ZoneAlarm Security

Obtaining ZoneAlarm | Installing | Configuring
Updating to Current Version | Uninstalling | ZoneAlarm Issues

You NEED a Firewall

If you are continually connected to the Internet — and most people are today — you cannot afford to be without a firewall. More about firewalls….

Obtaining ZoneAlarm

ZoneAlarm Security Suites - Maximum Security, Minimum Effort

ZoneAlarm Recommended

ZoneAlarm products are my recommended firewall solutions.

I strongly recommend a current version of ZoneAlarm Internet Security Suite or ZoneAlarm Extreme Security (which provides better protection while using your web browser).

Post-Holiday Special: Save Over 60% On ZoneAlarm Security Products Today!

The ZoneAlarm 2012 product line (version 10.0.240.000 or newer) provide better security with an easier interface (Maximum Security | Minimum Effort):

Download ZoneAlarm Internet Security Suite and save up to 50% —Essential antivirus, anti-spyware, and firewall protection for your PC. (firewall, anti-virus, anti-spyware, more… Reg. USD 69.95 for up to 3 PCs)
ZoneAlarm Extreme Security and save up to 50% —The most comprehensive suite on the market. Protects your PC, your browser, and your data. (firewall, anti-virus, anti-spyware, hard drive encryption, more… Reg. USD 79.95 for up to 3 PCs)

All prices indicated are for a one-year subscription and subject to change.

Free Basic Firewall for Personal Use

There is a ZoneAlarm Basic Firewall (firewall only, no automatic configuration) which is FREE for individual and not-for-profit charitable entity use (excluding governmental entities and educational institutions).

Check the License Agreement

If you are downloading or updating the Basic Firewall, be sure the ZoneAlarm licence agreement permits you to use the free version.

Review the advantages of ZoneAlarm's paid products.
Do NOT install the 15 day trial unless you wish to try the full version for 15 days (after which you'll need to either purchase the product or uninstall it, then reinstall the free version).
Download ZoneAlarm Free Firewall Now!
The link may download a smaller installer file that when run will download the remainder of the installation files. This is particularly true for any CNET download links.
If you are offered TrialPay, look for the free download link. (TrialPay requires you to purchase other qualifying products to obtain the software for free!) Click on the link shown in the image shown to the left.
Make a note of where the file is saved on your computer (usually your downloads folder or the desktop).

Paid Product Suite Recommended

Even if you qualify for to use the free ZoneAlarm, I strongly recommend you purchase ZoneAlarm Internet Security Suite or Extreme Security. These links provide discounts on one-year subscriptions to ZA products.

The free ZoneAlarm (firewall only) is more difficult to configure and may leave you vulnerable to the more dangerous threats you face on the Internet today if there are conflicts with other security software.

Return to top

Installing ZoneAlarm

The instruction below will help you to install ZoneAlarm smoothly and avoid issues:

Close all programs running before installing — you'll need to restart your computer before the installation is complete.
Windows Firewall may ask if TrueVector Service should have access. Say yes.
Start ZoneAlarm when directed. You will be prompted to restart Windows shortly after.
When Windows restarts, you may be offered a tutorial. It is worth viewing if you are new to ZA, but it is always available in the ZoneAlarm folder under All Programs.

Now, proceed to the instructions for configuring your newly installed ZoneAlarm product.

Return to top

Configuring ZoneAlarm

With the release of the ZoneAlarm 2012 product line there have been significant changes to the layout of the product to simplify maintenance.

As a result, many of the dialogue boxes and instructions shown in this section may be different than what you will experience until I obtain screen shots related to the new products.

General Concepts

ZoneAlarm is designed to deny access to the Internet by default, allowing access only to the programs you've given permission to have access. This is it's best feature, but can be a stumbling block if you forget this.

Some broadband providers (like Shaw cable) insist that you uninstall ZoneAlarm if you request help with gaining access to the Internet, primarily because of this issue. If you need to remove ZoneAlarm, uninstall it properly, make the changes necessary to restore your Internet connection, then reinstall it to regain the protection it provides.

