Lobito Punky

Level 8
Hello, I wonder if anyone knows how to remove the publicity of the program. Annoying windows appear. Thank you very much friends and happy New Year! Best regards.
 

TairikuOkami

Level 21
Content Creator
Verified
The process responsible is "cefsimple.exe". I would say block it in the firewall, but that is not possible. This is a little concerning, since malware could use it against ZA, by using some vulnerability and faking a process under its name, which would allow it to run and access internet. It is a slim chance, but still possible. :unsure:

Anyway, you could try removing the whole cef folder, but ZA would probably just restore it. You should try it as the first safe option.

Code:
takeown /f "%ProgramFiles%\CheckPoint\ZoneAlarm\cef" /a /r /d y
icacls "%ProgramFiles%\CheckPoint\ZoneAlarm\cef" /inheritance:r /grant:r Administrators:(OI)(CI)F /t /l /q /c
rd "%ProgramFiles%\CheckPoint\ZoneAlarm\cef" /s /q
Denying exe to run should work as well. It is not an essential process, so there should be no issues. Note, that if ZA will be updating, an update might fail, because it will not be able to access it, in that case reset the permissions, update and block it again. There might be other long term issues, if ZA keeps trying to run it.

Code:
takeown /f "%ProgramFiles%\CheckPoint\ZoneAlarm\cef\cefsimple.exe" /a
icacls "%ProgramFiles%\CheckPoint\ZoneAlarm\cef\cefsimple.exe" /inheritance:r /remove "Administrators" "Authenticated Users" "Users" "System"
Code:
icacls "%ProgramFiles%\CheckPoint\ZoneAlarm\cef\cefsimple.exe" /reset
 

Attachments

Syafiq

Level 10
Verified
I personally won't trust Israeli Products, they're suspicious IMO :rolleyes: If you want no ads, you can just go for Kaspersky Free (y)
 
Reactions: Lobito Punky

Syafiq

Level 10
Verified
Ok, just use the Windows 10 built-in firewall and add Voodooshield Free version alongside EAM. ~Greetings friend :)
 

Faybert

Level 22
Malware Hunter
Verified
strange, I'm doing some testing with it currently on another machine and no advertising window appeared :unsure:
 

imuade

Level 7
Verified
The process responsible is "cefsimple.exe". I would say block it in the firewall, but that is not possible.
I know it's an old post, but would it be possible to block "cefsimple.exe" outbound connections on Windows Firewall?
On Windows 10 Microsoft suggests to keep Windows Firewall enable even if you use a 3rd party firewall, considering that:
  • to block a connection you just need a blocking rule in either WF or the 3rd party FW
  • to allow a connection you need an allow rule on both WF and the 3rd party FW
 
Reactions: stefanos