Because of all what had been going on lately with my ZA Free Firewall, while I was scrolling through the list of its 90 secured programs I noticed something strange. There are two programs that have their trust level set to "Super" yet all incoming & outgoing options are set to be blocked.

"smss.exe" located in C:\Windows\System32\smss.exe file size 110 KB &...



"Windows Start-up Application" Located in C:\Windows\System32\wininit.exe version: 6.1.7600.16385 (win7_rtm.090713-1255) & it's file size is 126 KB.

If these programs are legit & at the super trusted level then why are the: Outbound Trusted, Outbound Internet, Inbound Trusted & Inbound Internet levels set to "Deny"?

I haven't gotten any popup messages for those programs to be allowed to access the net since I installed this latest, newest version of ZA. To be honest the only one's that have shown up at all were for the R.S client. So far for everything else it seems it's assumed it was safe & not really asked me. Should I set them to be allowed to access the internet or what?

Alright, I can't remember for sure if these programs have ever asked for internet usage with prior ZA versions. I think they may have & I allowed it although again I'm not 100% sure . Should these programs ever need to access the internet at all?

Alright well I've gotta idea then & you tell me if I should bother with it. I can set all the options for these two to "Ask" so if they do attempt to access the internet it will let me know. Since then if it turns out they're not supposed to be needing the internet yet they ask for access then it could be assumed that I'm infected. Although that in itself would be a bit hard for me to believe with all the precautions I've taken.

True that's why I need to find out 1st whether or not either of those 2 programs ever require internet access. Do you think anyone else on these forums might know?

So yeah if I can find out for sure that neither of them ever have to access the internet then if they ever do ask once I set it to ask from there I could assume that they're infected.

Just as an aside Soda, have you made sure that ZA has turned the Win 7 Firewall off?

Yup!

The thing is Sodapop is that you're running round like a headless chicken trying to configure ZA with all its little foibles and nuances and asking all manner of questions.

Don't you think this is more hard work than it's worth?

Crush, along with the rest of the Security Team live, eat and breathe malware aspects and answers so you can rest assured that when they tell you something works, in this instance, the win 7 firewall, it will.

In fact the win 7 firewall is so discreet that you'll probably get paranoid thinking..."Is it doing anything?".

Trust me it does.

Alright well if you're sure then I'll set it to Ask for both of them & see what happens over the next week.

*IMPORTANT EDIT: It should be noted that while I was changing it's access options to "Ask" each time it gave me a warning saying that this was a "System" process & was I sure that I wanted to change it. I'm not sure what this exactly meant although I guess I'll find out soon enough .

You're right it's just being that it's got it blocked makes me wonder why. I probably should just leave it alone although I'll sleep better if I set it to "Ask" & find out for sure. Then as I told crush if it never does ask for access then I'll know for 100% that it was just me being paranoid again. I guess you could say the more times I'm able to prove my paranoia wrong, the closer I get to overcoming it completely. You're all also probably right about the Win 7 Firewall too, it's just I've used ZA for so long it's become a habit. I do at times have to trust the Win 7 one though, for instance when I'm updating or re-installing my ZA I must have my Win 7 Firewall enabled instead.