts your computer in stealth mode Windows NetBIOS services and file and printer shares are blocked Ports are opened only when a program to which you have given permission needs them e Medium security takes your computer out of stealth mode making it visible to o
37. CONVENIENCIA ni agate phates 39 ZoneAlarm Pro default Settings cooooccnccconnococonnnnoconcnnnonannconannnnnnonrnnonnannnconannnnnnnnnnnss 39 RESDONGING to Mer iii santa iia 41 New Ne WolGale sacra e de 42 New Program ales ii os 43 Ire wal les ita 44 Other ales cani 46 Repeal Programalar a A 46 Server Program aleli ta A A usiin 47 ZoneAlarm Pro 3 1 User s Manual Page 4 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Changed Program aia o eae Aceh 48 Program Componenta lec 49 Component Loading aletas aaa a 51 MalSale leonesas 53 Memet Lock AES ario doi 54 Blocked Progra O S caia 55 Investigating changed programs and Components ccocccocccncccnoconaconanonnnnnncnanenanenas 56 Investigating Changed prOYTaMS oocccconcncconcnccnccnnoncnnoncnnnoncnnnnncnnnnnrnnnnnnnnnnrnrnnnnnrnnrnrrnnrnrnnaninnos 56 Investigating Changed components cccooccconccccncnccononcconnnccnonocononnonnnncnnnnnnnnnnnnnannnnnnnnenanininas 57 Using the Internet Lock and Stop DuUttON coonccccnconcciocnccncconcnconnnccnnnonnnnnnanenannnnars 57 What s the difference between Stop and LOCK cccooccccoccccccccncccccncconnncconcnconnnononononononos 58 Turina the lock OF and OM 25 co scent aseuc veeh la io ch sad 58 How do I know the Lock IS ON ooccccoccnncoconcnncccononcoconnocononcnnononnnnonnnnnononrnnnnnnnnnnnnannnnanos 58 Using the Automatic Internet Lock 59 Using your programs with ZoneAlarm PFO
38. Moblle CG ode conto ii 18 Pivac V NGVISOF O 18 PRIMACY DOK OO Ol Alcea ct tence caches as 19 AlenS amp EGOS ne eS ra oe ern ec cr nee ee ere ee nner eer nee o ee 19 Controlling the display orales id di 19 L gg Secr CV EIS rss cea mes 20 Email proteccion a 20 3 Installing ZoneAlarm Pro 0 coccoccccccncnonnoccccncnnonncnanons 22 System REgUIreEMENIS a 22 Easy INStallalloO Nas 22 ZoneAlarm Pro 3 1 User s Manual Page 3 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Installation screen 1 Choose an install location oocococococccccccccccococonananananannnnnnnoo 23 Installation Screen 2 Personal Information oocccccconcnncoccnncononcnnnnoncnncnnnnonnnnanenononnnnnnnanonnos 24 Installation Screen 3 Upgrade or clean install ooonncccnonccnnonoccnncnnnccnononennononnnnnonanonoos 25 Installation Screen 4 License Agreement occcoonccncccccnococoncnnconononcnnannnnoconnnnonnannnonannnnnnnnnaness 26 Installation screen 5 User SUIVEY cccccecccsescecseseecesececeueeeeeseecsaeeesaceessaseessuesensuetsneeessnes 27 Installation screen 6 Try or buy dialOg occcooccccoccncccncncnnoconnncncnnnnnonncnnnnncnnnnncncnnnnennncnnnos 28 Configuration Wizard oussitaias siii 28 Configuration Wizard 1 Welcome oocccooccncccocnnccnocnnconnoncnnoncnnnonncnnonnnnonnnnoncnnnnnrnncnnanennnnanens 29 Configuration Wizard 2 Review Firewall Alert Settings Optional
39. S 3 4 Entry Detail Zone Name Mew Network 2 Ardd gt gt Remove Ione internet IP Addressf 172160 00055 255 0 0 The Zones tab contains the traffic sources computers networks or sites you have added to the Trusted Zone or Blocked Zone It also contains any networks that ZoneAlarm Pro has detected Use this tab to e Move a detected network to a different Zone e Move a computer host or site to a different Zone ZoneAlarm Pro 3 1 User s Manual Page 87 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 e Manually add a computer host site or subnet to the Trusted Zone or Blocked Zone Tip If you are using a single non networked PC you don t need to use this tab The traffic source list displays only your ISP s network which should be in the Internet Zone 1 Traffic source list The list displays the traffic sources and the Zones they belong to You can sort the list by any field by clicking the column header The arrow next to the header name indicates the sort order Click the same header again to reverse the sort order Traffic source list fields Field Information Name The name you assigned to this computer site or network IP Adare SIS ita The IP address or host name of the traffic source Sine The type of traffic source this is Network Host IP Site or UE Subnet The Zone the traffic source is assigned to Internet Trusted or Zone Blocked Changing the Zone of a traffic so
40. System Microsoft Windows 98 ME NT 2000 XP Memory 32 megabytes RAM 64 megabytes recommended Disk space 10 megabytes Easy installation ZoneAlarm Pro is easy to set up and install Follow these four simple steps 1 Download the installer from the Zone Labs Web site www zonelabs com 2 Close all programs 3 Launch the installer by double clicking the installer icon shown at left Lb e apsetup exe 4 Follow the instructions in the installation screens described below ZoneAlarm Pro 3 1 User s Manual Page 22 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Installation screen 1 Choose an install location You ve made the right choice in ZoneAlarm PROSO C Program FilesiZone Labs Zone lsim Brow se The BEST Click Browse if you want to change the location in which ZoneAlarm Pro will be stored Otherwise click Next to go to the next screen ZoneAlarm Pro 3 1 User s Manual Page 23 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Installation Screen 2 Personal Information 2 User Information X Zone Labs Please type pour name Support mer Pleaze Woe pour company or organization name optical Pp Extensive Online your company self help Please type pour email address nameticompany com Responsive yourmallyourdomain cam Email Tech Support In order to download updates or get notified about one Labs news or pro
41. Zone Labs Inc 2002 1 0003 0301 2002 08 15 PEOdTAMCON TO e lo od ca 70 Alens andado 70 Privacy protec ado leds boven Undeneaie eee audeeets 11 Emal Protect ia eii 71 Reading the ZoneAlarm Pro log occocccccconccocococcnoccnoncnnnconnnonanonanenarenaronaronnrnnnrnanenas 71 VIEWING NELO ta dd 11 Log MASA O 72 EVENTOS add de 73 IGMP Message Ty DCS uste to 73 WG PAG Se ainctseb cece Soactatatat a atau eat ued Aancuuatad a A Uaccetddan 74 Sample og entie S a a ee Selene 75 5 Interface GUIA usina tools 78 The ZoneAlarm Pro daShboard cccccceceeeeeeeseeeeeneneeeeeeneseeneeeeeeenseeeneeeeeseenesennenees 78 Inbound Outbound trafic Indicators A di 78 Stop button Emergency Panic LOCK ococccconcccccocccnconononononcnncnnnconcnnoncnnononcnnnnnaronconanennnnanos 78 ING OW ORK S artis 78 A A A A 79 ACUSE Drog GINS ie tao 79 MESS TEM S AG O a oa coa 79 OVer view Panel zassone a donadas 80 LUIS ta Dene aduaramndan A a a data scasusat nc E 80 Proquet Intotabis cds 82 Pretelenco saberes 84 WV ANN AUN Y PPP RRE O eines a eis vee eae eh gcse a eee mee eee 86 VICI CID kein tice ca aiataien ce oui daatemtadean cin An 86 LINES ANS AA 87 Mermet ZOMG TAD iaa nao iii dad 89 GUSTS Zone taba eri teenth pio iii dildo idolo abi 91 SECUN a Dti cid 93 Program Control Dane seccssetseceseces ces eczce snes iencsceneceeccacescessespeaeaseeseneciccssscenedenaivesede sede 96 Man Mi 0 SORRENTO sute neste oes toiea emai sa coal a ouaraea tel t
42. ZoneAlarm E R 0 User s Manual 2002 Zone Labs Inc All Rights Reserved TrueVector ZoneAlarm Zone Labs the Zone Labs logo and Zone Labs Integrity are either registered trademarks or trademarks of Zone Labs Inc Cooperative Enforcement and Policy Lifecycle Management are service marks of Zone Labs Inc All other trademarks are the property of their respective owners Zone Labs Inc 1060 Howard Street San Francisco CA 94103 USA ZoneAlarm Pro 3 1 User s Manual Page 2 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Abo tthis document ari esas 9 1 INTFOQUCHON smesiosinn ar das 10 Welcome to ZoneAlarm Pro 3 1 coooocconnccccccnccconancncanennronanconaronnnrnnarenanrennrrnanrnaarenannnanos 10 How this guide is OAMI ii ada 10 2 How ZoneAlarm Pro protects you ccseeeeeees 12 Firewall protec NoN urnar 12 WAG Se IIreWallsonssiaa ia iaa 12 A A eae odes 12 MAIS et POCO a a 13 How does TEM ds 13 Wans A ZOMG nl ais li di ld Lo id 13 How does the firewall use Zones and security levels oo oooocccccconccccooccnconononnononnnnonnanonnos 14 PrOgFam CONGO laca ilo bid 15 Why do need program Control ocoooncnnccconncoconnnccconcnnnncanoncnnonnnnonononnnnannnnonannnnonnnnaness 15 Program authenticator a a e a a ii 15 Pog o AO E SS COM coa 16 Privacy Protec Nasa a ccnswuadetnacdarsseudtawndiunereueraetdecavecsawancaanens 16 COOKIC CONTO ist a a a a A A A 16 omo OG o minieren PR aa 17
43. adio buttons to turn MailSafe on or off e If On is selected the attachment types configured in the Attachments panel will be quarantined e f Off is selected no attachments will be quarantined Attachments tab Email Protection Extension Application EXE Batch File BAT Compiled HTML Help File CHM Control Panel Extension CPL Clear An The Attachments tab lists the types of e mail attachments that ZoneAlarm Pro s MailSafe feature will quarantine Each attachment type is specified by its filename extension for example EXE for applications Use this tab to e Quarantine or allow an attachment type ZoneAlarm Pro 3 1 User s Manual Page 129 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 e Add attachment types to the list e Remove attachment types from the list Note ZoneAlarm Pro comes preconfigured with 37 attachment types that can carry worms or other harmful code By default ZoneAlarm Pro quarantines all of these attachment types 1 Extension Quarantine The Extension list displays the attachment types that can be quarantined You can sort the list by either field by clicking the column header The arrow next to the header name indicates the sort order Click the same header again to reverse the sort order To turn the quarantine function on or off for a specific attachment type click the Quarantine column then choose Quarantine or Allow from the shor
44. am Do pos mani lo low Iibera Explorer lo access the E Techa laimma Destination F 1270 01 Pot BS dsppica ore EFLORE E E Vieron 500 520 0000 Mora Iesdormation Avadabie This program has poscanly accessed the intenet f AlertAdvisor eme F Harari Del Sarde Sead Patel Lo ete ha Ja Feat E If you respond Yes or No to a program alert without checking Remember this answer the next time use this program you ll see a Repeat Program alert the next time the program asks for access permission Why these alerts occur Repeat Program alerts occur when a program on your computer tries to initiate a connection with a computer in the Internet Zone or Trusted Zone and that program has asked for permission before There are many programs and program components that require access permission as part of their normal function Browsers and e mail client applications for example must connect to remote servers to retrieve Web pages and send or receive e mail Most of the time you will see program alerts when you re actually using a program For example if you ve just installed ZoneAlarm Pro and you immediately open Microsoft Outlook and try to send an e mail message you ll get a program alert asking if you want Outlook to have Internet access What you should do Click Yes or No in the alert pop up after following these steps 14 Did you just launch a program or process that would reasonably require permission
45. an continue to communicate normally even when the lock is engaged For a definition of pass lock permission see the Glossary page 131 In the Programs tab a lock icon indicates Program Control that the program has pass lock permission 7 27 Click the icon to remove permission a Lae Turning the lock on and off There are two ways to manually activate or deactivate the Internet Lock and Stop functions Click the Stop button or the Lock icon on the dashboard La Engage Internet Lock Stop all Internet activity a Select from the pop up system tray menu In addition the Internet Lock can be activated automatically How do I know the Lock is on If the Stop button has been clicked you ll see a red lock icon in the system tray You may also begin to see a lot of alerts ZoneAlarm Pro 3 1 User s Manual Page 58 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 If the Internet Lock has been clicked you ll see FF a a yellow lock icon ch E ei 4 39 PM To turn either function off just click the icon again Using the Automatic Internet Lock The Automatic Internet Lock protects your computer if you leave it connected to the Internet for long periods even when you re not actively using network or Internet resources When enabled the automatic lock engages e When your screensaver engages or e After a specified number of minutes of network inactivi
46. bs Inc 2002 1 0003 0301 2002 08 15 Programs tab Program Control Access Privacy i om Acie Programs Trusted infernal Trusted ibama Generic Host Procese Tor Wink sen J J 7 4 internet Explorer J 2 J i F _ LSA Executable and Server DLL Enp f Y f Fi On 8 A Services anal Controller app J wf a Entry Detail Fi Fr di rama MerozcaR Vana A 2000 Opara Sytem Fie name CAMNNTystem XL Sass EXE ae ee et 0011965 160 r A 6 Options Cralsd date 721 2000 11 05 07 Fie siza a2 KB Use this tab to 1 Grant or deny access permission and server permission to your programs 2 Add programs to the list and establish their permissions 3 Review your settings Program permission symbols J A green check means the program is allowed access server rights x A red X means the program is denied access server rights P A blue question mark means ZoneAlarm Pro will display a Program alert when the program asks for access server rights Tip You can sort the programs in the list by any field Click on the field header to sort The arrow icon indicates the sort order 1 Program name and status As you use your computer ZoneAlarm Pro detects every program that requests network access and adds it to this list It also records the answer you gave to the Program alert for that program A green bullet in the Active column means the program listed is currently accessing network resources The program
47. ccess and or server permission The easiest way to grant access is to answer Yes to the program alert caused by the game program However Many games run in exclusive full screen mode which will prevent you from seeing the alert Use any of the methods below to solve this problem e Set the game to run in a window This will allow you to see the alert if the game is running at a resolution lower than that of your desktop If the alert appears but you respond to it because your mouse is locked to the game press the Windows logo key on your keyboard After granting the game program Internet access reset the game to run full screen e Use software rendering mode By changing your rendering mode to Software Rendering you can allow Windows to display the ZoneAlarm Alert on top of your game screen After allowing the game Internet access you can change back to your preferred rendering device e Use Alt Tab ZoneAlarm Pro 3 1 User s Manual Page 62 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Press Alt Tab to toggle back into Windows This leaves the game running but allows you to respond to the alert Once you have allowed Internet access press Alt Tab again to restore your game Note This may cause some applications to crash especially if you are using Glide or OpenGL however the problem should be corrected the next time you run the game Sometimes you can use Alt Enter in the place of Alt Tab Use the Program
48. ce ate ae 144 PP A one sees TS 144 ZoneAlarm Pro 3 1 User s Manual Page 8 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 About this document Document Document Release Comments Number Date 1 0003 0301 2002 08 15 02 Document release for ZoneAlarm Pro 08 15 version 3 1 ZoneAlarm Pro 3 1 User s Manual Page 9 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Introduction Welcome to ZoneAlarm Pro 3 1 Thank you for choosing ZoneAlarm Pro ZoneAlarm Pro is the award winning personal firewall that blocks known and unknown Internet threats such as hackers data thieves spyware and e mail borne worms ZoneAlarm Pro 3 1 provides new privacy protections too including ad blocking and cookie control With ZoneAlarm Pro whenever you re connected you re protected With the new and enhanced features in ZoneAlarm Pro 3 1 you get Comprehensive security with the most popular personal firewall p us advanced privacy features A barricade against known plus unknown Internet threats including hackers data thieves spyware and email borne worms that goes beyond other Internet security solutions Program Control to prevent unauthorized inbound p us outbound connections stopping rogue applications from transferring your valuable data to a hacker Robust security that protects you right out of the box plus the ability to customize security controls to match your specific requirements a
49. ch as a sound file or image file that is embedded in a Web page Back F no entries G gateway In networking a combination of hardware and software that links two different types of networks For example if you are on a home or business Local Area Network LAN a gateway enables the computers on your network to communicate with the Internet Back gateway enforcement U AU VO U UIGAIUJUU U VV O I O anu O U Ure U gateway device to make sure that ZoneAlarm Pro is installed on all machines ZoneAlarm Pro 3 1 User s Manual Page 134 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 gateway device to make sure that ZoneAlarm Pro is installed on all machines accessing the Internet through it Back high rated alert An alert that is likely to have been caused by hacker activity High rated Firewall alerts display a red band at the top of the alert pop up In the Log Viewer you can see if an alert was high rated by looking in the Rating column Back HTTP referrer header field An optional field in the message that opens a Web page containing information about the referring document Properly used this field helps webmasters administer their sites Improperly used it can divulge your IP address your workstation name login name or even in a poorly implemented e commerce site your credit card number By selecting Remove Private Header information in the Cookies tab you prevent this header f
50. cific events in the Alert Events tab See Alert Events tab page 116 Enable or suppress logging for firewall events You can also enable or suppress log entries for specific firewall events also in the Alert Events tab ZoneAlarm Pro 3 1 User s Manual Page 70 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Enable or suppress logging for program events By default ZoneAlarm Pro creates a log entry when any type of Program alert occurs You can customize Program alert logging by suppressing log entries for specific Program alert types such as New Program alerts Repeat Program alerts or Server Program alerts in the Program Logs tab See Program Logs tab page 115 Privacy protection Block or allow cookie types The default cookie control setting blocks only third party cookies You can also choose to block session and or persistent cookies set an expiration time limit for persistent cookies and do other customization by using the Cookies tab See Cookies tab page 125 Block or allow ad types The default ad blocking setting blocks pop up ads and slow loading ads You can choose to block all ads change the time limit for banner and skyscraper ads to load or choose what to display in place of blocked ads by using the Ad blocking tab See Ad Blocking tab page 127 Block or allow mobile code types By default mobile code protection is turned off You can block scripts embedded objects and or MIME type inte
51. ck mode to use when enabled You can set the automatic lock to engage either e After a period of Internet inactivity or e When your computer s screen saver activates Use the radio buttons to select a lock mode If you choose the inactivity option select the number of minutes of inactivity after which the lock will activate 2 When Lock engages When the Internet Lock is engaged it can either block all traffic or continue to allow pass lock traffic ZoneAlarm Pro 3 1 User s Manual Page 104 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Allow the pass lock programs to access the Internet is like the Internet Lock in the control bar When the automatic lock engages all traffic will be blocked except traffic authorized by programs you have specifically given permission to bypass the lock Block all Internet access is like the STOP button in the control bar When the automatic lock engages all traffic to and from your computer will be blocked To find out how to give pass lock permission to a program Programs tab page 98 Access Permissions tab Use this dialog to set the default behavior for all programs added to ZoneAlarm Pro in the future Connection Attempts When a program attempts to connect to the Trusted Zone Internet Zone C Always allow access C Always allow access Always deny access C Always deny access Always ask for permission Always ask for permission Server Attempt
