ZoneAlarm and explorer.exe

[Mike Rochip]

I have a folder called "Installers" where I keep all the setup files from programs and apps I've downloaded from the internet. There are both zip files and exe files in the folder.

 

Whenever I open the folder, and before clicking on anything inside of it, ZoneAlarm says explorer.exe [Windows Explorer not IE] wants to access the Trusted Zone. If I allow it, explorer.exe then asks to access the internet.

 

When I look in the ZA logs there are 2 instances of explorer.exe connecting [outgoing] to a loopback and then 1 connection [outgoing] to nyc-dns.nyc.untd.com which I think is NetZero.

 

Does anyone know why this happens or what explorer.exe is trying to do? Is there any way to see which app or program is trying to make a connection? Until recently it had never happened before.

 

Also, I'm not sure if this is related but it seems like sometimes shortly after allowing explorer.exe to access the internet, Windows Defender gives a notification that it has allowed a change to a known application of vmodem.sys or vpctcom.sys. which are drivers for my dialup modem. Is there any reason something would want to modify those files? I don't think they are actually being modified because I'm using Sandboxie and I'm not allowing it to write any changes or info to the hard drive.

 

One more question: While I was getting the information for this post I noticed ZoneAlarm had changed the action for explorer.exe from Ask to Allow. I did not make that change and I've seen ZoneAlarm do this for other programs such as LSA Shell [Export Version]. Is there a way to tell ZoneAlarm that I really meant it when I told it to Ask before allowing access ?

.

Thanks for any help .

[Andavari]

I can't offer any info on why it's happening other than if a .url "Internet Shortcut" is in that folder since Internet Explorer/Explorer tries to show a preview of the website it links to - well at least it did that in Win98, which always annoyed me.

 

The one and only suggestion I'd have to make or test at the least is zip all files in that folder, e.g.; .exe, .url, etc., files that could possible make explorer.exe start an outbound connection - which should also keep those files more protected from easily getting infected should a virus ever get onto your system.