Why did ZoneAlarm suddenly provide a keylogger warning (refer below) about ashServ.exe at bootup?
I have not seen this message before and am a little worried! :o
Thanks in advance!
ZA Warning Message:
Avast! antivirus service is attempting to monitor user activities on this computer. If allowed it may try to track or log keystrokes (user input), mouse movements/clicks, web sites visited, and other user behaviours.
Application: ashServ.exe
Location: C:\Program Files\Alwil Software\Avast4
Size: 155,160 Bytes
Size on disk: 155,648 bytes
Created: Tuesday, 1 April 2008, 4:13:24PM
Allow or Deny
Here is my setup:
Avast 4.8.1290
Windows XP SP3
ZA Pro 8.0.059
Mbam 1.30
Firefox 3.04
Why because ZA is a piece of -- insert own expletive.
No seriously the avast program intercepts (hooks) calls to open/run files to first scan them the process that is the main scanning engine is ashServ.exe, so IMHO ZA thinks incorrectly this interception is keylogging.
Read this:
Avast! antivirus service is attempting to monitor user activities on this computer.
Now give me a one sentence answer to what an anti-virus should do, correct the above statement. So it is doing what it should.
It is unfortunate that they went further in their message that you then misinterpreted as ashServ.exe is a keylogger.
If allowed [b]it may try[/b] to track or log keystrokes (user input), mouse movements/clicks, web sites visited, and other user behaviours.
Again this is what an anti-virus should up to a point be doing but all you have see is log key strokes and come up with avast is a keylogger, without seeing the rest of the message and especially the words ‘it may try.’
It isn’t directed at you. I’m no fan of ZA and if it can’t recognise that is what an anti-virus does and avast is an anti-virus (after all WSC recognises it) then I despair. That is the problem when you pop-up alerts like this the user is effectively caught in the head lights not knowing what to do and can make decisions which could in this case disable their protection.
In the past it has reported you have no AV installed and suggests its own AV, so it doesn’t go out of its way to know what is on your system.