Re: Remotely manage Zone Alarm
From: Birl (sbirl_at_temple.edu)
Date: 09/05/03
- Previous message: Koh Keng Leng: "Disable Netbios thru Registry for Windows 2K/XP"
- In reply to: Thomas Graf: "Re: Remotely manage Zone Alarm"
- Next in thread: Paul Fishbein: "Question on Corrupted BlackIce Defender Installation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 5 Sep 2003 09:27:26 -0400 (EDT) To: security-basics@securityfocus.com
As it was written on Sep 4, thus Thomas Graf spake unto security-basics@sec...:
Thomas: Return-Path:
Thomas: <security-basics-return-23195-sbirl=temple.edu@securityfocus.com>
Thomas: Date: Thu, 04 Sep 2003 16:44:43 -0500
Thomas: From: Thomas Graf <TGRAF@swmail.sw.org>
Thomas: To: security-basics@securityfocus.com, cesadiz@yahoo.com
Thomas: Subject: Re: Remotely manage Zone Alarm
Thomas:
Thomas: Kill the zonealarm process with pstools from sysinternals
Thomas: http://www.sysinternals.com/ntw2k/freeware/pstools.shtml. I tested
Thomas: it with the free zonealarm so I am not sure if it will work with the pro
Thomas: version. Use pslist to list the processes from his computer and use
Thomas: pskill to kill the vsmon and zoneal~1 processes.
Thomas:
Thomas: Thomas Graf
Thomas:
Thomas:
Thomas: >>> Cesar Diaz <cesadiz@yahoo.com> 09/04/03 08:36AM >>>
Thomas:
Thomas:
Thomas: We have a user that works remotely. Since he works outside our
Thomas: firewall he has Zone Alarm Pro on his machine.
Thomas:
Thomas: This week he is in the office. Our logs show he is trying to access
Thomas: things he shouldn't be and doing things he shouldn't be. For internal
Thomas:
Thomas: political reasons HR wants some more proof that it's not accidental. I
Thomas:
Thomas: can't access his c$ share to look at Zone Alarm logs or remotely access
Thomas:
Thomas: his event logs because of the Zone Alarm
Thomas:
Thomas: Is there a way to centrally manage Zone Alarm settings or is this user
Thomas:
Thomas: completely shielded while inside our network?
Thomas:
Thomas: Cesar
Killing the 'vsmon' process will not shutdown ZA Pro. It runs as a
service and if it is killed, all traffic to/from that computer will stop.
It's fun. I kill vsmon every now and again to test it. Though it starts
back up a minute later since I configured the service to do so.
Scott Birl http://concept.temple.edu/sysadmin/
Senior Systems Administrator Computer Services Temple University
====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====*
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
- Previous message: Koh Keng Leng: "Disable Netbios thru Registry for Windows 2K/XP"
- In reply to: Thomas Graf: "Re: Remotely manage Zone Alarm"
- Next in thread: Paul Fishbein: "Question on Corrupted BlackIce Defender Installation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
