Create an event log entry checkbox.

Going from the main page "Internet" category, "Settings"/"Smart Firewall" category/"Configure", selct the program you wish to deal with, hit "Modify"/"Modify" and click on the "Tracking" tab. See that little checkbox? I imagined its purpose was to write an entry in the logfile (if it was checked) when this rule is triggered. Not so, I have learned. I have a Yahoo Widget on my desktop which checks an important imap mailbox every minute an alerts me if mail arrives. Idly poking around in my firewall log yesterday, I discovered entries like this:

 

12/3/2008 1:10 PM,Low,"An instance of \"C:\Documents and Settings\BuhDuh\Local Settings\Application Data\Yahoo\Widget Engine\Unzipped\Popcheck Mail Checker mk2.widget\Popcheck Mail Checker.widget\Contents\retrieve.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,

 

This repeats every minute as the widget is triggered.

Aha! I thought. The default must be to log this program access by default; since I don't need to know my email is being checked, and I don't need my logfile to grow with this spurious message every minute, I drilled down to its settings. Well, whatcha know? The box is *not* checked. So is my supposition correct, that the checkbox is supposed to enable/disable logging?  If so, why isn't it working? Trolling through thousands of entries like this in my firewall log to try and spot what just may be an important (hopefully blocked) attempt to compromise my system is just preposterous.