Medium-rated Suspicious Behavior alert

Medium-rated Suspicious Behavior alerts inform you that a trusted program is trying to perform an action that may change the default behavior of a program. For example, if a program were to modify your browser's home page, you would see a Medium-rated Suspicious Behavior alert. If you click Allow, the program is allowed to perform the activity. If you click Deny, the program is prevented from performing the activity and is given Restricted access, which means that all future suspicious behavior will be denied.

Figure 4-3: Medium-rated Suspicious Behavior alert

Why these alerts occur

Hackers often use trusted programs to modify other programs, such as your browser settings or to compromise your computer's operating system.

What you should do

Click Allow or Deny to respond. If you are not sure whether to allow or deny the action, click the More Info button in the alert box. This submits your alert information (for example, the name of the program and the activity it was trying to perform) to SmartDefense Advisor, which then displays a Web page with information about the alert and the behavior. Use the SmartDefense Advisor information to help you decide whether to allow or deny the action.

The table below also provides some information you can use to determine how to respond to Medium-rated Suspicious Behavior alerts when they appear. The information listed here is for your reference only. Bear in mind that some legitimate programs need to perform the actions listed below. Whether to allow or deny suspicious program behavior should be determined by your individual situation. (Note that you can configure ZoneAlarm security software to prevent several of these behaviors automatically. For details, see Configuring OSFirewall protection .)

Medium-rated suspicious behavior guide
Detected Behavior
What this means
Considerations
Modifications of the startup directory
A program is setting itself to run each time your computer is started.
Unless you are installing a program, you should deny this action, as it could be spyware.
Modification of browser search defaults
Your default browser search is being modified.
Unless you are currently modifying your browser's search function, you should deny this action.
Modification of browser page defaults
Your default browser home page is being modified.
Unless you are changing your home page, you should deny this action.
Unloading of driver
A program is trying to trying to unload another program's driver.
There are no legitimate reasons for this behavior. You should deny this action.

.

 
Selecting Remember this setting before clicking Allow or Deny causes ZoneAlarm security software to remember your setting and apply it automatically when the program attempts another similar action. If SmartDefense Advisor is set to Auto, and you select Remember this setting in an OSFirewall alert, your setting will remain effective unless SmartDefense Advisor comes out with a different setting, or until you change the setting manually in the Programs panel.

Some features are only in select versions of the product: find out which features you have

www.zonealarm.com

 

Copyright © 2008 Check Point Software LTD