52. column displays the program name and associated icon Tip For more information about a program click the program name then look in the Entry Details box at the bottom of the screen ZoneAlarm Pro 3 1 User s Manual Page 98 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 2 amp 3 Access permission Server permission Use these fields to establish access permission and server permission for a program Left click menu To change a permission setting click the symbol then select from the shortcut menu Right click menu Right click anywhere in the program s row to select from a variety of other options See the table below for a description of each option Option Explanation If this option is selected ZoneAlarm Pro will use only file path information only to authenticate the program Changes The MD5 signature will not be checked Frequently Caution This is a low security setting Opens the Program Options dialog box in which you Options can customize port permissions and security options for the program Opens your operating system s properties dialog box Kopeni for the program Remove Deletes the program from the list Opens an explorer window so you can browse to a program on your computer that you want to add to the list Add program Note Built in rules ensure a consistent security policy for each program Programs with access to the Internet Zone also have access to the Trusted Zone an
53. d OFF by default to let you take advantage of that interactivity a y Quarantines 37 common types of e mail e mail F On attachments like executable files exe and MS Protection Co DOS applications com that can contain worms or A viruses Tip If you are an expert computer user and you want to take control of the details of your security see Customizing your security page 69 Responding to Alerts When you start using ZoneAlarm Pro you may see several types of alerts Don t worry Alerts don t necessarily mean you are under attack and they can help you configure your security ZoneAlarm Pro alerts fall into two categories e Informational alerts let you know that ZoneAlarm Pro has protected you by blocking a communication that didn t fit your security rules By clicking OK you re not allowing anything into your computer you re just saying yes l ve seen the alert e Query alerts ask you if you want to allow something to happen offering you a Yes or No choice The alerts you re likely to see most often are these e New Network alerts These are informational However They also give you the opportunity to add a new network to your Trusted Zone e Firewall alerts These are informational e New Program alerts These are query alerts They ask you whether to allow a program Internet access or server access This chapter tells you how to respond to these common alerts and other alerts you may also see when using Z
54. d programs with server permission in a Zone also have access permission for that Zone This is why for example selecting Allow under Trusted Zone Server automatically sets all of the program s other permissions to Allow 4 Privacy On indicates that privacy protection is enabled for the program Off indicates that privacy protection is disabled ZoneAlarm Pro 3 1 User s Manual Page 99 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 To enable privacy protection for specific program click in this column then choose Privacy On from the shortcut menu To disable privacy protection for a program click in this column then choose Privacy Off from the shortcut menu 5 Pass lock A key in this field indicates that the program has pass lock privilege To give pass lock privilege to a program click the lock column then choose Pass Lock from the shortcut menu To revoke pass lock privilege click the lock icon then choose Normal from the shortcut menu Tip If you grant pass lock permission to a program and that program uses other applications to perform its functions for example services exe be sure to give those other programs pass lock permission as well 6 Entry detail box The entry detail box displays information about the program currently selected in the programs list Field Information ta The common name of the program for example Internet Explorer e The fully qualified name of the execu
55. d wilh a dale stamp at the location you speci n Log Archive Frequency IY Archive log text iles every fi days Log Archive Location Log alerts toc C WINNT mermet Logs ZALog tut Browse Curent log size 278 bytes Log Archive Appearance Logs wil be formatted in Zone Labs classic format Separate fommat fields witir f Tab C Comma C Semicolon 4 Reset to Default a Use the Log Control tab to determine when where and how ZoneAlarm Pro will save and archive log files To access this tab click the Advanced button in the Main tab of Alerts amp Logs 1 Log Archive Frequency To turn log archiving on and to determine how often logs will be archived follow these steps 1 To turn log archiving on select the Archive check box 2 Use the spin box to select the log archive frequency To turn archiving off clear the check box 2 Log Archive Location ZoneAlarm Pro logs events to a text file named ZAlog txt ZoneAlarm Pro 3 1 User s Manual Page 119 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 At regular intervals the contents of ZAlog txt are archived to a date stamped file for example ZALog2002 02 04 txt for February 4 2002 This prevents ZAlog txt from becoming unmanageably large The ZAlog txt file and all archived log files are stored in the same directory The default locations are C Windows Internet Logs for Windows 95 Windows98 Windows ME and Windows XP and C
56. d you that the attachment is potentially dangerous How you can see fewer of these alerts It is extremely unusual to receive a large number of MailSafe alerts unless you regularly receive e mail with executable files attached If you frequently receive executable attachments from trusted correspondents have those correspondents compress the attachments into zip files before sending Internet Lock alerts ZoneAlarm Pro Alert Internet Lock Purr Esq all do paret do Hee niei U2 7 000 1 but rss dened acces by he nieme Look Pic arr internet E pkai Tam LS 24 246 PH Vit oF Fati _ mM l DFii L Conf ahos ha dag agan Cie ho xi O A Internet Lock alerts let you know that ZoneAlarm Pro has blocked incoming or outgoing traffic because the Internet Lock or the Emergency Lock is engaged By clicking Yes you re not opening the lock you re just acknowledging that you ve seen the alert Why these alerts occur These alerts occur only when the Internet Lock is engaged To learn more about the Internet Lock see Using the Internet Lock and Stop button page 57 What you should do Click OK to close the alert pop up ZoneAlarm Pro 3 1 User s Manual Page 54 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 If the Internet Lock has been engaged automatically or accidentally open it to prevent further alerts Tip You may want to give certain programs for example your browser per
57. duct updates please fill in a valid email address and choose trom these options if want to register Zone larm Pro so can download updates Committed Customer Service Inform me about important updates and news All your information i kept confidential one Labs does not sell Www zomelabs com trade or exchange malling lists with any organization Back Cancel Use this screen to personalize your copy of ZoneAlarm Pro Type your name company and e mail address in the boxes provided e To register the product so that you can receive updates select the want to register checkbox e To have Zone Labs notify of important security news select the Inform me checkbox Click Next when you are finished ZoneAlarm Pro 3 1 User s Manual Page 24 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Installation Screen 3 Upgrade or clean install Zone Labs Uperade or clean install Support UR pgrade Extensive Preserves previous settings Choose only if pou trust your Online previous security settings or have spent a lot of time customizing Self help your settings Responsive Clean Install recommended Email lech l Support Erases your previous settings and restores security to safe default settings Makes for the most trouble free installation Committed Customer Service Upgrade f Clean Install recommended Wan FoOmelabs com Back Cancel If you had previ
58. e Transport Indicates that the transport was either TCP UDP ICMP or IGMP Sample 2 FWOUT FWOUT 2000 03 07 14 47 02 8 00 GMT QuickTime Player Application tried to access the Internet Remote host 192 168 1 10 ZoneAlarm Pro blocked an outbound request FWOUT indicates that the firewall blocked an outbound request from your computer The entry also includes the following information e Date and Time e Source IP Address and port number e Destination IP Address and port number e Transport Indicates that the transport was either TCP UDP ICMP or IGMP Sample 3 PE PE 2000 03 22 17 17 11 8 00 GMT Netscape Navigator application file 192 168 1 10 The PE entry informs you that an application on your computer attempted to access the Internet The entry also includes the following information e Date and Time e The application on your computer that attempted to access the Internet ZoneAlarm Pro 3 1 User s Manual Page 75 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 e he IP Address and Port number that the application was trying to connect to Sample 4 LOCK LOCK 2000 09 07 16 43 30 7 00 GMT Yahoo Messenger 207 181 192 252 N A The LOCK entry informs you that an application on your computer attempted to access the Internet while the Internet Lock was engaged The entry also includes the following information e Date and Time e The application on your computer that attempted to access the Interne
59. e general privacy settings or settings for site you are visiting If you don t click the Privacy Advisor pop up it disappears automatically in a few seconds You can also close it by clicking the X in the upper right corner Privacy per program By default privacy protection is applied only to standard browser programs such as Internet Explorer If you wish you can also enable privacy protection for any other program on your computer by using the Privacy column in the Programs tab See Programs tab page 98 Alerts amp Logs ZoneAlarm Pro s alert and logging features keep you aware of what s happening on your computer without being overly intrusive Controlling the display of alerts You may be the type of person who wants to know everything that happens on your computer or you may not want to be bothered as long as you know your computer is secure ZoneAlarm Pro accommodates you no matter which kind of person you are You can be notified by an alert pop up shown in reduced size at left each time ZoneAlarm Pro acts to protect you or you can opt for quieter protection Alert display settings The default alert display setting Medium minimizes interruptions by only showing you alerts that are high rated that is that are likely to have resulted from hacker activity The high alert display setting will show you all alerts even those probably caused by normal network traffic If you don t want to be bothered by firewall ale
60. e mobile code is common on the Internet and has many benign uses hackers can sometimes use it for malevolent purposes Back More Info button ZoneAlarm Pro 3 1 User s Manual Page 137 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Back N NetBIOS Network Basic Input Output System A program that allows applications on different computers to communicate within a local network By default ZoneAlarm Pro allows NetBIOS traffic in the Trusted Zone but blocks it in the Internet Zone This enables file sharing on local networks while protecting you from NetBIOS vulnerabilities on the Internet Back O no entries P packet A single unit of network traffic On packet switched networks like the Internet outgoing messages are divided into small units sent and routed to their destinations then reassembled on the other end Each packet includes the IP address of the sender and the destination IP address and port number Back pass lock When the Internet Lock is engaged programs given pass lock permission can continue accessing the Internet Access permission and server permission for all other programs are revoked until the lock is opened Back persistent cookie A cookie put on your hard drive by a Web site you visit These cookies can be retrieved by the web site the next time you visit While useful they create a vulnerability by storing information about you your computer or your In
61. e my IP address when applicable I Hide the last octet of my IP address when applicable Use the Preferences tab to e Set or change your ZoneAlarm Pro password e Log in or log out e Configure ZoneAlarm Pro to automatically notify you of product updates e Set general options for the display of the ZoneAlarm Pro Control Center e Configure privacy settings for communications with Zone Labs 1 Password By setting a password you prevent anyone but you from shutting down ZoneAlarm Pro or changing your security settings Once you have set a password you must log in before you can change settings shut down the TrueVector security engine or uninstall ZoneAlarm Pro Valid passwords are between 6 and 31 characters long Valid characters include A Z a z 0 9 and characters amp Note Setting a password will not prevent other people from accessing the Internet from your computer ZoneAlarm Pro 3 1 User s Manual Page 84 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 2 Check for Updates Select Automatically to have ZoneAlarm Pro automatically notify you of available updates If you would rather check for upgrades yourself by looking in the Status tab of the Overview panel select Manually Tip These controls are enabled only if you have purchased ZoneAlarm Pro and if you have a current subscription to the ZoneAlarm Pro product update service 3 General Select Show ZoneAlarm P
62. e program hasn t been tampered with If the program has changed ZoneAlarm Pro displays a Changed Program alert like the one at left 1 Authentication options Option If selected PEAT Whenever the program accesses the Internet or your local network ZoneAlarm Pro uses the MD5 signature to verify that it is authentic programs and and untampered with If the program has loaded any components components ZoneAlarm Pro authenticates them as well Authenticate ZoneAlarm Pro authenticates the program but allows the program program only to load components without authenticating them Instead of checking the MD5 signature ZoneAlarm Pro will only Use program file check to see that the location of the program on your computer path only hasn t changed This is a low security option but may be useful for programs that are frequently updated Tip Zone Labs suggests using the Authenticate program only option the first two times you use an application with ZoneAlarm Pro This enables ZoneAlarm Pro to fingerprint the programs components silently After using the application twice select Authenticate programs and ZoneAlarm Pro 3 1 User s Manual Page 110 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 components so that ZoneAlarm Pro will check all components against their fingerprints when a program accesses the Internet Alerts 8 Logs panel Main tab Alerts amp Logs p A lon 1 En a s Sl ow fi High e Medium OF
63. e with step 2 9 Do you recognize the name of the program in the Alert pop up and if so does it make sense for the program to need permission If so it s probably safe to click Yes If not or if you re not sure continue with step 3 10 Click the More Info button in the alert box This submits your alert information for example the name of the program and the address it was trying to reach to AlertAdvisor which then displays a Web page with information about the alert and the program Use the AlertAdvisor information to help you decide if it s safe to answer Yes Tip If you re really not sure what to do it s best to answer No You can always grant permission later by going to the Programs tab How you can see fewer of these alerts It s normal to see several New Program alerts soon after installing ZoneAlarm Pro As you assign permissions to each new program the number of alerts you see will decrease Tip To avoid seeing Repeat Program alerts select Remember this answer the next time use this program before clicking Yes or No Firewall alerts onec larm Pro Alert Protected rl his beth ae local rete Banca ls ee Gobel SS Hare ber 172156100 227 MEE Hime Ima 14 20 32530 4H mho Tasen A TT AlertAdvisor were inte Chest ha les dos 50m Ce 7 When you see a Firewall alert it means that ZoneAlarm Pro has protected you by blocking traffic not allowed by your Firewall settings By clicki
64. ed or enters green your computer This does not imply illegal traffic or any security problem Note Some applications access network resources in the background so you may see network traffic occurring even when you aren t actively accessing the Internet Stop button Emergency Panic Lock Click the Stop button to immediately stop all inbound and outbound traffic Click again to disengage Tip Use the Stop button only in emergencies For more information see the related topic Using the Internet Lock and Stop button Networks The networks indicator shows you when you have wired or wireless networks in either the Trusted Zone or Internet Zone In the example at left there is one wired network in the Trusted Zone ZoneAlarm Pro 3 1 User s Manual Page 78 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Click the network symbol to go immediately to the Zones tab where the settings for the network are stored Internet Lock Click the lock icon to close the Internet lock Click again to disengage ri This view indicates the lock is open T J This view indicates the lock is closed Note Use the Internet Lock to protect your computer if you leave it connected to the Internet but inactive for long periods For more information see the related topic Using the Internet Lock and Stop button Active programs Services and Controller App Listening to ports UDP 1035 The active programs area dis
65. ed a Web page element For more information about the Privacy Advisor see below Tip You can set cookie control to block session and persistent cookies as well See Cookies tab page 125 Ad blocking Ad blocking keeps unwanted advertisements from disrupting your Internet work With ZoneAlarm Pro you can block all types of ads or only specific types e Skyscraper and banner ads extend across the top or up the side of the Web page itself e Pop up and pop under ads appear in a new browser window that pops up in front of or under the screen you re looking at e Animated Ads use moving images color changes and so forth ZoneAlarm Pro 3 1 User s Manual Page 17 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 When you visit a Web page with ads ZoneAlarm Pro blocks pop up and pop under ads It s as if they didn t exist ZoneAlarm Pro also blocks banner and skyscraper ads if they take more than a few seconds to load This is called performance ad blocking and keeps advertisers from slowing down your Web experience Tip You can customize ad blocking to stop block all banner and skyscraper ads or to stop only specific types of ads See Ad Blocking tab page 127 Mobile Code control Mobile code control keeps hackers from using active Web page content such as Java applets ActiveX controls and plug ins to compromise your security or damage your computer What is mobile code Mobile code is active