Giving & Denying Access

ZoneAlarm is an excellent program, but you must be sure to configure ZoneAlarm carefully so as not to compromise security. Before giving any program permission to access the Internet, be sure you know what the program requesting access is and why it needs Internet access.

Access Requests

When a program tries to access the Internet, ZoneAlarm provides you the opportunity to allow or deny access with the access request notice like the one shown to the right (see a larger image).

Programs like your email and web browser need access.
If you just started a program or began to install a program, it is likely that program/installer is the one seeking access permission.
Many installation programs seek additional components on the Web or confirm that you have the most current version.

Setup programs may need access once. Give them temporary permission: click "Allow" but don't check the "Remember this setting" box. You should then remove setup programs from the Zone Alarm Programs listing once you have finished installing the program. ZoneAlarm will prompt you if access is needed at a later date.

If you are not sure whether to give permission for access, say no (but don't tell the program to remember the setting at this point). If the program continues to work you can make the decision final by telling ZoneAlarm to deny access and to "remember" this setting. You can also do a search for the application to see what it is. The application name in our example is firefox.exe.

The dialogue box indicates if this is a repeat request. Note that in our example, firefox.exe has previously had access granted.

“Changed Program” Warnings

ZoneAlarm doesn't just grant access because of a program's name or file location. It retains a &snapshot" of the characteristics of the approved programs and warns you with a changed program dialogue box similar to the one above (except that the top border colour is orange). If you've recently updated the program, you can allow permission.

ZoneAlarm Internet Security Suite "Suspicious Behavior" Warnings

ZoneAlarm 'Suspicious Behavior' dialogue box

ZoneAlarm Internet Security Suite offers the advantage of fewer alerts but may give you suspicious behavior warnings like the one shown to the right (see a larger image) for programs exhibiting unusual behaviour.

This warns you about programs that are changing files in manner similar to how malicious programs (virus or malware) would act. If you are installing a program or update you can probably allow the activity.

Read the description of the activity before allowing or denying the process. (The suspicious behavior box shown was displayed during an update of Shockwave Player for Internet Explorer.) Note: if you deny a legitimate program, the install cannot complete properly and the program may not function correctly.

The Program Control Screen

You can fine-tune the ZoneAlarm settings (or correct errors made with the dialogue box prompts) using the Program Control screen. To get there, follow these instructions:

Open ZoneAlarm by double-click on the ZoneAlarm "ZA" icon beside the clock. (This can be replaced with red/green bars during Internet activity.)
Click on Program Control (on the left-side menu) then the Programs tab (on the top).

You should then see something like the image on the right. If you click on this image you get a larger view with functions for the various parts of the screen shot labelled.

Giving or Denying Access to Specific Programs

indicates the program has permission.
indicates that the program is denied access.
indicates that the program will ask each time it needs access. Note: once you've given or denied access to a program the setting will remain until you restart Windows.

You can change these values by left-clicking the symbol for the program.

You should be most worried about the Internet column.
Most programs don't need server access on home computers (usually only instant messenger programs need this sort of access).
Unless you have set up a local network between the computers in your home or office the Trusted Zone refers to access on your own computer. With a network, you can configure ZoneAlarm to have certain computers designated as trusted.
Note that I've blocked access to the printer's Spooler SubSystem App for all but Trusted Access. Unless you are printing across the Internet (or a domain) you don't need to offer more than this access to your printer.

Server Access Seldom Needed

Few programs need server rights. Only instant messenger programs (MSN Messenger, Yahoo! Messenger and AIM/AOL Instant Messenger), online conferencing software and file sharing software need such access.

Deny server access to all other programs (and to these programs if you don't use them). ZoneAlarm will usually warn you if you are changing something you shouldn't be changing (like the Application Layer Gateway Service in Windows XP).

Return to top

Updating ZoneAlarm

How to Update Your ZoneAlarm Product

Ensure ZoneAlarm is Current

If you are running ZoneAlarm paid products version 9.3.037.000 or earlier will not automatically update to version 10 (released June 7, 2011), even if you check manually. You'll need to download the most recent version from the links below:

Make a note of where the file is saved on your computer.

You'll need a valid license to use these products for more than 15 days. If you elect to return to the free version, you'll need to uninstall the trial version and reinstall the free version.

