Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1 Source: TrueVectorService

The description for Event ID ( 1 ) in Source ( True Vector Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: . Data:
The True Vector Service is a component of Zone Labs ZoneAlarm software firewall. Installing and uninstalling Zone Alarm has caused me problems with this service. It runs from Local Machine\System\CurrentControlSet\Services, and begins with 'V'. There are two such entries. In my case, the service was running and silently blocking my dns resolution even though it had been uninstalled and did not appear either in Windows Services or as a running program. In other cases, the machine tries to start the service, but cannot locate it any longer. See ZoneLabs support files for information on the True Vector Service.
Database file <path>\Internet Logs\IAMDB.RDB was improperly shut down. Restoring backup rules database: <path>\Internet Logs\BACKUP.RDB
9. How do I refresh my TrueVector database files?

If you see a change in your ZoneAlarm settings (for example your Security settings keep falling to "Low, " even though you keep setting them to "High"), this may indicate an issue with your TrueVector service. ZoneAlarm is dependent on its TrueVector service to function properly. You may need to refresh the files associated with this service, especially after a networking change, OS change, or ZoneAlarm update. This also resets the database for lost or forgotten passwords.

If the panel is displaying TrueVector driver as loaded and ZoneAlarm is still not functioning properly, it is possible that some files have become corrupt. To repair this problem, please follow these steps. Please note that this will remove your program permission settings (so you may want to make note of them), but re-establishing them is a simple process; you will be prompted again for program access for all the applications that you use to access the local network or Internet.

If any of the steps below does not apply to you, or you are unable to perform the function listed, please continue to the next step:

- Step 1. Open the ZoneAlarm program, go to Configure panel, and make sure the "Load At Startup" box is UNCHECKED.
- Step 2. Right-click on your taskbar, select "Toolbars, " and make sure that the ZoneAlarm deskband is UNCHECKED as well (if it is checked, click on it to uncheck it).
- Step 3. Reboot. You should now have no ZoneAlarm processes running on your system.
- Step 4. Open the Internet Logs directory (in 95/98/ME this will be "c:\windows\internet logs", in NT and 2000 it will be c:\winnt\internet logs, in Windows XP it could be either of these folders). If you need to keep a copy of old alerts, copy the ZAlog.txt file to another location first - then delete ALL files in this folder.
- Step 5. Make sure you have emptied your Recycle Bin, then reboot your system.
- Step 6. You will need to start ZoneAlarm manually. (Click "Start, " "Programs, " "Zone Labs, " "ZoneAlarm"). ZoneAlarm will start up again with a fresh database. Each program should ask for access again if the files were properly deleted.
- Step 7. Be sure to RECHECK anything you unchecked earlier.

If you are unable to delete these files, or are unable to empty the Recycle Bin, try removing the items mentioned above AFTER doing the following:

If you are running Windows 95, 98, Me, or 2000, reboot your system into either Safe Mode or to a Command Prompt. The method is determined by your OS, but normally either pressing F8 at the beep, or holding the CTRL key during bootup will work. For more information on rebooting in Safe Mode, click "Start, " then "Help." Click the Search tab (On Windows 95 systems, this will be the Find tab), and type in "Safe Mode." Double-click "Start Windows in Safe Mode" for the instructions.

If you are running Windows NT and cannot delete these files, you may need to restart your machine from an NTFS boot disk. The ME119467 article explains how to create a bootable disk for an NTFS or FAT partition.

Make sure that you empty your Recycle Bin before rebooting back into normal mode.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.