I've noticed a decline in Zemana capabilities.

Discussion in 'Zemana' started by Slyguy, May 22, 2017.

  1. GonzitoVir

    GonzitoVir Level 4

    May 16, 2017
    153
    702
    Earth
    Windows 10
    Yes, I've recently noticed that Sophos can slow down my browsing. It's still beta, so we'll have to wait to see if it improves until they release the final version.
    I've been an Emsisoft user for a little more than 10 years, and yes, it can be buggy sometimes, but an excellent product.
    In my recent experience ZAM did a better job than the products I've mentioned.
    Let's see how it evolves into it's "Ultimate" version.
     
    frogboy likes this.
  2. kamla5abi

    kamla5abi Level 4

    May 15, 2017
    190
    369
    Canada
    Windows 10
    BitDefender
    Well hopefully zemana didn't get rid of all additional vendor engines from ZAL (ZAM if it had them too in the past? i dunno..) and is planning to offer it in their "ultimate" product as a selling point/feature :rolleyes:

    i wonder, is it possible to download the past few versions of ZAL and install it (without it auto updating itself to newest one?) to see if we can figure out which release version got rid of other vendor engines? (assuming the other vendor engines are a part of the program itself, not a service that checks cloud uploaded files...but i have a feeling it probably is something like that)
     
    frogboy likes this.
  3. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,090
    4,371
    Fortinet Engineer
    USA
    Other OS
    ZAM finally answered my emails. They have removed the AV engines from the product as confirmed in their email to me. But they do claim that if there is an unknown object those engines are present in the cloud they use to scan with (Metadefender?).. But that's basically it now. So to me, this isn't the product I paid for. I purchased a product that had multiple engine signatures in the client itself. I didn't purchase a VT uploader... So yeah, I sort of feel ripped off about now.

    They asked for my own sample set to be be provided to them.. This set contains threats detected by Avira, Kaspersky, ESET and others but totally missed by Zemana. I have provided these samples to them in the form of a password protected archive and await their response as to why Zemana is totally missing confirmed threats..

    I will update once they response. I have also directed them to this thread if they care to comment here about what we are finding.
     
  4. Winter Soldier

    Winter Soldier Level 25

    Feb 13, 2017
    1,466
    10,342
    PLC programmer - Robotics industry
    Wormhole
    Windows 10
    Emsisoft
    Not sure I got that, but even before the multiple engines were in the cloud, or they were present also in the client?
     
    frogboy and Nightwalker like this.
  5. Nightwalker

    Nightwalker Level 7

    May 26, 2014
    325
    1,287
    Lawyer
    Windows 10
    Emsisoft
    You are right, Zemana always used Metadefender along with in-house heuristics + Pandora. ( While in beta it was MetaScan 8 + Microsoft + McAfee + in house developed heuristics engine).

    Zemana changed this setup in the final version (long time ago), so it doesnt have 10 engines anymore, but I dont know if they changed further.
     
  6. Winter Soldier

    Winter Soldier Level 25

    Feb 13, 2017
    1,466
    10,342
    PLC programmer - Robotics industry
    Wormhole
    Windows 10
    Emsisoft
    Thanks to confirm what I was thinking :)
     
    frogboy likes this.
  7. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,798
    13,158
    Vietnam
    Windows 8.1
    Avast
    according to the lastest info we collected, ZAM uses metascan 16 but only 5 best engines
    + their in-house engine because I have seen it detected something which was 0/62 on VT uploaded by me 10 seconds before then
     
  8. frogboy

    frogboy Level 61
    Trusted

    Jun 9, 2013
    6,227
    64,796
    Heavy Duty Mechanic.
    Western Australia
    Windows 10
    Emsisoft
  9. Nightwalker

    Nightwalker Level 7

    May 26, 2014
    325
    1,287
    Lawyer
    Windows 10
    Emsisoft
    Yeah, Zemana changed the setup a lot during the beta, but it should be still using the 5 "best engines":

    Zemana AntiMalware 2 BETA
     
  10. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,090
    4,371
    Fortinet Engineer
    USA
    Other OS
    Zemana responded back. While those 5 engines aren't in the UI or local on the machine, they are still in us via cloud.

    The disconnect was my samples sent to them is they do not scan all extensions. In this case, a ransomware loaded WSF document file would be entirely avoided by Zemana in terms of scanning. While the scanner 'shows' it being scanned in the UI, that's just the local Zemana scanner and not the 5 engine scan.

    I think that is were my disconnect is with it. We're seeing a lot of malicious document files lately and Zemana just doesn't factor those into the 5 engine offsite engines but appears to scan with just the in-house one. The reason cited was privacy, they don't want to take the chance of sending personal document files to metascan.
     
  11. kamla5abi

    kamla5abi Level 4

    May 15, 2017
    190
    369
    Canada
    Windows 10
    BitDefender
    that seems to go with what i said earlier.
    Does anyone know for sure that at some point ZAL/ZAM had those "5 best engines" from other vendors locally/in the client itself ?
    Or did it always scan with their in-house engine locally, then send questionable files to the cloud to be scanned by the "other 5" ?

