I've noticed a decline in Zemana capabilities.

Joined
May 16, 2017
Messages
179
OS
Windows 10
#21
Sophos right now I don't care for, also it can really slow browsing.. InterceptX with integrated HMPA may prove interesting. Panda is lackluster, especially for PUA in my experience. I like Emsisoft, and currently have 10 PC 3 year license, it's effective with A2 and Bit engines and a really nice Web Scanner that picks up things most products do not. However I have found the software can be buggy at times as the only downside. Emsisoft is ridiculously good at finding PUA though.

Actually my 2 favorite AV's are Emsisoft and Trend Micro. Since I have Bit Defender on the gateway, I tend to lean to Trend for blended protection.

Zemana was always there because it was very lightweight and offered 5 additional engines.. Now? Not so sure.
Yes, I've recently noticed that Sophos can slow down my browsing. It's still beta, so we'll have to wait to see if it improves until they release the final version.
I've been an Emsisoft user for a little more than 10 years, and yes, it can be buggy sometimes, but an excellent product.
In my recent experience ZAM did a better job than the products I've mentioned.
Let's see how it evolves into it's "Ultimate" version.
 
Likes: frogboy
Joined
May 15, 2017
Messages
190
OS
Windows 10
Antivirus
Bitdefender
#22
Well hopefully zemana didn't get rid of all additional vendor engines from ZAL (ZAM if it had them too in the past? i dunno..) and is planning to offer it in their "ultimate" product as a selling point/feature :rolleyes:

i wonder, is it possible to download the past few versions of ZAL and install it (without it auto updating itself to newest one?) to see if we can figure out which release version got rid of other vendor engines? (assuming the other vendor engines are a part of the program itself, not a service that checks cloud uploaded files...but i have a feeling it probably is something like that)
 
Likes: frogboy

Slyguy

Level 31
Joined
Jan 27, 2017
Messages
2,096
OS
Other OS
#23
ZAM finally answered my emails. They have removed the AV engines from the product as confirmed in their email to me. But they do claim that if there is an unknown object those engines are present in the cloud they use to scan with (Metadefender?).. But that's basically it now. So to me, this isn't the product I paid for. I purchased a product that had multiple engine signatures in the client itself. I didn't purchase a VT uploader... So yeah, I sort of feel ripped off about now.

They asked for my own sample set to be be provided to them.. This set contains threats detected by Avira, Kaspersky, ESET and others but totally missed by Zemana. I have provided these samples to them in the form of a password protected archive and await their response as to why Zemana is totally missing confirmed threats..

I will update once they response. I have also directed them to this thread if they care to comment here about what we are finding.
 
Joined
Feb 13, 2017
Messages
1,465
OS
Windows 10
Antivirus
Emsisoft
#24
ZAM finally answered my emails. They have removed the AV engines from the product as confirmed in their email to me. But they do claim that if there is an unknown object those engines are present in the cloud they use to scan with (Metadefender?).. But that's basically it now. So to me, this isn't the product I paid for. I purchased a product that had multiple engine signatures in the client itself. I didn't purchase a VT uploader... So yeah, I sort of feel ripped off about now.

They asked for my own sample set to be be provided to them.. This set contains threats detected by Avira, Kaspersky, ESET and others but totally missed by Zemana. I have provided these samples to them in the form of a password protected archive and await their response as to why Zemana is totally missing confirmed threats..

I will update once they response. I have also directed them to this thread if they care to comment here about what we are finding.
Not sure I got that, but even before the multiple engines were in the cloud, or they were present also in the client?
 
Joined
May 26, 2014
Messages
445
OS
Windows 10
Antivirus
Isolation
#25
Not sure I got that, but even before the multiple engines were in the cloud, or they were present also in the client?
You are right, Zemana always used Metadefender along with in-house heuristics + Pandora. ( While in beta it was MetaScan 8 + Microsoft + McAfee + in house developed heuristics engine).

Zemana changed this setup in the final version (long time ago), so it doesnt have 10 engines anymore, but I dont know if they changed further.
 
Joined
Feb 13, 2017
Messages
1,465
OS
Windows 10
Antivirus
Emsisoft
#26
You are right, Zemana always used Metadefender along with in-house heuristics + Pandora. ( While in beta it was MetaScan 8 + Microsoft + McAfee + in house developed heuristics engine).

