Security Basics mailing list archives
Re: Remotely manage Zone Alarm
From: Birl <sbirl () temple edu>
Date: Fri, 5 Sep 2003 09:27:26 -0400 (EDT)
As it was written on Sep 4, thus Thomas Graf spake unto security-basics@sec...: Thomas: Return-Path: Thomas: <security-basics-return-23195-sbirl=temple.edu () securityfocus com> Thomas: Date: Thu, 04 Sep 2003 16:44:43 -0500 Thomas: From: Thomas Graf <TGRAF () swmail sw org> Thomas: To: security-basics () securityfocus com, cesadiz () yahoo com Thomas: Subject: Re: Remotely manage Zone Alarm Thomas: Thomas: Kill the zonealarm process with pstools from sysinternals Thomas: http://www.sysinternals.com/ntw2k/freeware/pstools.shtml. I tested Thomas: it with the free zonealarm so I am not sure if it will work with the pro Thomas: version. Use pslist to list the processes from his computer and use Thomas: pskill to kill the vsmon and zoneal~1 processes. Thomas: Thomas: Thomas Graf Thomas: Thomas: Thomas: >>> Cesar Diaz <cesadiz () yahoo com> 09/04/03 08:36AM >>> Thomas: Thomas: Thomas: We have a user that works remotely. Since he works outside our Thomas: firewall he has Zone Alarm Pro on his machine. Thomas: Thomas: This week he is in the office. Our logs show he is trying to access Thomas: things he shouldn't be and doing things he shouldn't be. For internal Thomas: Thomas: political reasons HR wants some more proof that it's not accidental. I Thomas: Thomas: can't access his c$ share to look at Zone Alarm logs or remotely access Thomas: Thomas: his event logs because of the Zone Alarm Thomas: Thomas: Is there a way to centrally manage Zone Alarm settings or is this user Thomas: Thomas: completely shielded while inside our network? Thomas: Thomas: Cesar Killing the 'vsmon' process will not shutdown ZA Pro. It runs as a service and if it is killed, all traffic to/from that computer will stop. It's fun. I kill vsmon every now and again to test it. Though it starts back up a minute later since I configured the service to do so. Scott Birl http://concept.temple.edu/sysadmin/ Senior Systems Administrator Computer Services Temple University ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====* --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- RE: Remotely manage Zone Alarm, (continued)
- RE: Remotely manage Zone Alarm Zachary Mutrux (Sep 04)
- Re: Remotely manage Zone Alarm gregh (Sep 04)
- Re: Remotely manage Zone Alarm Birl (Sep 05)
- RE: Remotely manage Zone Alarm Jef Feltman (Sep 08)
- Re: Remotely manage Zone Alarm gregh (Sep 08)
- Re: Remotely manage Zone Alarm Birl (Sep 05)
- RE: Remotely manage Zone Alarm Aditya (Sep 05)
- RE: Remotely manage Zone Alarm Halverson, Chris (Sep 04)
- RE: Remotely manage Zone Alarm Mike Peppard (Sep 04)
- RE: Remotely manage Zone Alarm Jay Woody (Sep 04)
- Re: Remotely manage Zone Alarm Thomas Graf (Sep 04)
- Re: Remotely manage Zone Alarm Birl (Sep 05)
- Question on Corrupted BlackIce Defender Installation Paul Fishbein (Sep 11)
- RE: Question on Corrupted BlackIce Defender Installation matt willson (Sep 15)
- Re: Remotely manage Zone Alarm small fry (Sep 05)
- Re: Remotely manage Zone Alarm Cesar Diaz (Sep 08)