ZoneAlarm Anti-Spyware Small Business Edition FAQ

Improved!    Extensive anti-spyware protection automatically scans and removes more spyware than ever before.

ZoneAlarm Anti-Spyware has a built in firewall, so there is no need to run an additional firewall.  Doing so may even cause conflict.  However, there is no anti-virus in ZoneAlarm Anti-Spyware.  To add virus protection, you should choose the ZoneAlarm Internet Security Suite, which integrates anti-virus, anti-spyware and a firewall.  If you already have an antivirus product from another company, it is safe to run ZoneAlarm Anti-Spyware along with it.

System Requirements: Windows 2000 Pro/XP. Pentium III 450 Mhz or higher. 50 MB of available hard disk space. Internet access. Minimum system RAM: 64MB (2000 Pro), 128MB

We have no known conflicts with other anti-spyware products, so you may run another anti-spyware product with ZoneAlarm Anti-Spyware.  But please note that ZoneAlarm Anti-Spyware has a built-in firewall that may conflict with other firewall products. No other firewall is necessary if you run ZoneAlarm Anti-Spyware.

ZoneAlarm Anti-Spyware will work on any LAN connection with firewalls and proxies. Typically, no additional configuration is needed for ZoneAlarm to work on a LAN.

Making your computer visible on your local network
If you cannot see the other computers on your local network, or they cannot see you, it is possible that ZoneAlarm Anti-Spyware is blocking the NetBIOS traffic necessary for Windows network visibility. To make your computer visible to the others on your local network:

• Add the network subnet (or, in a small network, the IP address of each computer with which you're sharing the network) to your Trusted Zone.
• Set the Trusted Zone security level to Medium, and the Internet Zone security level to High.

This configuration allows trusted computers to access your shared files, but blocks all other machines from accessing them. Note: ZoneAlarm Anti-Spyware will detect your network automatically and display the New Network alert. You can use the alert itself to add your network subnet to the Trusted Zone.
Sharing files and printers across a local network
To configure ZoneAlarm Anti-Spyware for secure sharing:

• Add the network subnet (or, in a small network, the IP address of each computer with which you're sharing the network) to your Trusted Zone.
• Set the Trusted Zone security level to Medium. This setting allows trusted computers to access your shared files.
• Set Internet Zone security level to High. This setting makes your computer invisible to non-trusted machines.

Note: ZoneAlarm Anti-Spyware will detect your network automatically and display the New Network alert. You can use the alert itself to add your network subnet to the Trusted Zone.
Internet Connection Sharing (ICS)
If you are using Windows' Internet Connection Sharing (ICS) option, or a third-party connection sharing program, you can protect all of the computers that share the connection from inbound threats by installing ZoneAlarm Anti-Spyware on the "gateway" machine only. However, to receive outbound (Program Control) protection, or to see alerts on the client machines, you must have ZoneAlarm Anti-Spyware installed on each client machine as well.
Tip: Before you configure ZoneAlarm Anti-Spyware, use your ICS software to set up the gateway and client relationships .
If you use hardware such as a server or router, rather than a host PC, to perform Internet connection sharing, do not follow the steps below.
On the ICS gateway machine:

• Go to Main tab of the Firewall panel.
• Click Advanced.
• Under Internet Connection Sharing, select This computer is an ICS gateway.
• In the combination box, select or type the IP address of the gateway machine.
• Select Suppress alerts locally if forwarded to clients if you do not want to see alerts that are forwarded to a client.

Note: that if you do not install ZoneAlarm Anti-Spyware on the client machines, all alerts will be displayed on the gateway. For best security, make sure the security level for the Internet Zone is set to High. Make sure outgoing DNS and DHCP are allowed for the Internet Zone at High security.
On the ICS client machines:

• Go to Main tab of the Firewall panel.
• Click Advanced.
• Under Internet Connection Sharing, select This computer is a client of an ICS gateway running ZA Pro.
• In the combination box, select or type the IP address of the gateway machine.
• Select Forward alerts from gateway to this computer if you want alerts occurring on the gateway machine to be displayed on this client.

VPN (Virtual Private Network)
If you run a VPN client, ZoneAlarm Anti-Spyware examines outgoing packets before encryption and incoming packets after decryption. This inspection prevents malicious traffic from making its way into the VPN tunnel from your computer. It also prevents any malicious traffic that might arrive on your computer via the VPN tunnel from doing any damage.
To configure ZoneAlarm Anti-Spyware to protect VPN traffic:

• Add the elements listed below to your Trusted Zone
  • Your VPN server or VPN concentrator
  • All of the LAN and WAN subnets that interact with the internal network to which you want access.
  • Any servers that you will need to make use of through the VPN but which are not on your internal network, such as DNS, POP, or SMTP servers.
  • RADIUS or TACACS servers (if applicable).

If you receive a firewall alert caused by a blocked attempt to access your loop back address (127.0.0.1), add the loop back address to the Trusted Zone, and make sure there is no proxy software running on your computer.

• In the Security tab (Advanced Settings dialog box), select Allow VPN protocols at high security.
• If your VPN uses protocols other than GRE, ESP and AH, select Allow uncommon protocols at high security.

