Dear capps-ga,
While unfortunately there is no official word available from Zone Labs
on this issue (and they do not provide other support for the basic
ZoneAlarm product), and a dearth of documentation on it elsewhere,
several Usenet discussions exist which suggests that this is a
harmless ZoneAlarm glitch which occurs when the Windows kernel is
resolving a domain name to an IP address:
"If I remember correctly from nofenders' older post on this issue, it
is the
Windows kernel trying to resolve the name given to it to an IP
address. To
do this it has to contact the defined DNS server. It is safe to answer
'yes'. If you answer 'no' the client dies due to the
error returned from gethostbyname."
- George Prekas in
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&safe=off&threadm=SL9n8.14730%24A%253.107839%40ord-read.news.verio.net&rnum=3&prev=/groups%3Fq%3D%2522Unknown%2BProcess%2522%2BZoneAlarm%26hl%3Den%26lr%3D%26ie%3DUTF-8%26safe%3Doff%26selm%3DSL9n8.14730%2524A%25253.107839%2540ord-read.news.verio.net%26rnum%3D3
And another exists which links it to ssdp, a protocol used by uPnP
(Universal Plug & Play), as implemented in Windows XP:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&safe=off&threadm=atdb6n%24124qu7%241%40ID-148919.news.dfncis.de&rnum=6&prev=/groups%3Fq%3D%2522Unknown%2BProcess%2522%2B%2522Zone%2BAlarm%2522%26hl%3Den%26lr%3D%26ie%3DUTF-8%26safe%3Doff%26selm%3Datdb6n%2524124qu7%25241%2540ID-148919.news.dfncis.de%26rnum%3D6
From my own knowledge of the Windows architecture - I happen to be a
system admin/software developer when not researching - I'm able to
confirm that this is consistent behaviour that matches what you could
expect from a kernel driver accessing the Internet; ZoneAlarm cannot
find a process doing the accessing, as such drivers are not part of
any process.
To perhaps partially clear this up, I would suggest disabling the
"Universal Plug and Play Device Host" service, if you are running
Windows XP and don't have any uPnP devices. As far as the DNS
resolution-related issue is concerned, disabling that would break your
Internet connection. The consensus of the discussions on it seems to
be that it is intermittent and harmless, if annoying - allowing these
connections should not pose any risk and will allow applications to
operate normally, and blocking them may cause the specific application
the request was on behalf of to fail, but should not otherwise cause
any problems.
If this answer isn't quite what you're looking for, please feel free
to request a clarification.
Hope this helps,
cerebrate-ga
Search Strategy:
Visit to Zone Labs support site.
"Unknown Process" ZoneAlarm (Google) -
://www.google.com/search?sourceid=navclient&q=%22Unknown+Process%22+ZoneAlarm
"Unknown Process" ZoneAlarm (Google Groups) -
http://groups.google.com/groups?sourceid=navclient&q=%22Unknown+Process%22+ZoneAlarm
"Unknown Process" "Zone Alarm" (Google) -
://www.google.com/search?sourceid=navclient&q=%22Unknown+Process%22+%22Zone+Alarm%22
"Unknown Process" "Zone Alarm" (Google Groups) -
http://groups.google.com/groups?sourceid=navclient&q=%22Unknown+Process%22+%22Zone+Alarm%22 |
,
0 Comments
)