ZoneAlarm Security Alert
Protected
The firewall has blocked Internet access to whatever.com (0.0.0.0) (HTTP) from your computer (TCP Flags: S)
This is because the Microsoft patch you just applied has made some fairly significant changes to the way your PC looks up internet names (such as web pages, email hosts etc) and ZoneAlarm isn't aware of those changes and is consequently having a panic.
It isn't really a fault with the patch, and given the nature of the change, you can perhaps expect ZoneAlarm not to cope [see note below]. If you really want some more technical background read this article at the Internet Storm Center: Multiple Vendors DNS Spoofing Vulnerability.
As a temporary workaround, the best advice is to deinstall the KB951748 until ZoneAlarm is updated. It is an important update, but you are either going to have to disable ZoneAlarm or remove the patch and at the moment my advice would be to stick with ZoneAlarm.
To remove the patch in Windows XP (Vista will be similar):
- Click Start and select Control Panel (or Start.. Settings.. Control Panel depending on your setup).
- Open "Add or Remove Programs"
- Tick "Show Updates"
- Scroll down (probably very near the bottom of the list) to Security Update for Windows XP (KB951748) (Vista may be worded differently, but the key thing to look for is KB951748).
- Click Remove
- Follow the steps to remove the patch and then reboot
Update 1:
Sandi made the following comment:
It is not necessary to uninstall the patch, or disable/remove Zonealarm. Simply reset the ZoneAlarm database:Update 2:
http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&message.id=52727
"To solve this, just reset the ZA database and the ZA will be "fresh" as when it was first installed:
Boot your computer into the Safe Mode
Navigate to the c:\windows\internet logs folder
Delete the backup.rdb, iamdb.rdb, *.ldb and the tvDebug files in the folder
Clean the Recycle Bin
Reboot into the normal mode
ZA will be just like new with no previous settings or data
Once this is finished, reboot back into the normal mode and in the new network found windows, set the new network to Trusted.
Then do this to ensure the ZA is setup properly:
Make sure your DNS and DHCP server IP's are in your Firewall's Trusted zone. Finding DNS and DCHP servers, etc
1. Go to Run and type in command and hit 'ok', and in the command then type in ipconfig /all then press the enter key. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side. Make sure there is a space between the ipconfig and the /all, and the font is the same (no capitals).
2. In ZA on your machine on the Firewall, open the Zones tab, click Add and then select IP Address. Make sure the Zone is set to Trusted. Add the DNS IP(s) .
3. Click OK and Apply. Then do the same for the DHCP server.
4. The localhost (127.0.0.1) must be listed as Trusted.
5. The Generic Host Process (svchost.exe) as seen in the Zone Alarm's Program's list must have server rights for the Trusted Zone.
Plus it must have both Trusted and Internet Access."
ZoneAlarm have a press release with a couple of workarounds here.
Workaround to Sudden Loss of Internet Access Problem
Date Published : 8 July 2008
Date Last Revised : 9 July 2008
Overview :
Microsoft Update KB951748 is known to cause loss of internet access for ZoneAlarm users on Windows XP/2000. Windows Vista users are not affected. Impact :
Sudden loss of internet access Platforms Affected :
ZoneAlarm Free, ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Anti-Spyware, and ZoneAlarm Security Suite
Recommended Actions -
Download and install the latest versions which solve the loss of internet access problem here:
ZoneAlarm Internet Security Suite ZoneAlarm Pro ZoneAlarm Antivirus ZoneAlarm Anti-Spyware ZoneAlarm Basic Firewall - or follow the directions below.
Option 1: Move Internet Zone slider to Medium
- Navigate to the "ZoneAlarm Firewall" panel
- Click on the "Firewall" tab
- Move the "Internet Zone" slider to medium
Option 2: Uninstall the hotfix
- Click the "Start Menu"
- Click "Control Panel", or click "Settings" then "Control Panel"
- Click on "Add or Remove Programs"
- On the top of the add/remove programs dialog box, you should see a checkbox that says "show updates". Select this checkbox
- Scroll down until you see "Security update for Windows (KB951748)"
- Click "Remove" to uninstall the hotfix
3 comments:
It is not necessary to uninstall the patch, or disable/remove Zonealarm. Simply reset the ZoneAlarm database:
http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&message.id=52727
"To solve this, just reset the ZA database and the ZA will be "fresh" as when it was first installed:
Boot your computer into the Safe Mode
Navigate to the c:\windows\internet logs folder
Delete the backup.rdb, iamdb.rdb, *.ldb and the tvDebug files in the folder
Clean the Recycle Bin
Reboot into the normal mode
ZA will be just like new with no previous settings or data
Once this is finished, reboot back into the normal mode and in the new network found windows, set the new network to Trusted.
Then do this to ensure the ZA is setup properly:
Make sure your DNS and DHCP server IP's are in your Firewall's Trusted zone. Finding DNS and DCHP servers, etc
1. Go to Run and type in command and hit 'ok', and in the command then type in ipconfig /all then press the enter key. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side. Make sure there is a space between the ipconfig and the /all, and the font is the same (no capitals).
2. In ZA on your machine on the Firewall, open the Zones tab, click Add and then select IP Address. Make sure the Zone is set to Trusted. Add the DNS IP(s) .
3. Click OK and Apply. Then do the same for the DHCP server.
4. The localhost (127.0.0.1) must be listed as Trusted.
5. The Generic Host Process (svchost.exe) as seen in the Zone Alarm's Program's list must have server rights for the Trusted Zone.
Plus it must have both Trusted and Internet Access."
Sandi
I found this blog through a Google search. Many thanks for the comments posted here.
I tried using the procedure to reset the ZA database in XP safe mode, but it didn't work. However, removing the security patch fixed the problem.
Paul
Many thanks to you, kind Dynamoo. Deleting the patch worked for me, too!
Post a Comment