packet being sent to myself?

[t0ddie]

that much i do concur, indirectly though, the autoit program is effecting it.

im not running svchost.exe, im running the script.

and that message i posted does not state the program "autoit v3 script"

the FLAG that my firewall sends up says that, and its on a type of splashtext i cant copy and paste it. but either way that is the FIREWALL info, i click the program info and i get something like this.

Description

Rating Medium

Date / Time 2005/07/17 07:43:14-5:00 GMT

Type Unknown

Program AutoIt3.exe

Source IP

Destination IP

Direction

Action Taken

Count 1

Source DNS

Destination DNS

but anyways, its all STUPID!

the flag also does not say AutoIt3.exe it says AutoIt V3 script

and this is all it logs under the program tab. but the firewall tab

is the same time as the program tab in alerts.

i know how to use my firewall, i understand that its blocking a packet.

so to simplify FURTHER, maybe i should ask this

why is SVCHOST sending a packet when i run an autoit v3 script that has the mousemove command in it?

i really dont care, but i just wanted to explain that im not an idiot, and i know what i saw.

the goddamn firewall said BLOCKED "autoit v3 script"

and then i looked at the logs and those are the 2 logs you see.

but i can see how you would ASSUME otherwise. since i didnt write it in the log.. although i said i t was there 3 TIMES OR MORE in this thread.

im not making this up, its still there, im seeing it.

dont reply because ill probably just write another huge post explaining myself to NO AVAIL

valik, i think you should buy me a beer

[layer]

Enough with all this beer crap, if I were Valik I wouldn't even bother trying to help you at this point.

[Closes Topic]

Edited July 17, 2005 by layer

[t0ddie]

t0ddie, if you don't know how to use your firewall, turn it off.  Obviously, if you would even read the alert, you would see that it is not AutoIt.  "svchost.exe" is not an AutoIt process, its a Windows system process.  If you've turned it up to show all alerts, then you are going to get an alert for virtually everything because that is what you told the firewall to do.

<{POST_SNAPBACK}>

also, thats the log. i read the log.

you dont see the alert.... it pops up as a splashscreen from zonealarm.

thanks for trying to help, even though it was cocky "OBVIOUSLY"

[t0ddie]

Enough with all this beer crap, if I were Valik I wouldn't even bother trying to help you at this point.

[Closes Topic]

<{POST_SNAPBACK}>

if i were you or him, i would help if i could, and if i couldnt i would not hassle you about it.

and i like beer, and comment on it for comic releif, and not off topic by itself with no question about programming. RELAX...

and i dont want help! i dont care anymore, just wanted to have a discussion!

i use it ( the word beer) more and more now because im getting shit from him, and it seems funny to prolong the joke by feeding him ammo to use against me.

i ramble on too much.. but im not such a bad guy.

but ok. your replies keep me going!

[/dev/null]

so to simplify FURTHER, maybe i should ask this

why is SVCHOST sending a packet when i run an autoit v3 script that has the mousemove command in it?

well, there is no reason if it's true what you are telling us. Anyway post the script. I'm willing to check it, as I'm curious now.

i really dont care, but i just wanted to explain that im not an idiot, and i know what i saw. the goddamn firewall said BLOCKED "autoit v3 script"

well, then simply post the screenshot!

Cheers

Kurt

Edited July 17, 2005 by /dev/null

[Valik]

Alright, I've just tested this because as I suspected, your information is useless. When you try to run a script that uses the Send() function or any of the Mouse functions and you have alerts set to High, ZoneAlarm generates this alert:

First of all, it is in fact not blocked as the AutoIt command still executes. A MouseMove() call will demonstrate that the mouse is in fact still moved.

Second, there are no incoming or outgoing events from either svchost.exe or AutoIt3.exe during this time so you obviously don't understand how to read your log. I even went so far as to make sure every event ZoneAlarm can log is logged and I still do not see svchost or AutoIt trying to send anything.

Third, does it seem terribly unreasonable that a firewall set to alert on everything would flag simulated user input as something alert-worthy? Seems to me that a firewall should maybe be leery of simulated input and flag it because that simulated input may be out to shut the firewall down. I call this smart protection.

My conclusion is, that as usual, you've failed to engage your brain and piece together a very simple puzzle. You not only do not know what the features of your firewll do, you don't understand how to interpret the output from the firewall, either. Enabling the High alert setting bombards the user with mostly informational alerts, which is all this is, by the way. Most of these are useless and are just a case of ZoneAlarm doing what the user says and reporting anything that might even potentially be naughty.

[t0ddie]

ty valik.

i know its not blocked, thats what brought up my whole curiosity in the first place.

because it says it is, yet its not.

its not that i didnt understand why it was being blocked, i didnt understand why it said it was blocking it and doesnt block it, (still dont understand)

so that made me ask why the flag was coming up in the first place,

but i have a further understanding of whats going on now. thanks.

Edited July 17, 2005 by t0ddie

[Wus]

It is also possible that you have a virus, strange unexplicable behavior with svchost is common with viruses. Since you got a svchost blockage, and valik didnt Id say its your computer. Try testing it on a computer not on your network that has zonealarm.