Updating the Free Basic Firewall

ZoneAlarm Free provides basic firewall protection for individual and not-for-profit charitable entity use (excluding governmental entities and educational institutions).
ZoneAlarm Free Release History.
You can also follow the Free ZoneAlarm download links in the Obtaining ZoneAlarm section.

Automatic Updates

In most cases, ZoneAlarm will perform minor updates on its own as long as you have automatic updates enabled (the default setting).

New Version Available

However, if you see an update notice in the form of a dialogue box like the one to the right, it indicates that a new version is available. You'll need to download the update then install it. Downloading the update does not update ZoneAlarm.

You may also see a page with only text like the following:

FREE UPDATE: NEW ZoneAlarm FREE FIREWALL 97% fewer alerts. Stronger protection. Winner: PC Mag Editor's Choice. Click OK to DOWNLOAD THE FREE UPDATE NOW
Click here to download the update.

Obtaining the Update

Click on Update Now to take you to the update page. (I strongly recommend that you don't put this update off as updates protect you from more recently-discovered vulnerabilities.)

Even if you qualify for to use the free ZoneAlarm, I strongly recommend you ZoneAlarm Internet Security Suite or Extreme Security (see my links which provide discounts on one-year subscriptions to ZA products).

ZA Free is both more difficult to configure and can have compatibility issues with other security software, leaving you vulnerable to the more dangerous threats you face on the Internet today.

Installing Updates

Once you've downloaded an update, you'll now have to install it. The procedure is relatively simple as long as you read and follow the instruction. You will need to restart Windows to complete the process so you'll want to make sure that no other programs are running.

Double-click the ZoneAlarm download to begin the update. You will be prompted to shut down the True Vector service. Say yes (only when updating or removing ZoneAlarm).
Follow the prompts. Where the Next option is offered, do that, installing with the default choices; otherwise click OK or Done. There should be no need to change anything in the User Survey portion unless you have changed your type of Internet connection or have added a network. Where a choice is offered for added features, this usually entails added subscription fees after a trial period expires.
Where offered a choice between a clean install (recommended) or an upgrade, you should choose the upgrade unless you are having difficulties with the current installation or if you are comfortable making the choices about which programs to allow access to the Internet, since a clean install wipes the current setup.
Windows XP firewall may bring up a security alert asking if the True Vector service can have permission. Be sure to allow this access.
When everything is complete, you are asked to restart the True Vector service, then your computer.
Upon rebooting, there may be other offers, including a tutorial. This tutorial is worthwhile to refresh you memory about how ZoneAlarm operates and is placed in the Zone Labs Programs or All Programs folder in the Start Menu for future reference.

Once you've completed the upgrade, ZoneAlarm should operate just like it did before unless you selected a clean install, in which case the various programs that request access to the Internet will cause ZoneAlarm to prompt you for a decision regarding access. Again, your safest bet is to click on No. If the program works properly without access, then you can let ZoneAlarm know not to give the program access and not to prompt you.

Manual Program Updates

Double Click the ZA (ZoneAlarm) icon located with the icons next to the clock in the task bar.
Click on the Overview menu on the left side of the screen that comes up.
Click on the Preferences sub-menu that shows beneath Overview.
Click on the Check For Update button that appears on the resulting screen.

Manual Anti-virus Updates

You can also do a manual update, which I'd recommend for ZoneAlarm Internet Security Suite, ZoneAlarm Extreme Security or ZoneAlarm Antivirus prior to your scheduled virus scan so that you have the most recent detection information.

Double Click the ZA (ZoneAlarm) icon located with the icons next to the clock in the task bar.
Click on the Anti-virus/Anti-spyware menu on the left side of the screen that appears.
Click on the Update Now button that appears on the resulting screen.