66. een to set a password to protect your ZoneAlarm Pro settings By setting a password you prevent anyone else from changing your security settings or shutting down ZoneAlarm Pro Note Setting a password does not prevent other people from using your computer to access the Internet Option If you are using Microsoft Internet Connection Sharing select the option check box before clicking Next ZoneAlarm Pro 3 1 User s Manual Page 33 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Configuration Wizard 6 Configure for ICS CONFIGURE FOR ICS IF you are using Windows Internet Connection Sharing Feature use this panel to enable Zone larm Pro to recognize the ICS gateway or client am not using ICS O This computer is an ICS gateway Its IP address is This computer is a client of an ICS gateway The gateway z IP address is Back Finish Cancel If you are on a local network that uses Windows ICS to share one Internet connection among several computers you need to configure ZoneAlarm Pro to recognize the ICS gateway client relationship Whether ZoneAlarm Pro is installed on the client or the gateway the ZoneAlarm Pro needs the gateway s IP address Choose the gateway or client option and fill in the IP address Click Finish to proceed to the next Wizard screen ZoneAlarm Pro 3 1 User s Manual Page 34 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Configuration Wizard
67. ents Showmn O High E Hedum C pi KMM Lookte Lant m Makes your computer invisible to hackers Traffic to or from the Internet Zone is blocked unless it is initiated by a program on your computer that you ve given permission to communicate with the Internet Zone Enables you to share files and printers with computers on your home or local network Programs must ask for permission and be authenticated before communicating with the Internet Note Zone Labs recommends you start with this setting at Medium and then raise it to High after a few days of normal use This enables ZoneAlarm Pro to secure your program components without interrupting you unnecessarily Only high rated alerts are be shown This keeps you from being interrupted unnecessarily Session cookies and persistent cookies are allowed but third party cookies are blocked This lets you benefit from the convenience of cookies while preventing advertisers and other third parties from getting information about your Internet habits Blocks pop up ads and banner and skyscraper ads that take more than a few seconds to load Ads that don t slow down Internet performance are allowed ZoneAlarm Pro 3 1 User s Manual Page 40 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 EA While mobile code can be a vulnerability it also is a Privacy On powerful tool for making Web sites interactive Mobile Code On Mobile code control is turne
68. erts that occur on an ICS network will be displayed and logged on the gateway on the client or on both If you are working on a client machine select Forward alerts from gateway to this computer to have alerts that occur on the gateway computer appear and be logged on the client computer If you are working on a gateway select Suppress alerts locally if forwarded to clients if you do not want alerts forwarded from the gateway to clients to also be displayed on the gateway See also Internet Connection Sharing page 67 3 General Settings These controls apply global rules regarding certain protocols packet types and other forms of traffic Such as server traffic to both the Trusted Zone and the Internet Zone Control Function when selected Block all Blocks all incomplete fraamented IP data ZoneAlarm Pro 3 1 User s Manual Page 94 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 fragments Block local servers Block Internet servers Enable ARP protection Allow VPN Protocols at high security Allow uncommon protocols at high security packets Prevents all programs on your computer from acting as servers to the Trusted Zone Note that this setting overrides permissions granted in the Programs panel Prevents all programs on your computer from acting as servers to the Internet Zone Note that this setting overrides permissions granted in the Programs panel Blocks all incoming ARP
69. es for that Zone allow traffic through that port depends on the security level that is applied to each Zone ZoneAlarm Pro 3 1 User s Manual Page 14 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 To choose a security level for a Zone use the slider controls in the Main tab of the Firewall panel To define the meaning of each security level that is the ports that are blocked or allowed at that level use the Internet Zone tab and Trusted Zone tab in the Custom Securities dialog box Program Control Program control protects you from Trojan horses and other hacker malware by making sure only programs with your permission can access the Internet Why do I need program control Everything you do on the Internet from browsing Web pages to downloading MP3 files is managed by specific applications programs on your computer Hackers exploit this fact by planting malware literally evil programs on your computer Sometimes they send out malware as e mail attachments with innocent names like screensaver exe If you open the attachment you install the malware on you computer without even knowing it Other times they convince you to download the malware from a server by making it masquerade as an update to a legitimate program Once on your machine malware can wreak havoc in a variety of ways It can raid your address book and mail itself to everyone in it or it can listen for connection requests
70. esat lens 96 Fe OCEAN SO ri cs 98 COMPONEN TAD caustic ers se cette A led adenda 101 O e e O 104 ZoneAlarm Pro 3 1 User s Manual Page 6 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 ACCESS PErMISSIONS TaD satis e as e aaa a ol ads dee 105 Alerts FUNCIOMAIILY ta Duras o recia 106 ROMS tai cs 108 Ae o A o PA Pe oer ee eee ee eee eee 110 Alerts amp Logs Panel e ee eS Soo 111 LOJ VIEWED aldo 112 Program Logs taa E 115 Alert Events taaan o a 116 System Tray Alert aD tcs tt lia 117 Edd Controltab ni aa ds dd da 119 PRIVACY Panel aii 121 Malta ica 121 A A A A 123 COOKICS ta Di a 125 AA Blocking tad A a 127 Mobile Code tab santo Itaca 128 E MallProtecti n panel nia 129 Manta aaa ida 129 Machines daa nidad ci n 129 6 SIOSS A Visit 131 E EE E E A E E OA AE nee nein eee NEN A EA eee se 131 di 132 o TI eased eee 133 a a Sanu tea ueamtancist anaes keenest 134 A A dete seen E E dele EAE E E ETT 134 E EE E E E E E E A E T ce ee T 134 a 135 EAEE AE A A A A A A 135 A uot eemuateteiie sa caley ene sol cdaseenteascesoedaessemuasaunessuaniee 136 HR ies nee E ia ooo 136 FRA O ane aaa E E eee 136 A A E AE AOTT 136 O A A a 138 A O E olen Gee 138 ZoneAlarm Pro 3 1 User s Manual Page 7 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 cc 140 O 141 P E e A an 141 nm o E ee 143 poo 143 A ee eee ee ee ee er ee ee ee 144 A iZ meo een ge ea eee eee eceeee a
71. ess the Internet However they can also occur if a hacker has somehow managed to tamper with the program What you should do Click Yes or No in the alert pop up after asking these questions e Did you or if you re in a business environment your systems administrator recently upgrade the program that is asking for permission e Does it make sense for the program to need permission If you can answer yes to both question it s probably safe to click Yes Tip If you re not sure it s safest to answer No You can always grant permission later in the Programs tab See Programs tab page 98 If you re not sure what to do or if you decide to answer No investigate the program to determine if it is safe See Investigating changed programs and components page 56 How you can see fewer of these alerts To avoid a large number of Changed Program alerts avoid unnecessary or repeated program updates Program Component alert RAPE PPP PPP PPPPPPPPP PP PPPPPPPPPPPPPPPPPPPPA Bho en rear bo albores Pro and ognari Be mocan the lr Technical Information minaaa eal abe Dine of mote component uned be thes piman hira changed onan rea Under ou hara recen E j led you ra want do chak the ron by ciclo E Alert dwvisor moeit ZoneAlarm Pro 3 1 User s Manual Page 49 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Use the Program Component alert to allow or deny Internet access to a program that
72. features of Web sites Cookie control Cookie control keeps advertisers from spying on your Internet habits High security settings keep sensitive information passwords for example from being stored in cookies where they can be stolen if a hacker breaks into your computer ZoneAlarm Pro 3 1 User s Manual Page 16 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 What is a cookie A cookie is a small text file that a Web site places on your computer A cookie that stays on your computer a long time called a persistent cookie lets the Web site remember who you are so that the next time you visit it can customize what you see For example this is how Amazon com shows you books you re likely to want each time you visit A cookie placed by someone other than the Web site host called a third party cookie can be used to record information about your Internet habits for example which advertisements you click on These cookies are often placed by advertisers The default Medium cookie control setting allows session cookies and persistent cookies but blocks third party cookies This protects you from information leaks while preserving the convenient functions of cookies When a Web site tries to place a third party cookie on your computer ZoneAlarm Pro blocks the cookie and displays the Privacy Advisor highlighted at right at the bottom of your screen Privacy Advisor tells you that ZoneAlarm Pro has block
73. formation Cookie Expiration Expire cookies Immediately after receipt f After fo H days Privacy Advisor _ ______ 5 The Privacy Advisor informs you when privacy settings nterere with a Website you are visting M Show Privacy Advisor Reset To Default apy Use this tab to customize cookie control You can e Choose what types of cookies to block e Choose the period after which persistent cookies will expire e Enable or disable Web bugs e Allow or block transfer of private header information Note This tab appears in both the Site Options dialog box for customizing a particular site and in the Custom Privacy Settings dialog box for customizing defaults 1 Session cookies Use this control to allow or block session cookies session cookie A cookie stored in your browser s memory cache that disappears as soon as you close your browser window These are the safest cookies because of their short life span ZoneAlarm Pro 3 1 User s Manual Page 125 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 2 Persistent cookies Use this control to allow or block persistent cookies persistent cookie A cookie put on your hard drive by a Web site you visit These cookies can be retrieved by the web site the next time you visit While useful they create a vulnerability by storing information about you your computer or your Internet use in a text file 3 Third party
74. from the Internet The hacker who distributed the malware can then contact it and give it instructions effectively taking control of your computer ZoneAlarm Pro protects you from malware attacks ZoneAlarm Pro s program control features use two methods to protect you from malware attacks program authentication and program access control Program authentication Whenever a program on your computer wants to access the Internet ZoneAlarm Pro authenticates it via its MD5 signature What is an MD5 signature A digital fingerprint used to verify the integrity of a file If a file has been changed in any way for example if a program has been compromised by a hacker its MD5 signature will change as well If the program has been altered since the last time it accessed the Internet ZoneAlarm Pro displays a Changed Program alert You decide whether the program should be allowed access or not For added security ZoneAlarm Pro also authenticates the components for example DLL files associated with the program s main executable file If a component has been ZoneAlarm Pro 3 1 User s Manual Page 15 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 altered you ll see a Program Component alert similar in appearance to a changed program alert Program access control When you re using ZoneAlarm Pro no program on your computer can access the Internet or your local network or act as a server unless you give it per
75. gram alerts and other alerts that have been recorded in the ZoneAlarm Pro log You can sort the list by any field by clicking the column header The arrow next to the header name indicates Field Rating Date Time Type Protocol Program Source IP Destination IP Direction Action Taken Count Source DNS Destination DNS Information Each alert is high rated or medium rated High rated alerts are those likely to have been caused by hacker activity Medium rated alerts are likely to have been caused by unwanted but harmless network traffic The date and time the alert occurred The type of alert Firewall Program or Lock Enabled The communications protocol used by the traffic that caused the alert The name of the program attempting to send or receive data Applies only to Program alerts The IP address of the computer that sent the traffic that ZoneAlarm Pro blocked The address of the computer the blocked traffic was sent to The direction of the blocked traffic Incoming means the traffic was sent to your computer Outgoing means the traffic was sent from your computer How the traffic was handled by ZoneAlarm Pro The number of times an alert of the same type with the same source destination and protocol occurred during a single session The domain name of the computer that sent the traffic that caused the alert The domain name of the intended addressee of the traffic that caused the ale
76. grated object by turning mobile code protection on in the Main tab of the Privacy panel Customize the types of code to block by using the Mobile Code tab See Mobile Code tab page 128 E mail protection Quarantine or allow specific attachment types MailSafe quarantines 37 types of e mail attachments You can turn off quarantining for any type of attachment or add more types of attachments to the quarantine list in the Attachments tab See Attachments tab page 130 Reading the ZoneAlarm Pro log Viewing the Log To view the current log in the Log Viewer ZoneAlarm Pro 3 1 User s Manual Page 71 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 e Inthe Alerts amp Logs panel choose the Log Viewer tab To view the current log as a text file 1 In the Main tab of the Alerts amp Logs panel click the Advanced button The Advanced Alerts 4 Log Settings dialog box opens 2 Choose the Log Control tab 3 Under Log Archive Location click the View Log button Note By default alerts generated by ZoneAlarm Pro are logged in the file ZAlog txt If you are using Windows95 Windows98 or Windows Me the file is located in the following folder x Windows Internet Logs If you are using WindowsNT or Windows2000 the file is located in the following folder x Winnt Internet Logs Log fields Log entries contain the fields described in the table below Field Description Example The type of event Type reco
77. he bottom of the dialog box 3 Type the ports or port ranges you want to block in the Ports text box separated by commas Example 139 200 300 4 Click Apply or OK Trusted Zone tab Trusted Zone Use this page to set custom secunty levels for the Trusted one High security blocks all network traffic except authorized program traffic and traffic indicated by a check mark High security settings for Trusted zone Allow outgoing DMS UDP port 53 Allow outgoing DACP UDF port 677 Allow broadeastmulticast Medium security settings for Trusted zone Block incoming NetBl9S ports 135 157 9 4451 Block outgoing NetBlOS ports 135 157 9 445 Block incoming ping CMF Echo Use this dialog box to customize high security and medium security settings for traffic to and from the Trusted Zone 1 High security settings for the Trusted Zone These are the port and protocol restrictions applied to the Trusted Zone when High security is selected in the Main tab of the Firewall panel Tip To view the settings for Medium security scroll down below the high security settings Default configuration ZoneAlarm Pro 3 1 User s Manual Page 91 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 The default settings for high security block all inbound and outbound traffic through ports not being used by programs you have given access or server permission with the following exceptions e DHCP broadcast multicas
78. ield from transferring any information about you Back ICMP Internet Control Messaging Protocol An extension of the Internet Protocol that supports error control and informational messages The ping message is a common ICMP message used to test an Internet connection Back ICS Internet Connection Sharing ICS is a service provided by the Windows operating system that enables networked computers to share a single connection to the Internet Internet Zone ZoneAlarm Pro 3 1 User s Manual Page 135 of 145 Copyright Zone Labs Inc 2002 2002 08 15 ZoneAlarm Pro applies the strictest security to the Internet Zone keeping you safe from hackers Meanwhile the medium security settings of the Trusted Zone enable you to communicate easily with the computers or networks you know and trust for example your home network PCs or your business network Back IP address The number that identifies your computer on the Internet as a telephone number identifies your phone on a telephone network lt is a numeric address usually displayed as four numbers between 0 and 255 separated by periods For example 172 16 100 100 could be an IP address Your IP address may always be the same However your Internet Service Provider ISPs may use Dynamic Host Configuration Protocol DHCP to assign your computer a different IP address each time you connect to the Internet Back ISP Internet Service Provider A company tha
79. is using one or components that haven t yet been secured by ZoneAlarm Pro This helps protect you from hackers who try to use altered or faked components to get around your program control restrictions By clicking Yes you allow the program to access the Internet while using the new or changed components By clicking No you prevent the program from accessing the Internet while using those components Click the Details button to see what component s the program was Why these alerts occur Program Component alerts occur when a program accessing the Internet or local network is using one or more components that ZoneAlarm Pro has not yet secured or that has changed since it was secured Note ZoneAlarm Pro automatically secures the components that a program is using at the time you grant it access permission This prevents you from seeing a Component alert for every component loaded by your browser What you should do The proper response to a Program Component alert depends on your situation Consider the following questions 1 Are any of the following true o You just installed or reinstalled ZoneAlarm Pro o You recently updated the application that is loading the component For the application name look under Technical Information in the alert pop up o The application that is loading the component ha an automatic update function o Someone else for example a systems administrator at your workplace may have updated a
80. is area shows the status of your product update service If your service has expired or is about to expire click Renew to continue to get automatic updates to ZoneAlarm Pro Follow the technical support link to access FAQ troubleshooting and other technical information on the Zone Labs Web site Tip Before contacting Zone Labs technical support try the troubleshooting steps provided in this help system Start at the help welcome page 4 Registration This area shows whether you have registered your copy of ZoneAlarm Pro If your registration is pending you have submitted registration information but ZoneAlarm Pro has not yet received confirmation of registration from Zone Labs Click Change Reg to edit your registration information name company or e mail ZoneAlarm Pro 3 1 User s Manual Page 83 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Click Register to register online Registration only takes a few seconds Preferences tab Overview Password Cia Check tor Updates Check for product updates Automatically General Show ZoneAlarm Pro on top during Irene activity i Load Zoneblarm Pro at startup I Remember the last tabe visted in the panels Explanatory text within panels Y Show Hide Colu Scheme ZoneAlarm Pro Royal Blue Contact with Zone Labs Wihenewer request into from one Labs that tequeres information from me Alert me with a pop up before make contact C Hid