Zemana changed this setup in the final version (long time ago), so it doesnt have 10 engines anymore, but I dont know if they changed further.
Thanks to confirm what I was thinking :)
 
Likes: frogboy

Evjl's Rain

Level 33
Content Creator
Trusted
AV-Tester
Joined
Apr 18, 2016
Messages
2,286
OS
Windows 8.1
Antivirus
Avast
#27
according to the lastest info we collected, ZAM uses metascan 16 but only 5 best engines
Zemana Anti-Malware 2.4.1.100 Beta
  • Started using MetaScan 16 package (5 best AV engines)
+ their in-house engine because I have seen it detected something which was 0/62 on VT uploaded by me 10 seconds before then
 
Joined
May 26, 2014
Messages
445
OS
Windows 10
Antivirus
Isolation
#29
according to the lastest info we collected, ZAM uses metascan 16 but only 5 best engines

+ their in-house engine because I have seen it detected something which was 0/62 on VT uploaded by me 10 seconds before then
Yeah, Zemana changed the setup a lot during the beta, but it should be still using the 5 "best engines":

Zemana AntiMalware 2 BETA
 

Slyguy

Level 31
Joined
Jan 27, 2017
Messages
2,096
OS
Other OS
#30
Zemana responded back. While those 5 engines aren't in the UI or local on the machine, they are still in us via cloud.

The disconnect was my samples sent to them is they do not scan all extensions. In this case, a ransomware loaded WSF document file would be entirely avoided by Zemana in terms of scanning. While the scanner 'shows' it being scanned in the UI, that's just the local Zemana scanner and not the 5 engine scan.

I think that is were my disconnect is with it. We're seeing a lot of malicious document files lately and Zemana just doesn't factor those into the 5 engine offsite engines but appears to scan with just the in-house one. The reason cited was privacy, they don't want to take the chance of sending personal document files to metascan.
 
Joined
May 15, 2017
Messages
190
OS
Windows 10
Antivirus
Bitdefender
#31
ZAM finally answered my emails. They have removed the AV engines from the product as confirmed in their email to me. But they do claim that if there is an unknown object those engines are present in the cloud they use to scan with (Metadefender?).. But that's basically it now. So to me, this isn't the product I paid for. I purchased a product that had multiple engine signatures in the client itself. I didn't purchase a VT uploader... So yeah, I sort of feel ripped off about now.
Zemana responded back. While those 5 engines aren't in the UI or local on the machine, they are still in us via cloud.

The disconnect was my samples sent to them is they do not scan all extensions. In this case, a ransomware loaded WSF document file would be entirely avoided by Zemana in terms of scanning. While the scanner 'shows' it being scanned in the UI, that's just the local Zemana scanner and not the 5 engine scan.

I think that is were my disconnect is with it. We're seeing a lot of malicious document files lately and Zemana just doesn't factor those into the 5 engine offsite engines but appears to scan with just the in-house one. The reason cited was privacy, they don't want to take the chance of sending personal document files to metascan.
that seems to go with what i said earlier.
Does anyone know for sure that at some point ZAL/ZAM had those "5 best engines" from other vendors locally/in the client itself ?
Or did it always scan with their in-house engine locally, then send questionable files to the cloud to be scanned by the "other 5" ?

If it was in the client locally at some point, then i think that's not a great move by zemana... And i agree @Slyguy (and others) aren't getting what they paid for any more...
Basically like a "bait and switch" move

About not scanning all extensions (except with local in-house engine):
- if certain file extensions are skipped automatically from being uploaded to the cloud to be checked, how secure is that policy??
---> Ex: if their in-house engine doesn't catch it being malware, the other 5 engines are supposed to be used as a backup to "double check" right?? (that is the point of having "other 5" engines in the first place isnt it?? lol)
-----> But: in this case, "other 5" engines are Never used to "double check" (which defeats the point of having the "other 5" engines...?? lol)
- We don't even know which file extensions are skipped from being uploaded, do we?
----> Ex: you said WSF is document file, so then .doc(x), .pdf, .xls(x), etc being "document files" are also skipped ??
 

Slyguy

Level 31
Joined
Jan 27, 2017
Messages
2,096
OS
Other OS
#32
that seems to go with what i said earlier.
Does anyone know for sure that at some point ZAL/ZAM had those "5 best engines" from other vendors locally/in the client itself ?
Or did it always scan with their in-house engine locally, then send questionable files to the cloud to be scanned by the "other 5" ?

If it was in the client locally at some point, then i think that's not a great move by zemana... And i agree @Slyguy (and others) aren't getting what they paid for any more...
Basically like a "bait and switch" move

About not scanning all extensions (except with local in-house engine):
- if certain file extensions are skipped automatically from being uploaded to the cloud to be checked, how secure is that policy??
---> Ex: if their in-house engine doesn't catch it being malware, the other 5 engines are supposed to be used as a backup to "double check" right?? (that is the point of having "other 5" engines in the first place isnt it?? lol)
-----> But: in this case, "other 5" engines are Never used to "double check" (which defeats the point of having the "other 5" engines...?? lol)
- We don't even know which file extensions are skipped from being uploaded, do we?
----> Ex: you said WSF is document file, so then .doc(x), .pdf, .xls(x), etc being "document files" are also skipped ??
Very important post from you and I agree.

