Forum Settings
       
This Forum is Read Only

ZA Suspicious behavior?! Should I be concernedFollow

#1 Dec 29 2007 at 7:33 AM Rating: Good
Scholar
41 posts
I played last night on my home PC, no changes or updates have happened. Than this morning, I got out my laptop to play for a few minutes, and I received an interesting ZoneAlarm message. Now I have never received this message via either PC and I thought it was quite interesting, that all of the sudden I get this message. For those of you familiar with ZA it is a ZoneAlarm Security
Alert - Stating: 
 
Suspicious Behavior 
PlayOnline Viewer is attempting to monitor activities on this computer.  If allowed it may try to track or log keystrokes (user input), mouse movements/clicks, web sites visited, and other user behaviors 
 
Application:     pol.exe 
 
And of course get the check mark box to allow or deny.


I did allow, played for a few, logged off and ran an errand.

Upon returning, I logged back on, and got the same pop-up. I did not click the button to never ask again so it asked again, same warning. I hit deny, was allowed into POL without any problems, and immediately went to update my log-in information, etc. and password, just to be cautious.

In the end, am I being hyper paranoid, or did anyone else experience a change in the pol.exe file, without any updates, etc.

Any suggestions?

Thank you in advance for any input, comments, or information.
____________________________
I can count to potato!
#2 Dec 29 2007 at 9:57 AM Rating: Excellent
Avatar
*****
19,494 posts
I would run a deep scan on your PC using a good antivirus (AVG is one of the better free ones) just to be on the safe side.

Also, install Firefox with the plugins NoScript and Ad Blocker to ensure there's nothing trying to install itself from web pages.

Do you have Real Player installed on your computer?
____________________________
FFXI: Catwho on Bismarck. Once again a top bard on the server: Dardaubla 90 on 1/6/2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest on Lamia - Member of The Swarm and the League of Extraordinary Crafters
#3 Dec 29 2007 at 12:32 PM Rating: Good
Scholar
41 posts
I am running the full ZoneLabs Zone Alarm Internet Suite. Fully, licensed etc. I use Firefox and skip the I.E., so i believe that I have been well prepared and cautious about my computer. I have not yet been home to check my person computer, but I will update when I get home. I did run a full spyware sweep on my laptop, with nothing found.

I need to still do an anti-virus scan on it as well, will do that tonight and update as found out.

As for the firefox plug-ins I am unsure if I have those, can you give me an idea of where to check it at in the settings and can I retrieve that at the Mozilla homepage?

Last but not least, I am also wondering if anyone else has seen this recently, or it may be more isolated to my amount of material on this laptop, as I keep a lot of work data, and personal data, along with a huge OE email account, as well as FFXI for road trips.

I appreciate your assistance and response, good looking out, and I hope someone may be able to lead me to the correct plug-ins for my Firefox!
____________________________
I can count to potato!
#4 Dec 29 2007 at 9:55 PM Rating: Excellent
Avatar
*****
19,494 posts
Yah they're on the Mozilla homepage. You can get them from Tools > Ad-ons, and they're some of the most popular ones and thus on the main page for downloads. Ad Blocker blocks ads from specific URLs, like if you want to get rid of the Doubleclick stuff but keep google text, etc. NoScript strips webpages of all code and only allows it to run with your permission. You can set websites that are safe to allow stuff all the time, but even then code from other URLs on that website still needs your permission. If you pay attention NOTHING can get past it.

____________________________
FFXI: Catwho on Bismarck. Once again a top bard on the server: Dardaubla 90 on 1/6/2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest on Lamia - Member of The Swarm and the League of Extraordinary Crafters
#5 Dec 30 2007 at 12:21 AM Rating: Good
Scholar
**
638 posts
I remember someone mentioning in the General Forums that some scanners will pick up something in the POL folder as a keylogger, this is what got people paranoid that SE was watching us. Post in the General Forums and you will get a better answer there than on this one.
____________________________


#6 Dec 30 2007 at 1:52 PM Rating: Good
Scholar
41 posts
So I did go home and logged onto my account from my desktop PC. I did not experience anything as I did on my laptop, so it must be an isolated situation, I would assume some page that I visited.

I also did run the anti-virus from ZA and it as well found nothing. I have not had any adverse actions occur as of yet to my account or laptop so, all in all, I guess just denying that function did well for it.

Thank you for all the responses, but that leaves me to one additional question. Is there a way for me to rethread these post, etc into the general forum?

Again thank you both and anyone else for your help and assistance.
____________________________
I can count to potato!
#7 Jan 01 2008 at 11:21 AM Rating: Decent
Scholar
*
55 posts
People got paranoid about this like months ago after an update. Really it's nothing to worry about, it's certainly not a virus, it's just your POL software. You'd have to dig right back for threads about it, because it was quite a while ago, I wouldn't bother though, unless your interested in pages of "omfg SE is scanning for our windowers!!"
#8 Jan 07 2008 at 12:09 PM Rating: Good
Scholar
*
111 posts
If you're curious as to the exact cause of this, it is because pol.exe hooks into the keyboard and/or device drivers rather than using an external interface (a la DirectInput). Something you can check to make the message go away/come back is to go to your FFXI config and uncheck "use hardware mouse". That should make the message go away, while restarting the computer, then checking "use hardware mouse" should make the message come back. I have long hated ZoneAlarm because it doesn't truly tell you what is going on, or what things are trying to do. Instead it assumes "panic" when giving you informational messages and then insinuates that the worst-case scenario is the most-likely scenario.
This forum is read only
This Forum is Read Only!
Recent Visitors: 12 All times are in CDT
Anonymous Guests (12)