81. larm Pro 3 1 User s Manual Page 27 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Installation screen 6 Try or buy dialog License Wizard Trial Mode Your Trial Security Stats To begin or continue your Trial click Blocked Intrusions do Probable Hack Attempts 12 o Trial Days Remaining ATT Don t let your security run out S 30 days i BUN Security Fact oneblarm Pro pute pon in Stealth Mode When pou cant be seer you can t be hacked IF you ve purchased oneblarm Pro click here A canco If you are using a trial license for ZoneAlarm Pro the try or buy dialog appears The area in the upper right tells you how many trail days remain and summarize security activity during your trial Click Try to continue your trial period Click Buy to purchase ZoneAlarm Pro Finally the Zone Labs logo HA appears in the system tray Congratulations ZoneAlarm Pro is installed Configuration Wizard When installation is complete ZoneAlarm Pro automatically launches the Configuration Wizard The Configuration Wizard helps you quickly and easily set up ZoneAlarm Pro for use in your computing environment ZoneAlarm Pro 3 1 User s Manual Page 28 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Configuration Wizard 1 Welcome Welcome to ZoneAlarm Pro Congratulations ou have selected the most effective easy to use personal security
82. larm Pro 3 1 User s Manual Page 126 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Ad Blocking tab Ad Blocking Customize ad blocking for all future Web sites you visit Ads to Block i i 0 _ _ _ _ Performance Always 1 M Banner Skyscraper ads ie D Block ads that do not load in i Seconds M Pop up pop under M Animation Ad Void Control When an ad it blocked fill the space with Nothing A box with the word 4D f A box can mouse over to get the ad to appear Reset To Default apy Use this tab to e Choose what types of ads to block e Choose what to do with the screen space in which a blocked ad was to be displayed Note This tab appears in both the Site Options dialog box for customizing a particular site and in the Custom Privacy Settings dialog box for customizing defaults 1 Ads to Block These controls let you choose which specific types of advertisements you want to block or allow If you choose to block banner ads and skyscraper ads e Choose Always to have those ads blocked in all cases e Choose Performance to have them blocked only when the ads to not load within the amount of time specified in the counter You can set the counter to any value from 1 to 99 seconds ZoneAlarm Pro 3 1 User s Manual Page 127 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 If you choose to block pop up ads and pop under ads or animated ads those advertiseme
83. lock only third party cookies that can spy on Web sites use to personalize your me Web experience C Dont block any cookies The default Cookie Control setting is preselected Choose a higher or lower setting or click Next to accept the default Choices e Block all cookies Choose this setting to prevent the Web sites you visit from placing any cookies on your computer Note that choosing this setting will disable some of the personalization and customization available on popular e commerce Web sites e Block only third party cookies This is the default setting Choose this to have ZoneAlarm Pro block only cookies that are designed give away information you like the Web pages you visit and the ads you click e Don t block any cookies Choose this setting to turn off cookie control ZoneAlarm Pro 3 1 User s Manual Page 31 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Configuration Wizard 4 Review Ad Blocking Defaults Configuration Wizard ZINE Review Default Settings What type of ads do you want to block C Block ALL ads Default settings for ad blocking allow advertisements within ek f Block ONLY pop ups and slow ads pages but block annoying pop up and pop under ads as well as any Do notblock any ads ads that slow down Web page loading You re finished reviewing default settings Please click Next Back Finish Cancel The default Ad Blocking setting is p
84. mission to bypass the Internet Lock so that you can continue to perform some basic functions under the lock s higher security See Programs tab page 98 How you can see fewer of these alerts If you are receiving a lot of Internet Lock alerts it is possible that your Automatic Internet Lock settings are engaging the Internet Lock after every brief period of inactivity To reduce the number of alerts you can do any of the following e Inthe Programs tab turn the Automatic Internet Lock off e Inthe Auto Lock tab increase the number of minutes of inactivity required for the Automatic Lock to engage See also Programs tab page 98 and Auto Lock tab page 104 Blocked Program alerts ZoneAlarm Pro Alert Blocked Interest E phere was blocked hor conrectag bo the internet 1127 00001 Pon 2455 Prograr namal Explorer ae VISNE S da a Pd EEEE E CUCA Dot shaw hi dilo qa O Y Blocked Program alerts tell you that ZoneAlarm Pro has prevented an application on your computer from accessing the Internet or Trusted Zone resources By clicking OK you re not allowing the program access just acknowledging that you saw the alert A Why these alerts occur Blocked Program alerts occur when a program tries to access the Internet or the Trusted Zone even though you have explicitly denied it permission to do so Because you ve already configured ZoneAlarm Pro to block the program the alert displays only an OK button rathe
85. mission to do so When a program requests access for the first time A New Program alert asks you if you want to grant the program access permission If you re not sure whether to click Yes or No you can click the More Info to have Zone Labs Alert Advisor help you decide what to do A Program Component alert similar to a new program alert lets you know if the program is using a component that is new or has changed If the same program requests access again A Repeat Program alert asks you if you want to grant or deny access permission to a program that has requested it before Tip To avoid seeing repeat program alerts select the Remember this answer check box near the bottom of the alert before clicking Yes or No After that ZoneAlarm Pro will silently block or allow the program When a program asks for server permission A Server Program alert asks you if you want grant server permission to a program Caution Because Trojan horses and other types of malware often need server rights in order to do mischief you should be careful to give server permission only to programs that you know and trust and that need server permission to operate properly See also New Program alert page 43 Repeat Program alert page 46 Program Component alert page 49 and Server Program alert page 47 Privacy protection ZoneAlarm Pro s privacy protection features new in version 3 1 shield you from intrusive and potentially dangerous
86. n without your permission preventing hackers from communicating with Trojan horses or other malware they may have distributed They enable you to set access permission for program that has not asked for Internet Zone or Trusted Zone access before If you click Yes the program is allowed access If you click No the program is denied access Why these alerts occur New Program alerts occur when a program on your computer tries to initiate a connection with a computer in the Internet Zone or Trusted Zone and that program has not already received access permission from you There are many programs and program components that require access permission as part of their normal function Browsers and e mail client applications for example must connect to remote servers to retrieve Web pages and send or receive e mail Most of the time you re likely to see program alerts when you re actually using a program For example if you ve just installed ZoneAlarm Pro and you immediately open Microsoft Outlook and try to send an e mail message you ll get a program alert asking if you want Outlook to have Internet access ZoneAlarm Pro 3 1 User s Manual Page 43 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 What you should do Click Yes or No in the alert pop up after following these steps 8 Did you just launch a program or process that would reasonably require permission If so it s probably safe to click Yes If not continu
87. nd preferences Comprehensive protection for standalone or networked computers plus full protection for mobile computers Advanced email protection that prevents your computer from being infected by or inadvertently spreading malicious code p us enhanced hacker tracking allows you to pinpoint the origins of would be intrusions How this guide is organized This guide contains information that will help you use ZoneAlarm Pro effectively Here s how it s organized Chapter 2 How ZoneAlarm Pro protects you provides an overview of ZoneAlarm Pro s major security features Use this chapter to learn the basics of Internet security and how ZoneAlarm Pro protects you from threats Chapter 3 Installing ZoneAlarm Pro shows you how to install ZoneAlarm Pro and how to use the Configuration Wizard to choose basic security settings ZoneAlarm Pro 3 1 User s Manual Page 10 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 e Chapter 4 Using ZoneAlarm Pro covers major tasks you may need to perform while using ZoneAlarm Pro Use this chapter to learn how to respond to alerts how to set up ZoneAlarm Pro for your network and so forth e Chapter 5 Interface Guide is a panel by panel reference guide to the ZoneAlarm Pro control center Use this chapter to find out what each control in the user interface does ZoneAlarm Pro 3 1 User s Manual Page 11 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Ho
88. ng Rather than giving you a static IP address your ISP may assign a different IP address to you each time you log on This allows the provider to serve a large number of customers with a relatively small number of IP addresses Back DHCP Dynamic Host Configuration Protocol broadcast multicast A type of message used by a client computer on a network that uses dynamic IP addressing When the computer comes online if it needs an IP address it issues a broadcast message to any DHCP servers that are on the network When a DHCP server receives the broadcast it assigns an IP address to the computer Back dial up connection Connection to the Internet isina a madem and an analoa telenhnne line The ZoneAlarm Pro 3 1 User s Manual Page 133 of 145 Copyright Zone Labs Inc 2002 1 00U3 U3U1 2002 08 15 modem connects to the Internet by dialing a telephone number at the Internet Service Provider s site This is in distinction to other connection methods such as Digital Subscriber Lines that do not use analog modems and do not dial telephone numbers Back DLL Dynamic Link Library A library of functions that can be accessed dynamically that is as needed by a Windows application Back DNS Domain Name System A data query service generally used on the Internet for translating host names or domain names like www yoursite com into Internet addresses like 123 456 789 0 Back embedded object An object su
89. ng OK you are not letting anything into your computer you are only saying Yes I ve seen the alert ZoneAlarm Pro 3 1 User s Manual Page 44 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Why these alerts occur Firewall alerts occur when ZoneAlarm Pro blocks an incoming or outgoing packet because of the port and protocol restrictions set in the Firewall panel Firewall alerts can be caused by harmless network traffic for example if your ISP is using ping to verify that you re still connected However they can also be caused by a hacker trying to find unprotected ports on your computer If the alert was probably caused by harmless network traffic the alert has an orange band at the top If the alert was probably caused by hacker activity the pop up has a red band at the top What you should do When you see a Firewall alert there s nothing you have to do to ensure your security To dismiss the alert box click OK By doing this you re not allowing any traffic in or out of your computer If you re interested in learning more about the alert for example the common uses of the port it was addressed to or the likelihood that it stemmed from hacker activity click the More Info button This submits your alert information to Zone Labs AlertAdvisor which analyzes the information and provides the most likely explanation How you can see fewer of these alerts If you are receiving a lot of firewall alerts but
90. nts and Internet Call Waiting programs may need server permission to operate properly Grant server permission only to programs you re sure you trust and that require it in order to work If possible avoid granting a program server permission for the Internet Zone If you need to accept incoming connections from only a small number of machines add those machines to the Trusted Zone and then allow the program server permission for the Trusted Zone only The following basic options are available for each program Allow the program to listen for connection requests Block the program from listening for connection requests Ask me whether to allow the program to listen for connection requests show Server Program alert Back session cookie A cookie stored in your browsers memory cache that disappears as soon as you close your browser window These are the safest cookies because of their short life span Back skyscraper ad An ad that appears in a vertical column along the side of a Web page stealth mode When ZoneAlarm Pro puts your computer in stealth mode any uninvited traffic receives no response not even an acknowledgement that your computer exists This renders your computer invisible to other computers on the Internet until permitted program on your computer initiates contact ZoneAlarm Pro 3 1 User s Manual Page 142 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Back y third party cookie
91. nts are blocked in all cases since they do not affect the speed at which Web pages load 2 Ad Void Control When ZoneAlarm pro blocks banner skyscraper or animated ad it leaves a void or blank on your screen where the ad was to be displayed Ad void control lets you specify what will be displayed in that space e Nothing e A box with the word AD e A box you can mouse over to get the ad to appear By default ZoneAlarm Pro displays a box with the words blocked ad so that you are aware of what is happening Mobile Code tab Mobile Code Customize mobile code protection for all future Web sites wou visit Mobile Code Control M Block scripts javascript vbscript etc M Block embedded objects java Actives M Block mime type integrated objects Reset To Defaut m Use this tab to customize mobile code control settings by specifying which code types to allow or block e Scripts e MIME type integrated objects e Embedded objects For definitions see the Glossary ZoneAlarm Pro 3 1 User s Manual Page 128 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Note This tab appears in both the Site Options dialog box for customizing a particular site and in the Custom Privacy Settings dialog box for customizing defaults E mail Protection panel Main tab Email Protection Malsafe Setting ie On On C of hlalS ate is enabled Use this tab to turn MailSafe protection on or off Use the r
92. o help decide what to do Tip To put a computer or network in the Trusted Zone use the Zones tab See page 87 Zones organize firewall security By default ZoneAlarm Pro applies High security to the Internet Zone and Medium security to the Trusted Zone You are safe from hackers out on the Internet but you can share resources with the computers and networks you trust No security level is necessary for the Blocked Zone because NO traffic to or from that Zone is allowed Using controls in the Firewall panel you can adjust the security level for each Zone Tip Advanced users can customize high and medium security for each Zone by blocking or opening specific ports See nternet Zone tab and Trusted Zone tab pages 89 and 91 Zones organize program control Whenever a program wants access permission or server permission ZoneAlarm Pro checks in the programs list Each program has the following permission settings e Access permission for the Trusted Zone Internet Zone e Server permission for the Trusted Zone Internet Zone As you use your computer ZoneAlarm Pro will display a New Program alert whenever a new program wants access or server permission To change access and server permissions for a program use the Programs tab See page 98 For definitions of access permission and server permission see the Glossary on page 131 How does the firewall use Zones and security levels The answer to question number three above Do the rul
93. ogging settings click the Default button to return to system defaults 4 Advanced Click the Advanced button to open the Advanced Alerts and Log Settings dialog box There you can e Specify alert display and logging by traffic type Alert Events tab e Enable or disable the system tray icon alert System Tray Alert e Configure your ZoneAlarm Pro log and set the archiving frequency Log Control tab Log Viewer tab Alerts amp Logs View only the last 3999 alerts 1 Fatima gt Date Time Type Protocol Mecdrurn 2002 07 04 19 07 24 500 GMT Firewall UD Piedini 200202004 1907 24 5500 GMT Firewall OF Mec 20020204 19 07 36 500 2 Firewall UDP Mech 20020204 1907 52 5500 GMT Firewall oF Mech 20020204 1907 52 550 GMT Firewall OF MEA Fi Entry Detail Descripbiomn Packet sen trom 12 16 1001 70 UDP Port 44 Add to Zone gt Direction 3 Incoming Type Firenarail ore inio Source DAS RHPLAPTOS2 zonelabe com The Log Viewer tab lists recent alerts You can use each alert entry to ZoneAlarm Pro 3 1 User s Manual Page 112 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 e Submit the alert to Zone Labs AlertAdvisor for analysis e Add the source of the traffic that generated the alert to your Trusted Zone 1 View only the last n alerts Select the number of alerts starting with the most recent to display in the alerts list 2 Alerts list The alerts list shows Firewall alerts Pro
94. oneAlarm Pro ZoneAlarm Pro 3 1 User s Manual Page 41 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 New Network alerts ZoneAlarm Pro Alert New Network On startup Zone4lain Pro detected a new melk wath PT 2 16 000 255 255 0 0 amd added it to the Intemel Zone Hama this nebeeork optical Hame New Metros To share bles and asiets wath this Network asigni t to the Trusted Aone If you re on a home or local network New Network alerts let you instantly configure ZoneAlarm Pro to allow you to share resources with the network Why these alerts occur New Network alerts occur when you connect to any new network be it a wireless home network a business LAN or your ISP s network What you should do If you receive a New Network alert when you start ZoneAlarm Pro and you are connected to a home or business local network it is likely that ZoneAlarm Pro has detected that network If you want to share resources with the other computers on the network put the network in the Trusted Zone by following the steps below 5 In the New Network alert pop up type a name for the network for example Home NW in the Name box 6 Select Trusted Zone from the Zone drop down list 7 Click OK Caution If you are not certain what network ZoneAlarm Pro has detected write down the IP address displayed in the alert box Then consult your home network documentation systems administrator or ISP to
95. or your trusted programs taking advantage of the Internet access permission given to the program s main executable in order to take control of your computer Using the components tab Most users never need to use the components tab because ZoneAlarm Pro automatically secures program components For advanced users the Components tab enables detailed control of specific component files Use this tab to determine whether Programs that are accessing network resources can load the listed component at will Programs that are accessing network resources must ask permission to load the listed component ZoneAlarm Pro displays a Program Component alert Note No Program Component alerts are shown if Program Control is set to Medium or Low in the Main tab Component learning mode ZoneAlarm Pro 3 1 User s Manual Page 101 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Windows programs frequently load ten twenty or more components at a time in the course of normal operations Component learning mode enables ZoneAlarm Pro to quickly learn the MD5 signatures of many frequently used components without interrupting your work with multiple alerts The default Medium Program Control setting establishes component learning mode We recommend that you use this setting for the first few days of normal Internet use after installing ZoneAlarm Pro After a few days of normal use ZoneAlarm Pro will have learned the signatures of the