    If it was in the client locally at some point, then i think that's not a great move by zemana... And i agree @Slyguy (and others) aren't getting what they paid for any more...
    Basically like a "bait and switch" move

    About not scanning all extensions (except with local in-house engine):
    - if certain file extensions are skipped automatically from being uploaded to the cloud to be checked, how secure is that policy??
    ---> Ex: if their in-house engine doesn't catch it being malware, the other 5 engines are supposed to be used as a backup to "double check" right?? (that is the point of having "other 5" engines in the first place isnt it?? lol)
    -----> But: in this case, "other 5" engines are Never used to "double check" (which defeats the point of having the "other 5" engines...?? lol)
    - We don't even know which file extensions are skipped from being uploaded, do we?
    ----> Ex: you said WSF is document file, so then .doc(x), .pdf, .xls(x), etc being "document files" are also skipped ??
     
  12. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,090
    4,371
    Fortinet Engineer
    USA
    Other OS
    Very important post from you and I agree.

    We don't know what is being skipped and this could be very dangerous.. We're seeing a great many PDF, DOC, and even some image malware lately. If all of those are skipped then I question some of the value. MAYBE Zemana should allow us to select what format are scanned or avoided? Let us decide.
     
  13. Nightwalker

    Nightwalker Level 7

    May 26, 2014
    325
    1,287
    Lawyer
    Windows 10
    Emsisoft
    Never locally, it was always MetaScan (cloud).
     
  14. scoopnog

    scoopnog New Member

    May 24, 2017
    1
    1
    USA
    Curious if this is an EU legal limitation. That is, explicit permission must be obtained to upload personal files to a third party service such as metadefender or VT. If so, it would be a limitation/concern of any antimalware using these services.
     
    kamla5abi likes this.
  15. kamla5abi

    kamla5abi Level 4

    May 15, 2017
    190
    369
    Canada
    Windows 10
    BitDefender
    Yes, exactly my point :) We can just simply look at malwarehub and how many active/real malwares are using "document files" at some point of their attack process/method (doc, pdf, etc). This statement by them just raises more questions.

    About letting user decide which format to scan or avoid:
    Zemana could say "ZAL/ZAM does allow you to exclude certain folders/files from being scanned in settings"
    ---> this implies that files you don't exclude in that setting will be scanned (thats the point of having such "exclude these files/folders" setting, right? choose which file to scan and which not to)
    Zemana could say "All files that are not excluded do get scanned"
    ---> But they don't say "All files that are not excluded do get scanned [by our in-house engine only at first, and then some of those files get uploaded to cloud to be scanned by the "other 5 best" engines, unless they are excluded by default due to some criteria]"... (and that "criteria" that decides which files get sent to cloud to be scanned by other engines is unknown by users since Zemana doesn't make that public knowledge)
    ---> To me this is sounding more and more like how Avira seems to work. They use definitions for local/offline scanning. But then theres some [unknown] criteria they use to selectively choose which files get uploaded to Avira cloud to get scanned further...

    thanks for that :)
    if it was always ZAL/ZAM sending files to the cloud before too, they must have had different criteria in the past then i guess? Maybe zemana excluding "document files" now is a new thing... Or more malware now is using "document files" , which Zemana i guess excludes automatically...which is why Zemana's detection rate is doing poorly now...
     
  16. kamla5abi

    kamla5abi Level 4

    May 15, 2017
    190
    369
    Canada
    Windows 10
    BitDefender
    Could be, If the EU legal limitation thing is a new thing then that might explain why it appears that Zemana changed their upload criteria to the cloud...
     
  17. Hanmin147

    Hanmin147 Level 28

    Jul 28, 2014
    1,786
    7,607
    Windows 10
    Avast
    Zemana used to be so strong in the past, it caught almost every sample I threw at it with almost no false positives, then they started to remove their options on what engines you could use to scan the files, then they hid what engines they used completely.

    I used to have a lot of faith in Zemana but now I would definitely scan suspicious files with other 2nd opinion scanners on top of Zemana just to be sure.
     
    Adz., Davidov, kamla5abi and 2 others like this.
  18. Malware Person

    Malware Person Level 4

    Jun 8, 2016
    156
    244
    United States
    Windows 10
    BitDefender
    use malwarebytes free and hitman pro as on-demand scanners. job done
     
  19. Malware Person

    Malware Person Level 4

    Jun 8, 2016
    156
    244
    United States
    Windows 10
    BitDefender
    zemana has indeed been declining in terms of detection of malware
     
  20. Adz.

    Adz. Level 1

    Dec 15, 2016
    43
    101
    elsewhere
    let alone the rest, i still have the heavy ram usage problem. from what i see in processhacker it consumes rougly 200mb commit and 350mb physical ram, i made a thread here few months back and it still hasnt been fixed yet, anyway i hardly use zemana as my 2nd scanner like i used too. also wont be renewing my license nor buying their new upcoming zemana ultimate product, until i see better improvements on their current products.
     
    conceptualclarity likes this.
Loading...
Similar Threads Forum Date
SOLVED Can't remove chromesearch.win despite everything I've done. Malware Removal Assistance For Windows Nov 24, 2017
I've been impressed with Emsisoft Anti-Malware Emsisoft Sep 26, 2017
Alcatel TRU I've been hacked Malware Removal Assistance For Mobile Jan 2, 2017