Jump to content
Anti-Spymaster

Something weird when installing newest version - pls. advise

Recommended Posts

Hi,

I just installed SAS Free V4.28.1010 (after using the uninstall assistant to uninstall the previous version) and a couple weird things happened:

1. After I installed and set my preferences to *not* automatically update definitions on start-up, when I rebooted by computer, it tried checking for updates anyways (I was off-line, and I blocked it in ZA). I went back into preferences and made sure I had that option turned off, which I did, so I checked it, closed out, then re-opened the program and unchecked it and closed out and restarted my computer. It did not try it automatically get updates after that. Why did this happen?

2. When I first downloaded the definitions after installing the new version, it asked for permission to access the internet through ZA (like normal), then in the middle of downloading the core definitions, it asked to access the internet again in ZA. I allowed it (not knowing what to do), and it finished the core and then did the trace. My ZA log didn't show anything under "destination ID" and under direction (which is usually either incoming or outgoing) it showed "(data). Why did this happen?

3. Then when I rebooted (as described in #1above), and checked for updates again, it downloaded one set of definitions again (not sure if it was core or trace, but it was just one). I should have already had the newest definitions when I got them the first time (as described in #1). So why did it download some definitions here again?

Any help is appreciated -- thanks!

Share this post


Link to post
Share on other sites
Hi,

I just installed SAS Free V4.28.1010 (after using the uninstall assistant to uninstall the previous version) and a couple weird things happened:

1. After I installed and set my preferences to *not* automatically update definitions on start-up, when I rebooted by computer, it tried checking for updates anyways (I was off-line, and I blocked it in ZA). I went back into preferences and made sure I had that option turned off, which I did, so I checked it, closed out, then re-opened the program and unchecked it and closed out and restarted my computer. It did not try it automatically get updates after that. Why did this happen?

2. When I first downloaded the definitions after installing the new version, it asked for permission to access the internet through ZA (like normal), then in the middle of downloading the core definitions, it asked to access the internet again in ZA. I allowed it (not knowing what to do), and it finished the core and then did the trace. My ZA log didn't show anything under "destination ID" and under direction (which is usually either incoming or outgoing) it showed "(data). Why did this happen?

3. Then when I rebooted (as described in #1above), and checked for updates again, it downloaded one set of definitions again (not sure if it was core or trace, but it was just one). I should have already had the newest definitions when I got them the first time (as described in #1). So why did it download some definitions here again?

Any help is appreciated -- thanks!

Zonealarm is a great firewall but sometimes you have to go into ZA and tell it to Allow Automatically. If you don't and it get's somehow put to deny it won't ask you and SuperAntiSpyware can't connect to the server to update the servers. I'd go into Zonelarm and tell it to always allow SUPERAntiSPyware.exe to access the internet. That would be the first place I would look.

Share this post


Link to post
Share on other sites

Thanks for the post! That's not actually the issue though. I purposely have ZA ask for permission before connecting, and then I allow it manually. I just like to know what things are doing and when. I know, I'm weird... :)

Those three things I listed are things that it usually doesn't do, and seem odd (automatically checking for updates upon reboot even though I turned off that option, asking for permission a second time in the middle of downloading core definition updates, downloading either core or trace definitions again (it was one or the other) even though I had just done so and should have had the most recent versions already).

Also, looking at my ZA log, I want to add a fourth weird thing:

4. spoolsv.exe asked for permission to connect to the internet, and the destination DNS listed says superantispyware.com. Why would this be? (This was blocked automatically, because I have ZA set to block all instances of spoolsv.exe connecting to the internet, since it doesn't need to.)

Here's a list of my ZA log with all instances of SAS connecting to the internet (if I allowed it), or not (if I manually blocked it). I'll bold the ones that I *think* pertain to my concerns. The ones that aren't bolded are just me repeatedly checking for updates to see what happened (which was nothing).

Description SUPERAntiSpyware Application requested permission to access the internet.

Rating High

Date / Time 2009/09/11 10:38:06-7:00 GMT

Type Changed Program

Program C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Source IP

Destination IP 208.67.222.222:53

Direction Outgoing (connect)

Action Taken Allowed (once)

Count 1

Source DNS

Destination DNS resolver1.opendns.com

Description SUPERAntiSpyware Application requested permission to access the internet.