96. our secHtity Program alerts will stil Be displayed Next Cancel The default Firewall Alert setting is pre selected Choose a higher or lower setting or click Next to accept the default Choices e Alert me whenever ZoneAlarm Pro blocks traffic Choose this setting if you want to be aware of what ZoneAlarm Pro is doing at all times even when it blocks traffic that is unsolicited but probably harmless e Alert me only when blocked traffic is probably hacker activity This is the default setting Choose this to be alerted only when there is a potential threat e Don t alert me at all protect my computer silently Choose this if you don t want to be disturbed ZoneAlarm Pro will protect you without interrupting your work Note that Program alerts will still be displayed because they require you to grant or deny Internet access to a program ZoneAlarm Pro 3 1 User s Manual Page 30 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Configuration Wizard 3 Review Cookie Control Settings Configuration Wizard ZNE Review Default Settings EA OOKIE CONTROL What types of cookies do you want to block Zone larmPro s default cookie control settings block third party cookies which can be used to spy Block all cookies even if it means a loss of personalization and functionality at some Web sites on you without your knowing while allowing other kinds of cookies that f B
97. ous traffic from making its ZoneAlarm Pro 3 1 User s Manual Page 66 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 way into the VPN tunnel from your computer and prevents any malicious traffic that might arrive on your computer via the VPN tunnel from doing any damage In order to configure ZoneAlarm Pro to protect VPN traffic do the following 1 Add the elements listed below to your Trusted Zone e Your VPN server or VPN concentrator e All of the LAN WAN subnets that interact with the internal network that you want access to e Any servers that you will need to make use of through the VPN but are not on your internal network such as DNS POP or SMTP servers e RADIUS or TACACS servers if applicable Tip Contact your network administrator if you do not know the addresses or host names of the network elements listed 2 Ifyou receive a firewall alert caused by a blocked attempt to access your loopback address 127 0 0 1 add the loopback address to the Trusted Zone and make sure there is no proxy software running on your computer See Zones tab page 87 3 In the Security tab Advanced Settings dialog box select Allow VPN protocols at high security See Security tab page 93 4 Ifyour VPN uses protocols other than GRE ESP and AH also select Allow uncommon protocols at high security ICS Internet Connection Sharing If you are using Windows Internet Connection Sharing ICS option or a third pa
98. ous version of ZoneAlarm Pro or a trial version of 3 1 your security settings may still be on your disk even if you have uninstalled the old version Tip Unless you have a lot of custom configuration that would take a lot of time to reproduce choose Clean install This ensures the smoothest possible installation e To keep your old settings select Upgrade e To start from scratch select Clean Install recommended Click Next when you are finished ZoneAlarm Pro 3 1 User s Manual Page 25 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Installation Screen 4 License Agreement Ja ZoneAlarm Pro Installation Es Zone Labs License Agreement Support Eee BETA TESTER LICENSE AGREEMENT t Extensive ZONEALARM PAO BETA VERSION Online Self help Software License Agreement tor oneblaro Pro Beta Version Responsive Email Tech IMPORTANT PLEASE READ CAREFULLY THIS Support LICENSE AGREEMENT SUPERSEDES PREVIOUS LICENSE AGREEMENTS FOR ZONEALARM PRO BETA t Committed VERSION BY INSTALLING THE SOFTWARE 45 Customer DEFINED BELOW COPYING THE SOFTWARE Servi AND OR CLICKING ON THE ACCEPT BUTTON ea BELOW YOU EITHER ON BEHALF OF YOURSELF AS El Sl item Do you accept the terms of the preceding License Agreement Back Don t Accept Use the scroll bar to read the full text of your ZoneAlarm Pro license agreement Click Accept to accept the terms of the agreement The installer now installs ZoneAla
99. plays the icons of programs that are currently open and that have accessed the Internet in your current session The icon blinks when the program is sending or receiving data A hand symbol under the icon indicates that the program is active as server and is listening for connection requests To see information about a program displayed here hover your mouse pointer over the icon All systems active This area can display two messages e The message All Systems Active indicates that ZoneAlarm Pro is functioning normally ZoneAlarm Pro 3 1 User s Manual Page 79 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 e The message Error Please Reboot indicates that you are not protected by ZoneAlarm Pro because the underlying security process is not running Restart your computer to allow ZoneAlarm Pro to reset Overview Panel Status tab Overview Blocked Intrusmns 19 Intrusions have been blocked since install 1 O of those have been high rated Inbound Protection JL The hrewall has blocked O access albtemple Outbound Protection 1 pogam secured tor Internet access T E mail Protection Malale is currentk achve O suspect emal ablachmenls quaranbred 3 Use the Status tab to What s New at cone Labs Eleam Morg e See ata glance if your computer is secure e See a summary of ZoneAlarm Pro s activity e See if your version of ZoneAlarm Pro is up to date e Access the ZoneAlarm Pro tuto
100. ponent Loading Cho po ered bo abia cito iiiesd amd components lo socess Gee reaa Technical Information separa OT WOE EXE Components Dick for detali pets Hove ioman Ayali A Pere of Charged a E pa lo be Pet progama lo acess Hee nieme Uinkess ipods Pane recent upgraded al rutsled you may vert lo check the suternbocip of Gar comporert by chola on e Dalai button AlertAdvisor Moreinfo Use the Component Loading alert to allow or deny Internet access to program that is loading a new or changed component some time after the program was launched This helps protect you from hackers who try to use altered or faked components to get around your program control restrictions By clicking Yes you allow the program to continue to access the Internet or local network resources while using the new or changed component By clicking No you prevent the program from accessing the Internet while using that component Tip Click the Details button to see what component s the program was loading ZoneAlarm Pro 3 1 User s Manual Page 51 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Why these alerts occur A Component Loading alert can occur in several normal situations For example if you click a link to a pdf document and your browser has not yet loaded the components necessary to read paf files you will see a Component Loading alert as the browser loads those components However a Componen
101. pport click here Registration The copy of oned lam Pro was registered on 2002 02 04 16 08 19 administrador Zone Labs Imc The Product Info tab gives you quick access to information about your version of ZoneAlarm Pro Use this tab to e See what version of ZoneAlarm Pro you have ZoneAlarm Pro 3 1 User s Manual Page 82 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 e Change your License key e Access the Technical Support area of the Zone Labs Web site e Change your registration 1 Version Information This area shows what version of ZoneAlarm Pro and what version of the TrueVector security engine are running on your computer Tip To see if there is a new version available go to the Status tab in the Overview panel and check the update information on the right side of the screen If you have a gateway license this area also indicates whether gateway enforcement is turned on or off Gateway enforcement is active indicates that ZoneAlarm Pro has established communication with the gateway 2 Licensing Information This area displays your ZoneAlarm Pro license number If you are using a trial version of ZoneAlarm Pro it tells you how many days are remaining in your trial period Click Buy Now to upgrade from a trial version of ZoneAlarm Pro Click Change Lic to change the license key under which your version of ZoneAlarm Pro is operating 3 Support and update information Th
102. program on your computer without your knowledge 2 Are you actively using the application that loaded the component If you can answer yes to both questions it is likely that ZoneAlarm Pro has detected legitimate components that your browser or other programs need to use It is probably safe to answer Yes to the Program Component alert If you cannot answer yes both questions or if you feel unsure about the component for any reason it is safest to answer No ZoneAlarm Pro 3 1 User s Manual Page 50 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 If you re not sure what to do or if you decide to answer No investigate the component to determine if it is safe See Investigating changed programs and components page 56 How you can see fewer of these alerts You may receive a large number of component alerts if you raised the Program Authentication level to high soon after installing ZoneAlarm Pro With authentication set to High ZoneAlarm Pro cannot automatically secure the large number of DLLs and other components commonly used by browsers and other programs To greatly reduce the number of alerts lower the Program Control level to medium for the first few days after installing ZoneAlarm Pro See Main tab Program Control panel page 96 If you have been using ZoneAlarm Pro for more than a few days it is very rare to see large numbers of program alerts Component Loading alert 1 ZoneAlarm Pro Alert Com
103. r programs and their components by recording their signatures but does not authenticate them Later if authentication is set to High the recorded signatures are used for authentication New Program and Repeat Program alerts are still displayed but Changed Program alerts are not Program permissions are enforced The following program alerts that can occur under this setting e New Repeat Server Program Off No program authentication is performed No program permissions are enforced All programs are allowed access server rights No program alerts can occur 2 Automatic Lock The Automatic Internet Lock protects your computer if you leave it connected to the Internet for long periods even when you re not using network resources If you turn the Automatic Lock on the Internet Lock will engage when your screen saver engages OR after a specific number of minutes of network inactivity depending on settings in the Auto Lock tab For more information about the Internet Lock see Using the Internet Lock and Stop button page 57 3 Program Wizard Advanced Click the Program Wizard button to have the ZoneAlarm Pro program wizard help you set up your programs for Internet access Click Advanced to open the Advanced Program Settings dialog box where you can use the Access Permissions tab and the Alerts 4 Functionality tab to customize program control options ZoneAlarm Pro 3 1 User s Manual Page 97 of 145 Copyright Zone La
104. r than the Yes and No options that appear in other Program alerts ZoneAlarm Pro 3 1 User s Manual Page 55 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 What you should do Click OK to close the alert pop up There s nothing further you have to do to ensure your security If the program that was blocked is one that you want to have access to the Internet Zone or Trusted Zone use the Programs tab to give the program access permission See Programs tab page 98 How you can see fewer of these alerts To turn off Blocked Program alerts do either of the following e When you see a Blocked Program alert select Do not show this dialog again before clicking OK From then on all Blocked Program alerts will be hidden Note that this will not affect New Program Repeat Program or Server Program alerts e Inthe Program Control panel click Advanced to access the Alerts amp Functionality tab then clear the check box labeled Show alert when Internet access is denied Note Turning off Blocked Program alerts does not affect your level of security Investigating changed programs and components When you receive a Changed Program alert a Program Component alert or a Component Loading alert you may want to investigate to see if there is a known hacker exploit or other problem associated with the program or component that caused the alert Investigating changed programs Use virus scanning Trojan scanning software and
105. raffic enters or leaves your computer Your computer has thousands of ports each identified by a number Whenever a another computer sends a message to your computer it addresses that message to a specific port For example a server delivering a Web page to your browser using the Hypertext Transfer Protocol HTTP traditionally sends to port 80 ZoneAlarm Pro 3 1 User s Manual Page 12 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 What is a protocol A protocol is a bit like a language it is an agreed on way of transmitting information The Internet uses many protocols and each of them is normally associated with a particular port or ports For example the NetBIOS protocol which is used by Windows systems to enable resource sharing on a local network traditionally uses ports 135 137 39 and 445 How does it work All Internet traffic Web pages e mail audio files and so on are transmitted in bite sized chunks called packets Each packet is addressed to a particular computer and to a particular port on that computer ZoneAlarm Pro examines every packet that arrives at your computer and asks four questions 1 What Zone did the message come from Trusted Internet or Blocked 2 What port is it addressed to 3 Do the rules for that Zone allow traffic through that port 4 Are there any other rules the packet violates Fragmented source routed etc Block incoming NetBIOS po
106. rded see Event FWIN types below The date of the alert ERE in format yyyy mm dd 2001 12 31 December 31 2001 The local time of the alert This field also displays the hours difference between local and Greenwich Mean Time GMT 17 48 00 8 00GMT 5 48 PM eight hours earlier than Greenwich Mean Time GMT would be 01 48 Time The IP address of the computer that sent 192 168 1 1 7138 FW events the blocked packet Source and the port used OR the program on your computer that Microsoft Outlook PE events requested access permission The IP address and Destination port of the computer 192 168 1 101 0 tha hlarkad narkat ZoneAlarm Pro 3 1 User s Manual Page 72 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 was addressed to The protocol packet type involved ae Transport Event types The first field in a log entry indicates the type of event recorded Event type Meanin code g The firewall blocked an inbound packet of data coming to your FWIN computer Some but not all of these packets are connection attempts FWOUT The firewall blocked an outbound packet of data from leaving your computer FWROUTE The firewall blocked a packet that was not addressed to or from your computer but was routed through it FWLOOP The firewall blocked a packet addressed to the loopback adapter 127 0 0 1 PE An application on your computer requested access permission Program Cont
107. re selected Choose a higher or lower setting or click Next to accept the default Choices e Block ALL ads Choose this setting to prevent any advertisements from appearing on the Web pages you view e Block ONLY pop ups and slow ads This is the default setting Choose this to block all pop up and pop under ads as well as banner ads that take more than a few seconds to load Choosing this setting allows advertisers who create efficient unobtrusive ads to get their message across while blocking ads that slow down Web performance or take over your screen e Donot block any ads Choose this to turn off ad blocking This is the last step in the review of default settings Click Finish to continue to the next part of the Configuration Wizard ZoneAlarm Pro 3 1 User s Manual Page 32 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Configuration Wizard 5 Create a password ZINE Protect your settings CREATE A PASSWORD do not want to create a password f would like to create a password F anyone else has access to pour computer Please enter pour password here Password must be at one Labs strongly recommends setting a least 6 characters password 0 that only you can make changes to your security settings pa Please confirm your password by re entering it here A Be sure to remember your password Y Option M Setup Zone larm Pro for Microsoft Internet Connection Sharing Use this scr
108. requests Blocked packets for recent connections Blocked non s N TCP packets Blocked roufed packets Blocked loopback packets Blocked non P packets Blocked fragmented F packets Other blocked F packets MalSate quarantined attachments Check AN Gearet 3 Reset to Default mT Use the Alert Events tab to control in detail the display and logging of Firewall alerts MailSafe alerts Internet Lock alerts and Blocked Program alerts To open this tab click the Advanced button in the Main tab of the Alerts amp Logs panel The relationship between Main tab settings and Alert Events tab settings The Alert Events Shown control in the Main tab of Alerts amp Logs lets you control the display of Firewall Alerts and other alerts by rating The High setting displays all alerts types while the Medium setting displays only alerts probably caused by hacker activity This control does not affect logging The Alert Events tab gives you more detailed control of alert display as well as logging You can specify which types of Firewall alerts to display and log by type of traffic blocked Tip New Program alerts and the other program alerts that require a yes or no response from you are always displayed You can control the logging of these alerts by using the Program Logs tab 1 Firewall events list For each type of event in the list ZoneAlarm Pro 3 1 User s Manual Page 116 of 145 Copyright Zone Labs Inc 2
109. rial 1 Blocked Intrusions Blocked Intrusions shows you how many times the ZoneAlarm Pro firewall and MailSafe have acted to protect you and how many of the alerts were high rated ZoneAlarm Pro 3 1 User s Manual Page 80 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 2 Protection The protection area tells you at a glance whether your firewall program and e mail security settings are safe It also summarizes security activity of each type Tip To reset the alert counts in this area click Reset to Default at the bottom of the panel Inbound Protection Use this area to see e f your firewall is configured safely ZoneAlarm Pro will warn you if firewall security is set too low e How many Firewall alerts MailSafe alerts and Internet Lock alerts have occurred since the last reset Outbound Protection Use this area to see e f program control is configured safely ZoneAlarm Pro will warn you if program security is turned off e How many Program alerts have occurred since the last reset E mail Protection Use this area to see MailSafe is on The text message shows you how many attachments have been quarantined since the last reset Tip Click the underlined text of any warning for example Program control is off to go immediately to the panel where you can change that setting 3 Reset to Default Clicking the Reset to Default link returns the event counters in the Inbound Protection