Connecting through a proxy server
To enable your computer to connect to the Internet through a proxy server, add the proxy to your Trusted Zone

Configuring ZoneAlarm Anti-Spyware with your mail server
ZoneAlarm Anti-Spyware is configured to work with Internet-based mail servers using POP3 and IMAP4 protocols, when you give your e-mail client privileges to access the Internet.
Some mail servers, like Microsoft Exchange, include collaboration and synchronization features that might require you to trust the server in order for those features to work.
To configure ZoneAlarm Anti-Spyware for mail servers with collaboration and synchronization features:

1. Add the network subnet or the IP address of the mail server to your Trusted Zone.
2. Set the Trusted Zone security level to Medium. This setting allows mail server collaboration features to work.
3. Set Internet Zone security level to High. This setting makes your computer invisible to non-trusted machines.

You can purchase it from our Website
www.zonelabs.com.

Yes, this glossary presents terms that are commonly used in ZoneAlarm Anti-Spyware.

• Administrative Account —The login account and associated properties assigned to administrators of computers.
• Alert —A message displayed in a popup dialog at an endpoint computer as the result of a security exception or violation. Alerts generated can be firewall-related, program-related or MailSafe-related.
• Blocked Zone — A Zone to which known security threats can be directed. Computers and networks placed in the Blocked Zone cannot communicate with an endpoint computer in either direction. See also: Internet Zone, Trusted Zone
• Event — An item entered into the ZoneAlarm Anti-Spyware log or appearing as an Alert.
• Gateway —A network point that acts as an entrance to another network. In a company network, a Virtual Private Network (VPN) device may protect access by dial-in users, or a proxy server may act as a gateway between the internal network and the Internet. A gateway may also be any machine or service that passes packets from one network to another network or across the Internet.
• Internet Zone —Includes all non-trusted entities—any computer anywhere on the Internet that is able to send data to the user's networked computers or receive data coming from them. Members of this Zone are not defined, as it consists of anything not defined in the Trusted or Blocked Zones. The Internet Zone inherently allows access unless the user specifically blocks an activity or traffic type. See also: Blocked Zone, Trusted Zone.
• Local Zone —see Trusted Zone.
• Lock (Internet) —A protective feature that locks activity to and from the Internet when a protected endpoint computer is unattended for a configurable length of time. When the lock is on, no data can enter or leave the endpoint computer through connections to the Internet, unless the pass lock attribute is set for the program involved.
• Malware — Trojan horses, viruses, worms and other malicious code specifically created for the purpose of a) causing damage to computers, b) bypassing legitimate security tools and/or c) taking advantage of software/hardware vulnerabilities.
• Pass Lock — An optional program protection property that allows a given program to continue to access the Internet when the Internet Lock is engaged.
• RADIUS — Remote Authentication Dial-In User Service enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
• TooLeaky — A proof-of-concept test utility that demonstrates a theoretical vulnerability in personal firewalls by taking control of trusted applications. The Advanced Program Control in ZoneAlarm Anti-Spyware stops TooLeaky.
• Trojan horse — A remote administration tool used to infiltrate and seize control of a computer attached to the Internet or a network.
• Trusted Zone — the domains, IP addresses, IP ranges and subnets of sources defined as permissible traffic through the firewall. See also: Internet Zone, Blocked Zone.

ZoneAlarm offers several methods of support to our user base:

• Customer Service —available to help you with purchase information, license key questions, billing, downloading issues, or refunds. For assistance with your recent purchase of ZoneAlarm software, including billing questions, refunds and adjustments, download issues, or use of license keys click here.
• Instant Support —online chat with a virtual technical support agent; includes FAQs for each product. Click here.
• ZoneAlarm Technical Support by Product —provides FAQs about various hot issues.
  If you have technical questions about ZoneAlarm Anti-Spyware, ZoneAlarm Pro, ZoneAlarm Internet Security Suite, ZoneAlarm Antivirus, ZoneAlarm, IMsecure Pro, or IMsecure, including installation, uninstallation, or interoperability issues, please visit the Technical Support area of this website. You may also contact our technical support group via fax at +1 415 343 0057.
• User Forum —provides users of all ZoneAlarm and IMsecure products the ability to share ideas and support each other. This is not an official publication of ZoneAlarm, which is not responsible for the content posted therein. Visit the forum.
• Premium Telephone Support —charged to your phone bill or credit card, may be obtained by dialing 1-900-988-ZONE (9663) or 1-877-365-ZONE (9663).

This policy is in place for several reasons:

• Older operating systems, even when still supported by the creating company, often have technical limitations that make it impossible to properly protect our customers using new and advanced ZoneAlarm technology.
• When the creating company stops fixing the new “holes” discovered by hackers in its operating system, customers are much more vulnerable to attack. 
• ZoneAlarm strongly encourages its customers to adhere to a “best practices” approach to security, where each best practice that's upheld makes the customer much less likely to fall victim to attack; and every best practice ignored makes the customer much more vulnerable.  Keeping software, including the operating system, up-to-date with the latest security patches is an essential best practice.