Rating High

Date / Time 2009/09/11 10:39:34-7:00 GMT

Type Repeat Program

Program C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Source IP

Destination IP

Direction (data)

Action Taken Allowed (once)/Manual

Count 1

Source DNS

Destination DNS

I think this is when it asked to connect to the internet in the middle of downloading the core definitions for the first time after installing the new version, which I manually allowed.

Description SUPERAntiSpyware Application requested permission to access the internet.

Rating High

Date / Time 2009/09/11 11:11:22-7:00 GMT

Type Repeat Program

Program C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Source IP

Destination IP 0.0.0.0:53

Direction Outgoing (connect)

Action Taken

Count 1

Source DNS

Destination DNS

Description SUPERAntiSpyware Application was unable to obtain permission for connecting to the Internet; access was denied.

Rating Medium

Date / Time 2009/09/11 11:11:22-7:00 GMT

Type Program Access

Program SUPERAntiSpyware.exe

Source IP

Destination IP 0.0.0.0:53

Direction Outgoing (connect)

Action Taken Blocked

Count 2

Source DNS

Destination DNS

Description SUPERAntiSpyware Application requested permission to access the internet.

Rating High

Date / Time 2009/09/11 11:11:22-7:00 GMT

Type Repeat Program

Program C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Source IP

Destination IP 0.0.0.0:53

Direction Outgoing (connect)

Action Taken

Count 1

Source DNS

Destination DNS

Description SUPERAntiSpyware Application requested permission to access the internet.

Rating High

Date / Time 2009/09/11 11:11:22-7:00 GMT

Type Repeat Program

Program C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Source IP

Destination IP 0.0.0.0:53

Direction Outgoing (connect)

Action Taken Blocked (once)/Manual

Count 1

Source DNS

Destination DNS

Description SUPERAntiSpyware Application was temporarily blocked from connecting to the Internet.

Rating High

Date / Time 2009/09/11 11:11:28-7:00 GMT

Type Program Access

Program SUPERAntiSpyware.exe

Source IP

Destination IP

Direction Outgoing (connect)

Action Taken Blocked

Count 3

Source DNS

Destination DNS

I think these are when it tried to check for updates automatically upon reboot (even though that option was turned off) and I blocked it in ZA.

Description SUPERAntiSpyware Application requested permission to access the internet.

Rating High

Date / Time 2009/09/11 11:16:36-7:00 GMT

Type Repeat Program

Program C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Source IP

Destination IP 208.67.219.230:53

Direction Outgoing (connect)

Action Taken Allowed (once)/Manual

Count 1

Source DNS

Destination DNS google.navigation.opendns

Description SUPERAntiSpyware Application requested permission to access the internet.

Rating High

Date / Time 2009/09/11 11:29:12-7:00 GMT

Type Repeat Program

Program C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Source IP

Destination IP 208.67.219.231:53

Direction Outgoing (connect)

Action Taken Allowed (once)/Manual

Count 1

Source DNS

Destination DNS google.navigation.opendns

Description SUPERAntiSpyware Application requested permission to access the internet.

Rating High

Date / Time 2009/09/11 11:31:40-7:00 GMT

Type Repeat Program

Program C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Source IP

Destination IP 199.7.59.72:53

Direction Outgoing (connect)

Action Taken Allowed (once)/Manual

Count 1

Source DNS

Destination DNS ocsp.verisign.net

Description SUPERAntiSpyware Application requested permission to access the internet.

Rating High

Date / Time 2009/09/11 11:31:40-7:00 GMT

Type Repeat Program

Program C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Source IP

Destination IP 199.7.59.72:53

Direction Outgoing (connect)

Action Taken Allowed (once)/Manual

Count 1

Source DNS

Destination DNS ocsp.verisign.net

Description Spooler SubSystem App was blocked from connecting to the Internet (209.62.68.168:DNS).

Rating High

Date / Time 2009/09/11 11:33:16-7:00 GMT

Type Program Access

Program spoolsv.exe

Source IP

Destination IP 209.62.68.168:53

Direction Outgoing (connect)

Action Taken Blocked

Count 1

Source DNS

Destination DNS superantispyware.com

This is when spoolsv.exe tried to connect for some reason, and it was automatically blocked.

Thanks again for all the help! And thanks for SAS!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×