110. rm Pro You see the following screen AA A Coppie LAW WINEDT Systems2oneLabs ysruledb all When installation is finished you see the following screen ZoneAlarm Pro 3 1 User s Manual Page 26 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Installation screen 5 User survey i User survey Have vou changed your installation Please check that your answers are still correct Thank You of online security x How do vou connect to the Internet Modem Dialup How do you rate your understanding Novice r H ters d for choosing OW many computers do you own or oy manage ZoneAlarm PARO3 0 What type of computer did you FamiyPC y purchase oneAlarn Pro to protect ules All your information i kept confidential one Labs does not sell trade or exchange pour survey information with any Security you can Trust organization ches pan The user survey is optional It helps Zone Labs better understand the needs of our customers Please take a few moments to answer the four questions ZoneAlarm Pro Setu p x Setup is complete Do you want to start Zone larn Pro now Yez No Click Yes to start ZoneAlarm Pro immediately You see the following notice Starting ZoneAlarm Pro i pa Starting Truevector Internet Monitor aor This tells you that ZoneAlarm Pro s True Vector Internet monitor is getting ready to protect you ZoneA
111. rm Pro blocks cookies or mobile code and enables you to un block those elements for a particular page Back ZoneAlarm Pro 3 1 User s Manual Page 139 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 product update service A Zone Labs subscription service that provides free updates to ZoneAlarm Pro When you purchase ZoneAlarm Pro you automatically receive a year s subscription to product update service Back program authentication When a program on your computer asks for Internet access ZoneAlarm Pro examines its recorded MD5 checksum to verify that it has not been tampered with since its last request You can set ZoneAlarm Pro to authenticate only the program itself or the program and the shared components such as DLLs it uses Back programs list The list of programs to which you can assign Internet access and server permissions The list is shown in the Programs tab of the Program Control panel You can add programs to the list or remove programs from it Back protected system files Windows system components that are guarded by Windows File Protection Built in to Windows 2000 and later file protection keeps other programs from replacing system files with anything but Microsoft certified updates Back protocol A standardized format for sending and receiving data Different protocols serve different purposes for example SMTP Simple Mail Transfer Protocol is used for sending e mail me
112. ro on top during Internet activity to have the ZoneAlarm Pro window come to the top of all other open windows whenever Internet activity occurs Select Load ZoneAlarm Pro at startup to have ZoneAlarm Pro start automatically whenever you turn your computer on Select Remember the last tabs visited in the panels to have ZoneAlarm Pro start on the tab you had open the last time you closed the Control Center Select Show or Hide to show or hide the explanatory text that appears to the left of each ZoneAlarm Pro tab If you select Hide you can still display the text for any panel by clicking the Show Text link at the bottom 4 Contact with Zone Labs These controls enable you to protect your privacy when ZoneAlarm Pro communicates with Zone Labs Select Alert me with a pop up before make contact to have ZoneAlarm Pro warn you before it contacts Zone Labs to deliver registration information get product updates or find more information about an alert Select Hide my IP address when applicable to not include your IP address when you submit an alert to Zone Labs AlertAdvisor This prevents Zone Labs as well as anyone else who might intercept the message from identifying your computer Select Hide the last octet of my IP address to not include the last three digits for example 123 456 789 XXX of your IP address when you access AlertAdvisor ZoneAlarm Pro 3 1 User s Manual Page 85 of 145 Copyright Zone Labs Inc 2002 1 0003 030
113. rol prevented an application on your computer from ACCESS i accessing remote resources The firewall blocked a packet because the Internet Lock was LOCK engaged MS MailSafe quarantined an e mail attachment ICMP message types When ZoneAlarm Pro blocks an ICMP packet the log displays a number indicating what type of ICMP message it was e 0 Echo Reply e 3 Destination Unreachable e 4 Source Quench ZoneAlarm Pro 3 1 User s Manual Page 73 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 e 5 Redirect e 8 Echo Request e 9 Router Advertisement e 10 Router Solicitation e 11 Time Exceeded e 12 Parameter Problem e 13 Timestamp Request e 14 Timestamp Reply e 15 Information Request e 16 Information Reply e 17 Address Mask Request e 18 Address Mask Reply TCP flags The TCP Flags are e S SYN e F FIN R RESET e P PUSH e A ACK e U URGENT e 4 low order unused bit e 8 high order unused bit ZoneAlarm Pro 3 1 User s Manual Page 74 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Sample log entries Sample 1 FWIN FWIN 2000 03 07 14 44 58 8 00 GMT Src 192 168 168 116 0 Dest 192 168 168 113 0 Incoming ICMP FWIN indicates that the firewall blocked an incoming request to connect to your computer The entry also includes the following information e Date and Time e Source IP Address and port number e Destination IP Address and port number
114. rt Adding the source of the alert to the Trusted Zone ZoneAlarm Pro 3 1 User s Manual Page 113 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 If you determine that you received a firewall alert because ZoneAlarm Pro blocked traffic from a computer that you want to share resources with you can add that computer to the Trusted Zone directly from the alerts list Follow these steps 4 Right click the source IP address you want to add 5 Choose Add to Zone and Trusted from the shortcut menu Submitting the alert to Zone Labs AlertAdvisor To have Zone Labs AlertAdvisor analyze an alert for you follow these steps 1 Right click anywhere in the alert record you want to submit 2 Choose More Info from the shortcut menu 3 Entry Detail box The Entry Detail box displays details of the alert currently selected in the alerts list Entry detail fields are the same as those in the alerts list but displayed in an easily readable format 4 Add to Zone More Info Click Add to Zone to add the Source IP of the selected alert to either the Blocked Zone or the Trusted Zone Click More Info to have Zone Labs Alert Advisor analyze the selected alert and provide advice on any action you may need to take 5 Clear List Click Clear List to clear all entries from the Log Viewer You can still view all of these entries in the ZoneAlarm Pro log ZoneAlarm Pro 3 1 User s Manual Page 114 of 145 Copyright
115. rts 135 137 9 445 If yes the packet is allowed in y Block incoming NetBIOS ports 135 137 9 445 f no the packet is blocked Note This describes the treatment of unsolicited traffic that is packets that arrive from the Internet or a local network unexpectedly Port scans are a good example of unsolicited traffic that ZoneAlarm Pro protects you from When a permitted program on your computer has established a communications session with another computer Program Control rules decide what ports can be used What is a Zone Zones are how ZoneAlarm Pro keeps track of the good the bad and the unknown out on the Internet Zones are virtual spaces Zones are virtual soaces ways of classifying the computers and networks that your computer communicates with ZoneAlarm Pro 3 1 User s Manual Page 13 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 e The Internet Zone is the unknown All the computers and networks in the world belong to this Zone until you move them to one of the other Zones e The Trusted Zone is the good It contains all the computers and networks you trust and want to share resources with for example the other machines on your local or home network e Blocked Zone is the bad It contains computers and networks you distrust When another computer wants to communicate with your computer ZoneAlarm Pro looks at the Zone it is in that is whether it is good bad or unknown t
116. rts at all just select Off Tip If you want to change privacy settings for the Web site you are viewing click the Privacy Advisor ZoneAlarm Pro will open to the Site List tab with the site you are viewing selected Use the controls in the Site List tab to change privacy settings for the site ZoneAlarm Pro 3 1 User s Manual Page 19 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Logging security events You can control logging just as completely as you control alert display choosing to record all alerts only high rated alerts or alerts caused by specific traffic types ZoneAlarm Pro 3 1 gives you easy access to alert log records via the Alert Log tab so you can quickly retrieve the details on any individual alert ZoneAlarm Pro also provides easy tools for formatting and archiving text logs E mail protection ZoneAlarm Pro s MailSafe feature protects you from new viruses worms and other malware distributed in e mail attachments It also protects you from any old known threats Attaching files to e mail messages is a convenient way of exchanging information However it also provides hackers with an easy way of spreading viruses worms Trojan horse programs and other malware For example the infamous Love Bug worm was distributed as a Visual Basic Script VBS LOVE LETTER file oo Fortunately only certain types of attachments can contain potentially dangerous code These attachments type
117. rty connection sharing program you can protect all of the computers that share the connection from inbound threats by installing ZoneAlarm Pro on the gateway machine only However to receive outbound Program Control protection or to see alerts on the client machines you must have ZoneAlarm Pro installed on the client machines as well Tip Before you configure ZoneAlarm Pro use your ICS software to set up the gateway and client relationships If you use hardware such as a server or router rather than a host PC to perform Internet connection sharing do not follow the steps below On the ICS gateway machine 1 Goto Overview tab of the Firewall panel 2 Click Advanced ZoneAlarm Pro 3 1 User s Manual Page 67 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 3 Under Internet Connection Sharing select This computer is an ICS gateway 4 In the combination box select or type the IP address of the gateway machine 5 Select Suppress alerts locally if forwarded to clients if you do not want to see alerts on the gateway that are also displayed on the client Note that if you do not install ZoneAlarm Pro on the client machines all alerts will be displayed on the gateway 6 For best security make sure the security level for the Internet Zone is set to high Make sure outgoing DNS and DHCP are allowed for the Internet Zone at high security On the ICS client machines 1 Goto Overview tab of the Firewall panel
118. s When a program attemots to act as a serves to the Trusted ore Internet Zone Always accept he connection C Always accept the connection C Always deny the connection Always deny the connection f Always ask before connecting Always ask before connecting Ay By default ZoneAlarm Pro displays a New Program alert when a program on your computer tries to access the Internet or local network resources for the first time It displays a Server Program alert when a program tries to act as a server for the first time Use this tab to e Allow or deny access permission to all new programs e Allow or deny server permission to all new programs You can apply different settings to each Zone Note Settings for individual programs can be established in the Programs tab Settings in this panel apply ONLY to programs not yet listed in the Programs tab ZoneAlarm Pro 3 1 User s Manual Page 105 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 1 Connection attempts These settings determine what happens when a new program requests access permission for the Trusted Zone or Internet Zone Choose Always deny to have ZoneAlarm Pro deny access silently Choose Always allow to have ZoneAlarm Pro allow access silently Choose Always ask to have ZoneAlarm Pro show a New Program alert when a new program asks for access 2 Server attempts These settings determine what happens when a new program wants server
119. s if you have selected Allow access for ONLY the ports checked below or cannot access if you have chosen Allow access for any port EXCEPT for those checked below Be sure you have selected the option you intended To add ports to the list click the Add button and select the server type from the shortcut menu To add ports other than those associated with the server types listed choose Custom The Add dialog box will appear For more information about the Add dialog box click here 3 Add tab Access this dialog box by choosing Custom from the Add shortcut menu To add a specific port or range of ports to the list 1 Select the port type TCP or UDP 2 Type a description of the port for display only 3 Type the port number if you re adding a single port or the port range in the boxes provided then click OK ZoneAlarm Pro 3 1 User s Manual Page 109 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Security tab Customize the program authenbicaton level hor Microzoft Dutlook WYerson 9 02416 Authenticate program and componente C Authenticate program only Authenticate program by full path name only Descopton Program and associated components are authenticated by name and checksum eu aN Ay Use this tab to choose the type of authentication to be used for this program When a program accesses network resources ZoneAlarm Pro uses the selected authentication method to ensure that th
120. s can be identified by their filename extensions About filename extensions Filename extensions are the characters that appear after the dot in a file name They identify the file type so that the appropriate program or system component can open it Here are some examples EXE an executable file atile exe JS a javascript file myfile js a BAT a batch process file money bat ZoneAlarm Pro 3 1 User s Manual Page 20 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Tip It s a good idea never to open an e mail attachment unless you know the person it came from and have confirmed by phone or separate e mail message that that person actually sent it to you Remember hackers can alter an e mail message to look like it came from a friend ZoneAlarm Pro s MailSafe protects you by quarantining e mail attachments that may contain malicious code When an e mail with an attachment arrives MailSafe examines the attachment s Extension Quarantine AL filename extension If that extension Sl O a in the example at left BAT is in monep bat fo money zla MailSafe s quarantine list ZoneAlarm Pro changes the filename extension to zl where is a number or letter Changing the filename extension quarantines the attachment by keeping it from running automatically Batch File BAT oat When you open the e mail containing the attachment Tena Alarm Pro Alar
121. s tab to grant access and server permission Security level Zone Some Internet games particularly those that use java applets or other web based portal functionality may not work properly when your Internet security level is set to high High security will also prevent remote game servers from seeing your computer To solve these problems you can e Change your Internet Zone security level to medium or e Add the game server you re connecting to to your Trusted Zone The game documentation or from the game manufacturer s Web site should indicate the IP address or host name of the server Use the Zones tab to place servers in the Trusted Zone Caution Trusting game servers means trusting the other players in the game ZoneAlarm Pro does not protect you from attacks instigated by fellow gamers in a trusted environment Make sure that you understand how to configure your browser s security for optimal protection and have the latest service packs installed for the browser you are using Firewall settings ZoneAlarm Pro dynamically opens and closes ports as needed when you re gaming so no adjustments to firewall configuration need to be made Internet call waiting Internet answering machines To use Internet answering machine programs such as CallWave with ZoneAlarm Pro do the following 1 Give the program access permission and sever permission for the Internet Zone 2 Add the IP address of the vendor s servers to the Trusted
122. s to download Click Custom to open the Ad blocking tab where you can customize ad blocking settings Settings e High blocks common types of ads pop up pop under animated and banner skyscraper whether they affect the speed at which web pages load or not e Medium blocks pop up ads pop under ads and animated ads but blocks banner and skyscraper ads only when they slow down the performance of the Web sites you visit e Off allows all advertisements Note If you have customized your ad blocking settings the slider control is disabled To abandon your customized settings and return to preconfigured settings click the Default button 3 Mobile Code control Use the radio buttons to turn mobile code on or off Click Custom to open the Mobile Code tab where you can customize mobile code control settings Settings e On Blocks scripts MIME type integrated objects and embedded objects e Off Blocks no mobile code This is the default setting allowing the Web interactivity supported by active controls Note Blocking mobile code may disable some interactive features of Web sites you visit To abandon customized settings and return to preconfigured settings click the Default button ZoneAlarm Pro 3 1 User s Manual Page 122 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Site List tab Privacy Cookie Control Saisio Farsistert ad Party site 7 Edited Mobile Code WA live com ff uf AA OTTO CY SE aT
123. sor ore into e r Renmenba ha aawer the rem bre use thes program Server Program alerts enable you to set server permission for a program on your computer See also Server Permission page 141 Why these alerts occur Server Program alerts occur when a program on your computer wants server permission for either the Internet Zone or Trusted Zone and that program has not already received permanent server permission from you Relatively few programs on your computer will require server permission Some common types of programs that do are e Chat e Internet Call Waiting ZoneAlarm Pro 3 1 User s Manual Page 47 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 e Music file sharing such as Napster e Streaming Media such as RealPlayer e Voice over Internet e Web meeting What you should do Click Yes or No in the alert pop up after following these steps 1 Did you just launch a program or process that would reasonably require permission If so it s probably safe to click Yes If not continue with step 2 2 Do you recognize the name of the program in the Alert pop up and if so does it make sense for the program to need permission If so it s probably safe to click Yes If not or if you re not sure continue with step 3 3 Click the More Info button in the alert box This submits your alert information for example the name of the program and the address it was trying to reach to AlertAdvi
124. sor which then displays a Web page with information about the alert and the program Use the AlertAdvisor information to help you decide if it s safe to answer Yes Caution If you are still not certain that the program is legitimate and needs server permission it is safest to answer No If it becomes necessary you can give the program server permission later by using the Programs tab How you can see fewer of these alerts If you are using the types of programs described above that require server permission to operate properly use the Programs tab in ZoneAlarm Pro to grant permission before you start using the program See also Programs tab page 98 Changed Program alert 2oneAlarm Pro Alert CHANGED PROGRAM Dia poa eed ba ca E ea ete Pee cee one o acorta the local reuk Tecterecal Information Dictate IF 17216211 44 Piratas wearer fos Way AlertAdvisor Moremto Rear Du net e red Gee ice be AAA aii ZoneAlarm Pro 3 1 User s Manual Page 48 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Why these alerts occur Changed Program alerts warn you that a program that has asked for access permission or server permission before has changed somehow and is asking for permission again If you click Yes the changed program is allowed access If you click No the program is denied access Changed Program alerts can occur if you have updated a program since the last time it acc