We don't know what is being skipped and this could be very dangerous.. We're seeing a great many PDF, DOC, and even some image malware lately. If all of those are skipped then I question some of the value. MAYBE Zemana should allow us to select what format are scanned or avoided? Let us decide.
 
Joined
May 26, 2014
Messages
445
OS
Windows 10
Antivirus
Isolation
#33
that seems to go with what i said earlier.
Does anyone know for sure that at some point ZAL/ZAM had those "5 best engines" from other vendors locally/in the client itself ?
Or did it always scan with their in-house engine locally, then send questionable files to the cloud to be scanned by the "other 5" ?

If it was in the client locally at some point, then i think that's not a great move by zemana... And i agree @Slyguy (and others) aren't getting what they paid for any more...
Basically like a "bait and switch" move

About not scanning all extensions (except with local in-house engine):
- if certain file extensions are skipped automatically from being uploaded to the cloud to be checked, how secure is that policy??
---> Ex: if their in-house engine doesn't catch it being malware, the other 5 engines are supposed to be used as a backup to "double check" right?? (that is the point of having "other 5" engines in the first place isnt it?? lol)
-----> But: in this case, "other 5" engines are Never used to "double check" (which defeats the point of having the "other 5" engines...?? lol)
- We don't even know which file extensions are skipped from being uploaded, do we?
----> Ex: you said WSF is document file, so then .doc(x), .pdf, .xls(x), etc being "document files" are also skipped ??
Never locally, it was always MetaScan (cloud).
 

scoopnog

New Member
Joined
May 24, 2017
Messages
1
#34
Curious if this is an EU legal limitation. That is, explicit permission must be obtained to upload personal files to a third party service such as metadefender or VT. If so, it would be a limitation/concern of any antimalware using these services.
 
Likes: kamla5abi
Joined
May 15, 2017
Messages
190
OS
Windows 10
Antivirus
Bitdefender
#35
Very important post from you and I agree.

We don't know what is being skipped and this could be very dangerous.. We're seeing a great many PDF, DOC, and even some image malware lately. If all of those are skipped then I question some of the value. MAYBE Zemana should allow us to select what format are scanned or avoided? Let us decide.
Yes, exactly my point :) We can just simply look at malwarehub and how many active/real malwares are using "document files" at some point of their attack process/method (doc, pdf, etc). This statement by them just raises more questions.

About letting user decide which format to scan or avoid:
Zemana could say "ZAL/ZAM does allow you to exclude certain folders/files from being scanned in settings"
---> this implies that files you don't exclude in that setting will be scanned (thats the point of having such "exclude these files/folders" setting, right? choose which file to scan and which not to)
Zemana could say "All files that are not excluded do get scanned"
---> But they don't say "All files that are not excluded do get scanned [by our in-house engine only at first, and then some of those files get uploaded to cloud to be scanned by the "other 5 best" engines, unless they are excluded by default due to some criteria]"... (and that "criteria" that decides which files get sent to cloud to be scanned by other engines is unknown by users since Zemana doesn't make that public knowledge)
---> To me this is sounding more and more like how Avira seems to work. They use definitions for local/offline scanning. But then theres some [unknown] criteria they use to selectively choose which files get uploaded to Avira cloud to get scanned further...

Never locally, it was always MetaScan (cloud).
thanks for that :)
if it was always ZAL/ZAM sending files to the cloud before too, they must have had different criteria in the past then i guess? Maybe zemana excluding "document files" now is a new thing... Or more malware now is using "document files" , which Zemana i guess excludes automatically...which is why Zemana's detection rate is doing poorly now...
 
Joined
May 15, 2017
Messages
190
OS
Windows 10
Antivirus
Bitdefender
#36
Curious if this is an EU legal limitation. That is, explicit permission must be obtained to upload personal files to a third party service such as metadefender or VT. If so, it would be a limitation/concern of any antimalware using these services.
Could be, If the EU legal limitation thing is a new thing then that might explain why it appears that Zemana changed their upload criteria to the cloud...
 
Joined
Jul 28, 2014
Messages
1,847
OS
Windows 10
Antivirus
Kaspersky
#37
Zemana used to be so strong in the past, it caught almost every sample I threw at it with almost no false positives, then they started to remove their options on what engines you could use to scan the files, then they hid what engines they used completely.

I used to have a lot of faith in Zemana but now I would definitely scan suspicious files with other 2nd opinion scanners on top of Zemana just to be sure.
 

Adz.

Level 2
Joined
Dec 15, 2016
Messages
51
#40
let alone the rest, i still have the heavy ram usage problem. from what i see in processhacker it consumes rougly 200mb commit and 350mb physical ram, i made a thread here few months back and it still hasnt been fixed yet, anyway i hardly use zemana as my 2nd scanner like i used too. also wont be renewing my license nor buying their new upcoming zemana ultimate product, until i see better improvements on their current products.