Return to top

Uninstalling ZoneAlarm

If you want to stop using ZoneAlarm, be sure to uninstall it properly:

Disabling the startup of ZoneAlarm will cause you problems because it continues to run invisibly (a security measure so it can't be disabled by malware). Programs with automatic permission to run will continue to work, but those requiring your permission will not.
Never just delete the ZoneAlarm program icons and the folder
. ZoneAlarm makes changes to your system that require it to be properly uninstalled, either from the uninstall program in the Zone Labs program group or through the Windows Add/Remove Software utility (called Programs and Features in Windows 7).
Some users have experienced difficulties when improperly uninstalling Zone Alarm. Be sure to remove any relevant registry entries. (Note: improper changes to the Windows registry can make your computer inoperable. Make these changes carefully or seek out professional assistance.)
If ZoneAlarm was improperly uninstalled, you may need to reinstall it before uninstalling it again to complete the process successfully.

Return to top

ZoneAlarm Issues

Installation Issues

Lenovo PMHandler.exe

When installing ZoneAlarm on a Lenovo computer running Windows Vista 32, I ran into an issue where ZoneAlarm installed fine, but on the first reboot, a blue screen (BSOD) appeared. Going to Safe Mode and uninstalling ZoneAlarm resolved the issue, but not without sacrificing the protection ZoneAlarm offers.

A search showed that PMHandler.exe, the power management handler for Lenovo computers, can conflict with ZoneAlarm on Windows Vista machines. By going to Safe Mode and stopping PMHandler from loading allowed ZoneAlarm to complete the reboot and finalize the install. It is called PM Driver in the Programs and Features listing.

You can use MSconfig to make this change, but the startup tools in Piriform's CCleaner may be easier (just disable PMHandler).

This issue (and the solution) are documented in ZoneAlarm Forums: Latest update causes Vista to BSOD after logon.

Note: other causes have been noted by other users, including issues with Windows Firewall. If you can determine from the text that appears on the blue screen what program is creating the problem, you have a better chance of resolving the problem you're experiencing.

Internet Access Issues

Unable to Access the Internet

The most common reason people cannot access the Internet is because they have stopped ZoneAlarm from loading or have tried to delete ZoneAlarm's files without uninstalling ZoneAlarm properly. It can also happen if ZoneAlarm doesn't load correctly with Windows.

By default, ZoneAlarm (like many security products) disable access to the Internet. If ZoneAlarm is not running, it is unable to request permission for new programs to access the Internet. Programs that have been given access without asking (you instructed ZoneAlarm to remember the program can have access or it is a program recognized as safe by ZoneAlarm — not available in the free version) may continue to have access.

Other potential causes for loss of Internet access include:

Windows Firewall can stop access. Be sure that TrueVector (a ZoneAlarm component) has permission to access the Internet in Windows Firewall.
Your antivirus may disable access to your email program or to other programs if it is not active.
Anti-spyware can disable access for programs.
Trojans and other malware (including programs that emulate antivirus software but are malware) usually disable your antivirus and access to security sites on the Web.

KB951748 Breaks ZoneAlarm

This is an archived issue.

After ZoneAlarm users installed Windows Update KB951748 in July, 2008, they were unable to access the Internet. The problem was resolved by downloading and installing a newer version.

This required users to gain temporary access by moving the ZoneAlarm Firewall's Internet Zone Security from High to Med. If you have to reduce the security level for any reason, it is important that you restore it once you've resolved the issue (usually by updating to the latest ZA version).

Operating System Issues

Support For Newer Windows Versions

When new versions of Windows are released, support may not be available for security software. Windows Vista was a particularly bad example, because Microsoft made significant changes to Windows Vista just before release and many utilities and security software products would not run. The long Windows 7 release candidate program ensured ZoneAlarm availability for early Windows 7 adopters.

Windows 7, Vista or XP (SP2/SP3) Required

View ZoneAlarm's current system requirements.

The nature of threats on the Internet has changed.
Older (or unpatched) Windows systems are more vulnerable.
Newer threats are much harder to detect and very difficult to remove.
Know how your security software warns you about threats. Many websites are infected with programs that appear to be legitimate, but whose purpose is to scare you into downloading dangerous software.

Return to top

More About Related Issues

Protecting Your Online Identity

The following related pages offer more information about protecting your online identity:

Securing Your Computer

The following related pages offer more information about securing your computer:

Return to top

www.RussHarvey.bc.ca/resources/zonealarm.html
Updated: February 1, 2012