Security → [ZA PRO] Unknown objects trying to use internet

I just had something odd happen and was hopen maybe somebody could explain this to me. I was browsing to a website and got a message from ZA that an object was trying to access the internet. I blocked it and then opened Outlook. I got another prompt that a different object was trying to use the internet. I've uploaded a snapshot. When I right click on either of them and select properties it tells me: Access to the specified path or drive is denied.

Any ideas? I've already done a full virus scan and nothing came up.

Edit:The files size for each is "0" and the date says "invalid date".
[text was edited by author 2002-12-04 17:54:48]

I maybe wrong with statement. I have had the same problems. With IE6SP1 and OE6SP1. I suspect that when one of them has an error. They both try to call home and report the error to Microsoft. The other error could be caused by ZAPs Privacy settings. I waiting for another error to be logged by ZAP. So i can try and track the problem down.

Are you running WINXP????
M-005c: Office XP Error Reporting May Send Sensitive Documents to Microsoft

»www.ciac.org/ciac/bullet ··· 05.shtml

Microsoft Error Reporting
Data Collection Policy
Objective
The Microsoft Error Reporting tool allows users to report errors to Microsoft via the Internet. When an error occurs, users with an Internet connection can immediately report the error to Microsoft. If the error report indicates that one or more third-party products were involved in causing the problem, Microsoft may send the report to those third parties. Qualified software or hardware developers (employed by Microsoft or one of its partners) will analyze the fault data and try to identify and correct the problem.

»watson.microsoft.com/dw/ ··· /dcp.asp

I'm on Win2K and have Office 2K.

Are you a home user or in an office enviornment networked..and is your 2000 set up as a server???

Home user, non-networked, no server setup.

This hasn't happened again since I deleted the *.rdb files and started over.

said by NicoleDiana6:

---

This hasn't happened again since I deleted the *.rdb files and started over.

---

Confirmation of the advice I gave you a day or so ago. The .rdb files can become corrupt (I suspect this happens with "fiddling" with the settings) As you are a new user of ZAP, you probably have experimented with the various settings. If you "check" a setting, then decide to "uncheck it" ZAP does not undo this in the database, just adds to it.
You will notice that the database just grows and grows.

I used to use AtGuard and the equivalent settings were kept in the registry. This meant that settings were "undone" if corrected (a better way IMHO)

I got basically the same alert from ZAP yesterday and today. Mine was........

Unknown Process: -1721713(Find Error).

The source IP was my servers DNS, AT&T Broadband. I didn't allow it yesterday but I did ok it today. If something bad happens, oh well, no guts no glory

said by John2g:

---

Confirmation of the advice I gave you a day or so ago.

---

You were right on the money, that's for sure. The worst part is that I have had to delete the files again, as they became corrupted after I started trying to add sites. Today things are pretty smooth and I figure that once I get everything setup the way I want it, maybe I'll be good to go.

Thanks for the help.

Good fix John2g. Another new problem for ZAP's True Vector Files. I will pass this one on to Corey at Zonelabs.

Not working here.

I wiped everything and started 100% clean and the objects reappeared.

I do not use IE or OE.

I get the objects when using Opera, The Bat!, mozilla and Mailwasher.

There doesn't seem to be any pattern for thier appearance; things are fine MOST of the time.

BTW - to this day ZA still has a bug that will allow multicast/broadcast even if they are block in the settings.

The solution is to run the program with the default settings; once any changes are made it will no longer block the attempts.

Other than THAT, ZA 3.5 is very good. I really hope to see a fix for this Object nonsense so that I do not have to go back to 3.0.164

also - it does seem to be broadband related from the reports I have seen.

maybe dhcp-related or the like.

The frequency of the "object" alerts seems to be similar to "server" requests that I get from time to time from ZA.

They are usually DNS related and for some reason are asking for server rights.

99% of the time I do not see these requests ("normal" access is fine, no server rights needed for lookups), but they pop up at a similar clip as the new "object" alerts.

..and lastly

In case this hasn't been clearly explained:

A program (let's say Opera) tries to access the web.

ZA pops up the alert saying a new program is trying to access the web and calls the program Object****** with an invalid date and 0 size.

If you DENY it access, Opera will NOT be able to access the web. If you then close Opera and reopen it everything will be fine.

If you ALLOW the Object***** access, then everything is fine (except for the fact that you are allowing a NON-EXISTING program access to the internet).

ZA does not report this Objects as "components" or the like, nor does it report Object is asking to USE Opera or the reverse.

It is a PROGRAM alert.

What I imagine is happening is that Zone Alarm needs to map from some thread which it sees doing network IO, to a program name that it can display.

I would guess that it's bungling the translation, and copes with the absence of program name by displaying "Object NNNNNNNN" instead.

The numbers shown look like low system-space addresses, which would put them in the code of the resident exec. I'm not sure that it tells me anything, though.

But then again, I don't know how Zone Alarm attempts to get program names in the first place.

Hi nightfishing,

May I ask what OS you are running? This is interesting.

Just to let you all know. I have informed Corey at ZL about this issue. He is looking into this problem.

said by Name Game:

---

Hi nightfishing,

May I ask what OS you are running? This is interesting.

---

2k sp3

said by NicoleDiana6:

---

..hopen maybe somebody could explain this

---

Jeez! "hopen"? Well, you all knew what I meant.

said by NicoleDiana6:

---

said by NicoleDiana6:

---

..hopen maybe somebody could explain this

---

Jeez! "hopen"? Well, you all knew what I meant.

---

Well you are from Georgia read it fonetically

said by John2g:

---

Well you are from Georgia read it fonetically

---

True, true, true! Maybe I'll learn to speak like a southerner yet.

Just been reading posts on GRC boards. ZoneLabs are aware of the problem but have not been able to reproduce it. Here is part of last post from Marcus Castro (ZL Support, I think)

"The program is asking for access, and for some reason ZAP is getting
bad info back to report. I think one of the developers had said that it
could be getting a null info back for something, and then it doesn't get
reported properly, or something like that.
I wouldn't bother reporting, since it just showed up, we won't have any
text or other help for it yet. I'll check again with the developers on
Monday. I hope I can get a reproducible case on one of our systems soon, so
they can fix it."

I had something like it last week I did a clean install and got ths today
Object: 800009b0 is trying to connect to the Internet or your local network

ZoneAlarm Pro is asking you whether to allow the connection. No breach in your security has occurred. Your computer is safe. What should I do?
The following steps comprise a cautious strategy for responding to New or Repeat Program alerts.

If you do not know what Object: 800009b0 is, or why it is trying to connect, deny it permission. You can always grant permission later if you need to.
After you deny permission, determine whether Object: 800009b0 still performs the functions you need it to. If it does, no further action is required. If it doesn't, use the Programs tab to grant access permission.
Why?
AlertAdvisor is not able to provide specific information about this program. Therefore, it is safest to adopt a cautious strategy.

For more information about Program alerts and permissions, see the Details tab.
sc1
Copyright ©1999-2002 Zone Labs, Inc., 1060 Howard Street, San Francisco, CA 94103, USA.
All rights reserved. All other trademarks are the property of their respective owners.

Privacy Policy