Evjl's Rain Zemana Report - January 2017

Not open for further replies.


Level 27
Content Creator
Dec 29, 2014
Discussion has become lively and a very informative thread. Looking forward to the results of further testing. Thanks for the work so far with this.

A side topic while we await further analysis of Zemana...Curious if anyone thinks that a-v/sig based apps ever look for key words in the title of a file like Cerber or another single word that might give away a test sample?

I installed a program called KnowBe4 Ran Sim that simulates ransomeware. 360 TS seemed to know the ten test files before the test started (almost). Grabbed them all in one alert. No surprise since probably the program has been around for some time. I was forced to restore the files to the program to run the test and then rerun with a-v off, which I was planning to do anyway. Still, it's difficult to ascertain which method of detection is being applied with 360. Log says it was File Protection but not the method of detection.


Level 41
Mar 8, 2013
No worries. Thanks for the info.

No problem, I don't know 100% how ZAM Real-time works under the hood so I didn't want to give you a partial answer. What I am sure is when you see a window that Zemana blocked a harmful file, that is a 99.99% malicious file. How ZAM determines it, is what I don't know. It could be a cloud engine detection, behavior detection or Pandora detection (that has many checks whether some file is good or bad), but again I am not competent to answer that question.

Evjl's Rain

Level 46
Content Creator
Malware Hunter
Apr 18, 2016
Containment: VMware Workstation 12.5.2 build-4638234
Guest/OS: Windows 7 Pro SP1
Product: Zemana Antimalware Premium (latest), with Pandora
Static: Not tested
Dynamic: 5/7 (2 samples left in the folder but ZAM blocked a dropped .vbs file of 1 of the samples)
Total: 5/7
System Final Status: Infected (by second opinion scanners, including ZAM itself)

NOTE: AutoKMS.exe is not an infection

Final verdict: ZAM did a much better job than my previous tests. However, Pandora still let 1 malware pass through. It dropped a file and created an entry on boot. The realtime protection should be improved

EDIT: My mistake, it should be 5/7 in total. I removed some steps to decrease the video length. Forgot to count it properly

Last edited:
Not open for further replies.