Security Basics mailing list archives

Re: Remotely manage Zone Alarm

From: Birl <sbirl () temple edu>
Date: Fri, 5 Sep 2003 09:27:26 -0400 (EDT)

As it was written on Sep 4, thus Thomas Graf spake unto security-basics@sec...:

Thomas:  Return-Path:
Thomas:      <security-basics-return-23195-sbirl=temple.edu () securityfocus com>
Thomas:  Date: Thu, 04 Sep 2003 16:44:43 -0500
Thomas:  From: Thomas Graf <TGRAF () swmail sw org>
Thomas:  To: security-basics () securityfocus com, cesadiz () yahoo com
Thomas:  Subject: Re: Remotely manage Zone Alarm
Thomas:
Thomas:  Kill the zonealarm process with pstools from sysinternals
Thomas:  http://www.sysinternals.com/ntw2k/freeware/pstools.shtml.  I tested
Thomas:  it with the free zonealarm so I am not sure if it will work with the pro
Thomas:  version.  Use pslist to list the processes from his computer and use
Thomas:  pskill to kill the vsmon and zoneal~1 processes.
Thomas:
Thomas:  Thomas Graf
Thomas:
Thomas:
Thomas:  >>> Cesar Diaz <cesadiz () yahoo com> 09/04/03 08:36AM >>>
Thomas:
Thomas:
Thomas:  We have a user that works remotely.  Since he works outside our
Thomas:  firewall he has Zone Alarm Pro on his machine.
Thomas:
Thomas:  This week he is in the office.  Our logs show he is trying to access
Thomas:  things he shouldn't be and doing things he shouldn't be.  For internal
Thomas:
Thomas:  political reasons HR wants some more proof that it's not accidental.  I
Thomas:
Thomas:  can't access his c$ share to look at Zone Alarm logs or remotely access
Thomas:
Thomas:  his event logs because of the Zone Alarm
Thomas:
Thomas:  Is there a way to centrally manage Zone Alarm settings or is this user
Thomas:
Thomas:  completely shielded while inside our network?
Thomas:
Thomas:  Cesar



Killing the 'vsmon' process will not shutdown ZA Pro.  It runs as a
service and if it is killed, all traffic to/from that computer will stop.

It's fun.  I kill vsmon every now and again to test it.  Though it starts
back up a minute later since I configured the service to do so.



 Scott Birl                              http://concept.temple.edu/sysadmin/
 Senior Systems Administrator            Computer Services   Temple University
====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====*

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Current thread:

RE: Remotely manage Zone Alarm, (continued)
- RE: Remotely manage Zone Alarm Zachary Mutrux (Sep 04)
- Re: Remotely manage Zone Alarm gregh (Sep 04)
  - Re: Remotely manage Zone Alarm Birl (Sep 05)
    - RE: Remotely manage Zone Alarm Jef Feltman (Sep 08)
    - Re: Remotely manage Zone Alarm gregh (Sep 08)
- RE: Remotely manage Zone Alarm Aditya (Sep 05)
- RE: Remotely manage Zone Alarm Halverson, Chris (Sep 04)
  - RE: Remotely manage Zone Alarm Mike Peppard (Sep 04)
- RE: Remotely manage Zone Alarm Jay Woody (Sep 04)
- Re: Remotely manage Zone Alarm Thomas Graf (Sep 04)
  - Re: Remotely manage Zone Alarm Birl (Sep 05)
  - Question on Corrupted BlackIce Defender Installation Paul Fishbein (Sep 11)
    - RE: Question on Corrupted BlackIce Defender Installation matt willson (Sep 15)
- Re: Remotely manage Zone Alarm small fry (Sep 05)
- Re: Remotely manage Zone Alarm Cesar Diaz (Sep 08)