125. ssages while FTP File Transfer Protocol is used to send large files of different types Each protocol is associated with a specific port for example FTP messages are addressed to port 21 Back Quarantine ZoneAlarm Pro s MailSafe quarantines incoming e mail attachments whose filename extensions far examnle FXF ar RAT indicate the nossihilitv of ZoneAlarm Pro 3 1 User s Manual Page 140 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 auto executing code By changing the filename extension quarantining prevents the attachment from opening without inspection This helps protect you from worms viruses and other malware that hackers distribute as e mail attachments Back R no entries S script A series of commands that execute automatically without the user intervening These usually take the form of banners menus that change when you move your mouse over them and popup ads Back ZoneAlarm Pro 3 1 User s Manual Page 141 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 server permission Server permission allows a program on your computer to listen for connection requests from other computers in effect giving those computers the power to initiate communications with yours This distinct from access permission which allows a program to initiate a communications session with another computer Several common types of applications such as chat programs e mail clie
126. sted Zone security level to medium and the Internet Zone security level to high This allows trusted computers to access your shared files but blocks all other machines from accessing them Note ZoneAlarm Pro will detect your network automatically and display the New Network alert You can use the alert itself to add your network subnet to the Trusted Zone See also New Network alert page 42 Sharing files and printers across a local network ZoneAlarm Pro enables you to quickly and easily secure your computer so that the trusted machines you re networked with can access your shared resources but Internet intruders can t use your shares to compromise your system To configure ZoneAlarm Pro for secure sharing 1 Add the network subnet or in a small network the IP address of each computer you re sharing with to your Trusted Zone 2 Set the Trusted Zone security level to medium This allows trusted computers to access your shared files 3 Set Internet Zone security level to high This makes your computer invisible to non trusted machines Note ZoneAlarm Pro will detect your network automatically and display the New Network alert You can use the alert itself to add your network subnet to the Trusted Zone For more information see New Network alert page 42 VPN Virtual Private Network If you run a VPN client ZoneAlarm Pro examines outgoing packets before encryption and incoming packets after decryption This prevents malici
127. subnet to the Trusted Zone This is the preferred option If you do not know the IP address of the viewer or it will change then give the program access permission and server permission for the Trusted and Internet Zones 2 On the viewer client machine run VNCviewer to connect to the server machine Do not run in listen mode 3 On the viewer client machine do one of the following If you know the IP address or subnet of the server and it will always be the same add that address or subnet to the Trusted Zone This is the preferred option If you do not know the IP of the Server or it will change then give the program access permission and server permission for both the Trusted Zone and Internet Zone ZoneAlarm Pro 3 1 User s Manual Page 64 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 4 When prompted by VNCviewer on the viewer machine enter the name or IP address of the server machine followed by the password when prompted You should be able to connect Caution lf you enable VNC access by giving it server permission and access permission be sure to set and use your VNC password in order to maintain security We recommend adding the server and viewer IP addresses to the Trusted Zone rather than giving the application Internet Zone permission if possible Tip Leave the Trusted Zone security level on medium If you raise it to high you may have access problems Use the Zones tab to place ser
128. t e Outgoing DHCP port 67 On Windows 9x systems e Outgoing DNS port 53 If the machine is configured as an ICS gateway in the Security tab These protocols are permitted because they are central to basic Internet addressing functions and do not represent a serious security risk Allowing Additional Ports You can allow communication through additional ports at high security either by selecting one of the preconfigured protocols shown ICMP IGMP and so forth or by specifying a port number To specify a port number follow these steps 1 Scroll to the bottom of the high security list 2 Click the port type desired incoming UDP outgoing UDP incoming TCP or outgoing TCP A text box labeled Ports appears at the bottom of the dialog box 3 Type the ports or port ranges you want to allow in the Ports text box separated by commas Example 139 200 300 4 Click Apply or OK 2 Medium security settings for the Trusted Zone These are the port and protocol restrictions applied to the Trusted Zone when Medium security is selected in the Main tab of the Firewall panel Default configuration The default settings for medium security ALLOW all inbound and outbound traffic through all ports INCLUDING incoming NetBIOS traffic ports 135 137 139 445 The NetBIOS protocol enables file and printer sharing on local networks Blocking Additional Ports You can block additional ports at medium security either by selecting
129. t e The IP Address that the application was trying to connect to Sample 5 ACCESS ACCESS 2000 09 07 16 45 57 5 00 GMT Microsoft Internet Explorer was not allowed to connect to the Internet 64 55 37 186 N A N A The ACCESS entry informs you that Program Control prevented an application on your computer from accessing remote resources The entry also includes the following information e Date and Time e The application on your computer that attempted to access the Internet e The IP Address that the application was trying to connect to Sample 6 MS MS 2000 09 08 09 45 56 5 00 GMT Microsoft Windows TM Messaging Subsystem Spooler Renamed e mail attachment of type HLP to zla N A The MS entry informs you that an e mail containing an attachment of a file type that you have asked MailSafe to quarantine was received by your e mail client The entry also includes the following information e Date and Time e The system that handles e mail delivery on your system like Microsoft Windows TM Messaging Subsystem Spooler ZoneAlarm Pro 3 1 User s Manual Page 76 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 e The name of the file including file type that was quarantined ZoneAlarm Pro 3 1 User s Manual Page 77 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Interface Guide The ZoneAlarm Pro dashboard All Systems Active The traffic indicator shows you when traffic leaves r
130. t Loading alert can also occur if someone has tampered with a component or created a malicious component designed to use a known program as a resource Component Loading alerts occur when all of the following are true e The Program Control level is set to High e A repeat program one that has requested Internet access before and whose MD5 signature has been recorded by ZoneAlarm Pro loads a new component some time after the program itself has loaded e That component is new or has changed or has Ask permission set in the Components tab What you should do The proper response to a Component Loading alert depends on your situation Consider the following questions 1 Are you actively using the application that loaded the component 2 Ifthe program that loaded the component was your browser did you just try to access functionality that might require the browser to load a new component Some examples of such functionality are flash videos and pdf files If you can answer Yes to both questions it is likely that ZoneAlarm Pro has detected legitimate components that your browser or other programs need to use It is probably safe to answer Yes to the Component Loading alert If you cannot answer yes both questions or if you feel unsure about the component for any reason it is safest to answer No How you can see fewer of these alerts It is unusual to see a large number of Component Loading alerts However you may receive
131. t Zone Labs Inc 2002 1 0003 0301 2002 08 15 J Allow the cookie or mobile code x Block the cookie or mobile code without notifying you To change a privacy setting for a site click the symbol you want to change then choose from the shortcut menu Tip The general privacy settings in the Main tab of the Privacy panel are applied to any sites you don t customize privacy settings for You don t have to customize settings for each site to be protected 3 Entry Detail The details box displays information about the site selected in the site list To see details for any site in the list click on the site name 4 Add Options Click the Add button to manually add a site to the list The Add dialog box opens Type the URL of the host or site in the text box provided then click OK Setting options for a site Click the Options button to open the Site Options dialog box Use the Cookies tab Ad blocking tab and Mobile Code tab to customize settings for the selected site ZoneAlarm Pro 3 1 User s Manual Page 124 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Cookies tab Cookies Customize cookie control for all future Web sites you vizit Session Cookies _ i o _ cqcXx Block session cookies Persistent Cookies _ _ M Block persistent cookies Jd Party Cookies M Block 3rd party cookies M Disable web bugs M Remove private header in
132. t ZoneAlarm Pro displays a MailSafe alert to let you know it Mallsafe has quarantined the attachment Click OK to close the alert Renarmed amal sisch of type bal to 23 box I Foya Hicon Duio Ima 110112002 120545 FA Dont thew thee dialog agan When you try to open the attachment ZoneAlarm Pro warns you of the potential risk in opening the attachment foneAlanm Pro MailSate Warninc 7 This e mail attachment is quarantined by ZoneAlarm If you re sure the file is harmless and li you want to open it click the Run Batch File is a program that could cause damage button You can also save the file for to your computer files wolate your privacy or infact later others with a dangerous virus Even if you know and trust the sender they may have Tio U ho k h t dcod inadvertently sent you a dangerous virus Ip sers Who i now NOW to read co oh can click Inspect with Notepad to examine the Unless you are expecting thes program from the code of attachment itself sender and know what it does it is strongly recommended that you do not nun it fun Saveas inspect with Notepad Do net run ZoneAlarm Pro 3 1 User s Manual Page 21 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Installing ZoneAlarm Pro System Requirements The minimum system requirements for ZoneAlarm Pro 3 1 are Processor IBM PC or 100 compatible Pentium 233 MHz or higher 450MHz or higher recommended Operating
133. t provides access to the Internet ISP s provide many kinds of Internet connections to consumers and business including dial up connection over a regular telephone line with a modem high speed Digital Subscriber Lines DSL and cable modem Back J no entries K no entries L no entries mail lt erver ZoneAlarm Pro 3 1 User s Manual Page 136 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 The remote computer from which the e mail program on your computer retrieves e mail messages sent to you MD5 signature A digital fingerprint used to verify the integrity of a file If a file has been changed in any way for example if a program has been compromised by a hacker its MD5 signature will change as well Back medium rated alert An alert that was probably caused by harmless network activity rather than by a hacker attack Back MIME type integrated object An object such as an image sound file or video file that is integrated into an e mail message MIME stands for Multipurpose Internet Mail Extensions Back mobile code Executable content that can be embedded in Web pages or HTML e mail Mobile code helps make Web sites interactive but malicious mobile code can be used to modify or steal data and for other malevolent purposes Back mobile code control A ZoneAlarm Pro feature that enables you to block active controls and scripts on the Web sites you visit Whil
134. t viruses and worms are spread Some worms can raid your e mail address book and forward themselves to everyone in it When your friends see the message they ll think it came from you and open it thus repeating the cycle For best security you should never open an e mail attachment that ZoneAlarm Pro has quarantined without first confirming the following three things e That it actually came from someone you know and trust e That that person sent it intentionally e That that person is sure that the attachment is harmless What you should do Click OK to close the alert box then follow the steps below to ensure your security ZoneAlarm Pro 3 1 User s Manual Page 53 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 1 Examine the e mail message carefully Are you sure it s from someone you know and trust Remember hackers can fake e mail messages so that they look like they are from a friend Also if a friend has accidentally opened a file containing an e mail worm that worm may have sent itself to you using your friend s e mail program 2 If you re not completely sure the message is genuine contact the sender by telephone or e mail before trying to open the attachment 3 If you re certain the attachment is harmless you can open it by clicking the quarantine icon which replaces the normal file icon Tip When you try to open a quarantined attachment ZoneAlarm Pro will display a warning dialog box to remin
135. tAdvisor AlertAdvisor returns an article that explains the alert and gives you advice on what if anything you need to do to ensure your security Back animated ad An advertisement that incorporates moving images banner ad An ad that appears in a horizontal banner across a Web page Blocked Zone The Blocked Zone contains computers you want no contact with ZoneAlarm Pro prevents any communication between your computer and the machines in this Zone Back ZoneAlarm Pro 3 1 User s Manual Page 132 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 component A small program or set of functions that larger programs call on to perform specific tasks Some components may be used by several different programs simultaneously Windows operating systems provide many component DLLs Dynamic Link Libraries for use by a variety of Windows applications Back cookie A small data file used by a Web site to customize content remember you from one visit to the next and or track your Internet activity While there are many benign uses of cookies some cookies can be used to divulge information about you without your consent Back cookie control A ZoneAlarm Pro feature that enables you to block the use of all cookies or specific types of cookies thus protecting you from data leaks stemming from cookie use Back D DHCP Dynamic Host Configuration Protocol A protocol used to support dynamic IP addressi
136. table file for example C Program Files Internet Explore lEXPLORE EXE Version The version number of the program ate The date the program was created by its manufacturer File size The size of the executable file 7 Add Options buttons Use these buttons to add a program to the programs list or to access program options for the currently selected program Click Add to add a program to the programs list ZoneAlarm Pro 3 1 User s Manual Page 100 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Click Options to access the Ports tab and Security tab in the Program Options dialog Dox For more information about the Program Options dialog Ports tab page 108 and Security tab page 110 Components tab Program Control Component Description activeds dll ADe Reuter Layer DLL acho yl ActiveX Interface Marahaling Library ads lalgec ill ADs LDAP Prowider E DLL alertzap Alerts Plugin Module atl iil ATL Module for Windows NT Unicode bn ow Sebel Shell Browser W Libi ar y Entry Detail 2 Component nan Fis marre WANTS STEMS A0LESUTS2 OLL ODN ANHT 4 Fis type Crymamic Link Library i dieran Probe 3 vam Fir xil Bore Info About component security ZoneAlarm Pro s component security feature prevents hackers from employing altered or falsified DLLs and other modules used by trusted programs in order to attack your computer Without component security malicious programmers could modify DLLs f
137. tcut menu 2 Check All Clear All Click Check All to have MailSafe quarantine all attachment types in the list Click Clear All to have MailSafe allow all attachment types in the list 3 Add Apply Click Add to add an attachment type to the list using the Add dialog box Click Apply to save any changes you have made in this tab Use the Add dialog box to add an extension to the MailSafe list To access the Add dialog click the Add button in the Attachments tab Type a description and filename extension with or without the character then click OK ZoneAlarm Pro 3 1 User s Manual Page 130 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Glossary A access permission Access permission allows a program on your computer to initiate communications with another computer This distinct from server permission which allows a program to listen for connection requests from other computers You can give a program access permission for the Trusted Zone the Internet Zone or both Several common applications may need access permission to operate normally For example your browser needs access permission in order to contact your ISP s servers Your e mail client for example MS Outlook needs access permission in order to send or receive e mail The following basic options are available for each program Allow the program to connect to computers in the Internet Zone Trusted Zone Block the program
138. technical support resources to determine if a changed program is dangerous or not Tip In order to investigate the program you will need the file name version number and location of the file on your computer You can get this information from the Changed Program alert box Follow these steps to investigate the program 1 Make sure your virus scanner Trojan scanner is up to date 2 Scan the program file 3 If your scanner does not indicate a virus or other problem contact the technical support staff of the manufacturer of the changed program They may be able to give a reason why the program changed such as an automatic update ZoneAlarm Pro 3 1 User s Manual Page 56 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Investigating changed components When you receive a Program Component alert or Component Loading alert lt can be difficult to determine if the component is dangerous or not Tip In order to investigate the component you will need the file name version number and location of the file on your computer You can get this information from the Program Component alert box and from the Program Details box shown below ZoneAlarm Pro Alert s ZoneAlarm Pro Program Details Component Description Status misgar Messenger Service Unik aes ae Properties Ask Access the Program Details box by clicking the Details button in a Program Component alert or Component Loading alert To view
139. ternet use in a text file Back nina 138 of 145 s Inc 2002 o 2002 08 15 A type of IC MP message formally ICMP echo used to determine whether a specific computer is connected to the Internet A small utility program sends a simple echo request message to the destination IP address and then waits for a response If a computer at that address receives the message it sends an echo back Some Internet providers regularly ping their customers to see if they are still connected Back pop under ad An ad that appears in a new browser window that opens under the window you re looking at so you don t see the ad until you close the original browser window Back pop up ad An ad that appears in a new browser window that pops up in front of the window you re looking at port A channel in or out of your computer Some ports are associated with standard network protocols for example HTTP Hypertext Transfer Protocol is traditionally addressed to port 80 Port numbers range from 1 to 65535 Back port scan A technique hackers use to find unprotected computers on the Internet Using automated tools the hacker systematically scans the ports on all the computers in a range of IP addresses looking for unprotected or open ports Once an open port is located the hacker can use it as an access point to break in to the unprotected computer Back Privacy Advisor A small display that shows you when ZoneAla
140. that Zone only Once your e mail client has access to the Trusted Zone add the remote mail server host to the Trusted Zone Use the Programs tab to grant access and server permission Use the Zones tab to place servers in the Trusted Zone File Sharing File sharing programs such as Napster Limewire AudioGalaxy or any Gnutella client software must have server permission for the Internet Zone in order to work with ZoneAlarm Pro Use the Programs tab to grant access and server permission ZoneAlarm Pro 3 1 User s Manual Page 61 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 FTP To use FTP File Transfer Protocol programs you may need to make the following settings adjustments in your FTP client program and in ZoneAlarm Pro e Enable passive or PASV mode in your FTP client This tells the client to use the same port for communication both directions If PASV is not enabled ZoneAlarm Pro may block the FTP server s attempt to contact a new port for data transfer e Add the FTP sites you use to the Trusted Zone e Give Trusted Zone access permission to your FTP client program Use the Programs tab to grant access and server permission Use the Zones tab to place servers in the Trusted Zone Games In order to play games over the Internet while using ZoneAlarm Pro you may have to adjust the following settings Program permission For an Internet game to function properly it will require Internet a
141. the Internet Zone and Trusted Zone You can grant access in any of the following ways e Run the Program Wizard from the Overview tab of the Program Control panel ZoneAlarm Pro will automatically detect your default browser and prompt you to grant it Internet Zone access e Goto the Programs tab in the Program Control panel and use the controls there to grant access e Answer Yes when a Program alert for the browser appears See also Programs tab page 98 Windows 2000 If you are using Windows 2000 you may need to allow Internet access rights to the Services and Controller App the file name is typically services exe To do this 1 Open the Programs tab in the Program Control panel 2 Locate Services and Controller App in the program list 3 Click the buttons in the Access field and select Allow from the pop up menu Netscape Netscape Navigator versions above 4 73 will typically experience no problems running concurrently with ZoneAlarm Pro If you are using Navigator version 4 73 or higher are still experiencing difficulty accessing the web with ZoneAlarm Pro active check the browser Preferences to make sure you are not configured for proxy access Tip Make sure that you understand how to configure your browser s security for optimal protection and have the latest service packs installed for the browser you are using ZoneAlarm Pro 3 1 User s Manual Page 60 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002
142. ther computers on the Internet Windows services are still blocked Program permissions are still enforced ZoneAlarm Pro 3 1 User s Manual Page 86 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 e Low security enables Windows services Your computer is visible to others and file sharing is allowed Program control is still enforced 4 Trusted Zone Security Use the slider to set the security level for the Trusted Zone Click the Custom button to open the Trusted Zone tab where you can block or unblock specific ports See also Trusted Zone tab page 91 About Trusted Zone security levels e High security puts your computer in stealth mode Windows NetBIOS services and file and printer shares are blocked Ports are opened only when a program you have given access permission or server permission needs them Programs must have your permission in order to access the Internet or local network e Medium security takes your computer out of stealth mode making it visible to other computers on the Internet File and printer sharing as well as Windows services NetBIOS are enabled Programs must still have permission to access the Internet or local network e Low security enables Windows services Your computer is visible to others and file sharing is allowed A program control is still enforced Zones tab Name gt IP Address Site Entry Type Zone A Mew Network 172 16 0 00255 255 0 0 Hetwork Internet 1 O
143. ttings for Internet zone Allow outgoing OMS UDP port 53 Allow outgoing DHCP UDP port 677 Allow broadcast multicast Medium security settings for Internet zone Block incoming NetBIOS ports 135 137 9 445 Block outgoing MetBlOS ports 135 137 9 445 Allows incoming shir _Resetto Defaut Apply Use this dialog box to customize high security and medium security settings for traffic to and from the Internet Zone 1 High security settings for the Internet Zone These are the port and protocol restrictions applied to the Internet Zone when High security is selected in the Main tab of the Firewall panel Tip To view the settings for medium security scroll down below the high security settings Default configuration ZoneAlarm Pro 3 1 User s Manual Page 89 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 The default configuration for high security blocks all inbound and outbound traffic through ports not being used by programs you have given access or server permission except e DHCP broadcast multicast e Outgoing DHCP port 67 on Windows 9x systems e Outgoing DNS port 53 If the machine is configured as an ICS gateway in the Security tab Allowing Additional Ports You can allow communication through additional ports at high security either by selecting one of the preconfigured protocols shown ICMP IGMP and so forth or by specifying ports To specify ports follow these steps 1
144. turn the Internet Lock on or off 1 Program Control Use the slider to choose a global setting for program control Tip Zone Labs recommends the default Medium setting for the first few days of normal use This enables ZoneAlarm Pro to learn and secure your program components ZoneAlarm Pro will remind you to raise program control to High after a few days High setting When a program accesses the Internet ZoneAlarm Pro authenticates it as well as the components it is using If the program s MD5 signature file name or location has changed a Changed Program alert is displayed If the program is using a new component or a component whose signature has changed a Program Component alert is displayed Program permissions are enforced The following program alerts can occur under this setting e New Repeat Server Program e Changed Program e Program Component Medium setting ZoneAlarm Pro 3 1 User s Manual Page 96 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 ZoneAlarm Pro authenticates the program and learns the components the program is using adding them to the components list and recording their MD5 signatures Later if program control is set to High the recorded component signatures are used for authentication Program permissions are enforced The following program alerts can occur under this setting e New Repeat Server Program e Changed Program Low setting ZoneAlarm Pro learns you
145. ty You can turn the automatic lock on or off in the Programs tab For more information about customizing automatic lock settings see Auto Lock tab page 104 Using your programs with ZoneAlarm Pro Anti virus software Automatic updates In order to receive automatic updates from your anti virus software vendor add the domain that contains the updates e g update avsupdate com to your Trusted Zone See Zones tab page 87 E mail protection In some cases ZoneAlarm Pro s MailSafe feature may conflict with the e mail protection features of anti virus software If this occurs you can adjust ZoneAlarm Pro and anti virus settings so that you benefit from both anti virus and ZoneAlarm Pro protection Follow these steps 1 Set your anti virus program to scan all files on access and disable the e mail scanning option 2 In ZoneAlarm Pro enable MailSafe ZoneAlarm Pro 3 1 User s Manual Page 59 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 3 In the Alert Events tab accessed by clicking the Advanced button in the Alerts amp Logs Overview tab turn off alert display for quarantined MailSafe attachments With this configuration MailSafe will still quarantine suspect e mail attachments and warn you when you try to open them If you elect to open an attachment anyway your anti virus software will still scan it Browsers In order for your browser to work properly it must have access permission for
146. uests Internet access and then give it permission ZoneAlarm Pro 3 1 User s Manual Page 35 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 e Advanced Choose this only if you know what programs you want to give Internet access permission to and where they are stored on your computer Configuration Wizard 8 Secure Programs A o Be a a Program Wizard j i ZUNE Secure Programs PE SECURE YOUR PROGRAMS Programs Access Server FOR INTERNET ACCESS Click Add to choose programs to secure then click in the Access and Server columns to set permissions C OUTLOOK EXE Y Y Access permission The program can initiate Connections with other computers Add Server permission The program can listen ooo for connection requests from other computers Very few programs require for any of these programs this setting will Server permission overwrite those permission L Click Add to access the Windows interface and navigate to the programs you want to secure for Internet access Click the Internet Access and Server Rights columns to give the programs you choose access permission and or server permission Tip For definitions of access permission and server permission see the glossary ZoneAlarm Pro 3 1 User s Manual Page 36 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Configuration Wizard 9 Congratulations Set up complete ZUNE
147. urce To change the Zone of a traffic source left click click in the Zones column for the source then select from the shortcut menu Adding removing or editing a traffic source To add remove or edit a traffic source right click in the Zones column for the source then select from the shortcut menu Tip You must click the Apply button to save your changes 2 Entry detail window The entry detail window displays information about the traffic source currently selected in the traffic source list The fields are the same as those in the traffic source list 3 Add Edit buttons To add a traffic source to the list click the Add button and select the type of traffic source you want to add from the shortcut menu The Add dialog box opens ZoneAlarm Pro 3 1 User s Manual Page 88 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 To change the Zone or any other information about a traffic source already in the list select the traffic source then click the Edit button The Edit dialog box opens 4 Remove Apply buttons To remove a traffic source from the list select it then click the Remove button To save any changes you have made in this tab click the Apply button Internet Zone tab Internet Zone Use this page to set custom security levels for the Internet one High secuinty blocks all network traffic escept authorized program trafic and traffic indicated by a check mark High security se
148. vers in the Trusted Zone Use the Programs tab to grant access and server permission Telnet To access a remote server via Telnet add the IP address of that server to your Trusted Zone Streaming audio video Applications that stream audio and video such as RealPlayer Windows Media Player QuickTime and so forth etc must have server permission for the Internet Zone in order to work with ZoneAlarm Pro Voice over IP VolP To use Voice over IP VolP programs with ZoneAlarm Pro you will have to do one or both of the following depending on the program 1 Give the VolP application server permission and access permission 2 Add the VoIP provider s servers to the Trusted Zone To learn the IP addresses of these servers contact your VolP provider s customer support ZoneAlarm Pro 3 1 User s Manual Page 65 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Networking with ZoneAlarm Pro Making your computer visible on your local network If you can t see the other computers on your local network or they can t see you it is possible that ZoneAlarm Pro is blocking NetBlOS traffic necessary for Windows network visibility To make your computer visible to the others on your local network 1 In the Zones tab of the Firewall panel add the network subnet or in a small network the IP address of each computer you re sharing with to your Trusted Zone 2 In the Main tab of the Firewall panel set the Tru
149. vice running Without the interface you would not see a Program alert when new program or a program set to Ask requests Internet access This could cause the program to freeze Select this option to have the TrueVector engine automatically deny access to any program set to Ask While the program won t be able to access network resources in this scenario the automatic denial of access will leave it operational for other tasks 3 Require administrative privileges If you protect your ZoneAlarm Pro settings with a password you can t answer Yes to a program alert thereby giving the program Internet access unless you are logged in Deselect this option to allow someone who has not logged in with your ZoneAlarm Pro password to temporarily grant a program Internet access ZoneAlarm Pro 3 1 User s Manual Page 107 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Ports tab Ports Use these sethings to set poll access permissions for Microsoft Oullook Use the Add and Remove buttons bo designate specific porte of port ranges Microsoft Outlook Wersion 9 02416 Allow access to all ports and protocols 4 E Allow access for ONLY the ports and protocols checked below Allow access for any port EXCEPT for those checked below 7 ICMP Protocol including Ping IGMP Protocol Y Mail servers SMTP TCP and UDP port 25 Y Mail servers POP TCP and UDP port 1140 Y Mail servers IMAP TCP and UDP port 143
150. w ZoneAlarm Pro protects you ZoneAlarm pro offers four main lines of defense against Internet threats e Firewall protection guards the doors ports through which hackers can break in to your computer e Program control keeps Trojan horses and other hacker malware from setting up shop on your computer e Privacy protection protects your personal information from the abuse of Internet cookies and advertisements and protects you from possibly dangerous mobile code scripts and embedded objects buries in Web pages e E mail Protection shields you from worms and viruses both known and unknown that can arrive in e mail attachments Firewall protection What s a firewall In buildings a firewall is a barrier that prevents a fire from spreading In computers the concept is similar There are a variety of fires there out on the Internet hacker activity viruses worms and so forth A firewall is a system that stops the fire from spreading to your computer A firewall guards the doors to your computer that is the ports through which Internet traffic comes in and goes out The firewall only lets traffic through the ports that you have specified can be used This has two security benefits e Noone can sneak into your computer through an unguarded port e Programs on your computer can t use unguarded ports to contact the outside world without your permission What are ports Ports are logical channels through which t
151. xample Cookie control Internet cookies make it possible for e commerce sites like Amazon for example to recognize you as soon as you arrive and customize the pages you visit to your liking However cookies can also be used to record information about your web surfing habits and give that information to marketers and advertisers Zone Alarm Pro s default medium cookie control setting balances security with convenience by blocking only third party cookies those cookies that are used to track your viewing habits Session cookies and persistent cookies are allowed If you wish you can instantly block all cookies by choosing the high cookie control setting giving you have full protection against all types of cookie abuse but at the expense of the convenience that cookies make possible ZoneAlarm Pro default settings For most people the default settings chosen by the security professionals at Zone Labs provide strong security without sacrificing too much convenience and interactivity Control Default What the default setting does ZoneAlarm Pro 3 1 User s Manual Page 39 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Firewall Internet Zone Firewall Trusted Zone Program Control Authentication Alerts amp Logs Privacy Cookies Privacy Ad blocking lite eT Fore Geci High Med Low rusted Zone Security T a als Program Control High Mel Alent Ev
152. y To have ZoneAlarm Pro display the system tray icon alert select the check box labeled Enable system tray icon alert ZoneAlarm Pro 3 1 User s Manual Page 117 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 2 System Tray Icons The icons displayed in the system tray let you monitor your security status and Internet activity as frequently as you wish and access your security settings in just a few clicks To open the ZoneAlarm Pro control center double click any of the system try icons Icon Meaning HA ZoneAlarm Pro is installed and running Your computer is sending red band or receiving green band BE network traffic This indicator does not imply that you have a security problem or that the network traffic is dangerous ZoneAlarm Pro has blocked a communication but your settings prevent a full sized alert from being shown System Tray Menu The system tray shortcut menu shown below gives you quick access to the Internet Lock and other functions To open the menu right click the system tray icon For more information about the Engage Internet Lock and Stop all Internet activity functions see Using the Internet Lock and Stop button page 57 ZoneAlarm Pro 3 1 User s Manual Page 118 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 Log Control tab AAA IN Turn on aichiang below to create a text he record of pour alert log Each tinme a log file archived it wil be save
153. you don t suspect you re under attack Make sure your Trusted Zone security is set to medium If you re on a home or business network and your Trusted Zone security is set to high normal LAN traffic such as NetBlOS broadcasts may generate firewall alerts Try lowering Trusted Zone security to medium Determine if the source of the alerts should be trusted Repeated alerts may indicate that a resource you want to trust is trying repeatedly to contact you 11 Submit repeated alerts to AlertAdvisor by clicking the More Info button in the Log Viewer tab See page 112 12 Use AlertAdvisor to determine whom the source IP address that caused the alerts belongs to 13 If the alerts were caused by a source you want to trust add it to the Trusted Zone Do this in the Log Viewer tab See page 112 Determine if your Internet Service Provider is sending you heartbeat messages Try the procedures suggested for managing ISP heartbeat See ISP heartbeat page 68 Set your alert display controls to medium ZoneAlarm Pro 3 1 User s Manual Page 45 of 145 Copyright Zone Labs Inc 2002 1 0003 0301 2002 08 15 By default ZoneAlarm Pro only displays high rated firewall alerts If your defaults have been changed you may see a lot of medium rated alerts Try setting your alert display settings to medium in the Main tab of the Alerts 8 Logs panel See page 111 Other alerts Repeat Program alert ZoneAlarm Pro Alert E Repeat Progr

Download Pdf Manuals

Related Search

Related Contents

EnjoyTone Robust S09 User Manual English  KitchenAid W10379132A User's Manual  Philips 017266693      VECTOR et BILEVEL ST20  instructions 3 Bedienungsanleitung 7 mode d  WiFi to RS-422/485 adapter user manual  Operating Instructions - University of Notre Dame  Télécharger ce fichier  

Copyright © All rights reserved. Failed to retrieve file