Zemana Anti-Logger 1.9.2 Review

[Deleted member 178]

After some weeks of experiment, this is what i can say about Zemana Anti-logger:

1- UI : clear, simple, well designed, it show you the various modules and options.



2- Modules: ZAL is made of 5 modules, Anti-Keylogger, Anti-screenlogger, Anti-Webcam logger, Anti-clipboardlogger and the System Defense (this one, very strong, monitors your RAM/registry/files for malwares).

http://malwareresearchgroup.com/2011/07/26/mrg-flash-test-26072011/ (MRG flast test 26/07/11)
http://malwareresearchgroup.com/malware-tests/flash-test-results/ (MRG current result 2011)

3- Rule List: you can set there the rules you want ZAL applies when detecting a potential suspicious process.

4- Settings: there you can set the various alerts options of ZAL, the use of it whitelist, etc... an "Expert" button allow ZAL to ask about your decision to every alert it detect.


That is all for ZAL, if i found new things to say , i will update the post.

Link: http://www.zemana.com/

Thanks for reading.

 

[Ink]

RE: Zemana Anti-Logger 1.9.2

An excellent product for complete Anti-Logger protection, most cases it's not needed if you are sure your PC is malware-free.

Some security products have some sort of Anti-Logger protection, but not as complete as ZAL (AFAIK).

The facebook free version of Prevx SafeOnline can protect you against Screen-Loggers, during web browsing sessions if cranked up to Max. protection.

 

[MetalShaun]

RE: Zemana Anti-Logger 1.9.2

I prefer SpyShelter myself. Also has 64bit version.

 

[NathanF1]

RE: Zemana Anti-Logger 1.9.2

Thank you, umbrapolaris, for the ZAL review!

It's really good on x32 systems, sadly protection is next to non-existent on x64, unlike SpyShelter Premium which supports 64-bit. There was a suggestion that functional x64 ZAL would be released by the end of July, but it doesn't seem likely.

Although I haven't experienced obvious compatibility issues [crashes, etc.] and ZAL runs along other applications, there are security implications to be considered. Enabling "System Defense" can affect existing HIPS software - I have experienced some issues on XP SP3 PC with Outpost Security Suite Free [even feature-clipped, still an excellent Firewall/strong HIPS]:

1. Anti-leak test for "Injection:SetWinEventHook" and "Injection:SetWindowsHookEx" could fail after installing ZAL. The second mentioned test passes with "System Defence" enabled, otherwise it fails for me.
2. I had to allow some CLT activities in ZAL in order to pass a test [all activity already blocked in OSS Free]. Blocking the activity in ZAL would cause the tests to fail :huh:

I'd need to uninstall Outpost, then install it again with ZAL already installed, to see whether this can resolve the issues. The overlooked usability aspects of OSS Free mean that I'd have to have a lot of patience recreating the application rules, though... or go along with auto-creating them :s Or, give OA another chance .

 

[Deleted member 178]

i won a Giveaway license for Zemana so i use it, if i had one for Spyshelter i will surely test it

I never used Outpost FW, i am more an adept of Comodo D+ or Online Armor HIPS and i dont have encountered any issues with them yet.

im not sure if i understood you, but did you test ZAL against CLT? if yes, CLT is a pure HIPS test, not designed for BB or other realtime protection.

 

[NathanF1]

im not sure if i understood you, but did you test ZAL against CLT? if yes, CLT is a pure HIPS test, not designed for BB or other realtime protection.

Hi, no, I didn't test ZAL in isolation. I didn't make myself clear - I started getting these fails once I installed ZAL, evidently it affected Outpost HIPS, which was passing the tests at that point. That's why I mentioned that I need to uninstall Outpost and install it again [with ZAL already installed] to check how this will affect the tests. Or just get Online Armor again, which I've been using on that PC, until I started experiencing very long delays on startup and I decided to use something else.

If activated, ZAL's "System Defense" would actually prompt me at the following tests: "RootkitInstallation: LoadAndCallImage", "Invasion: PhysicalMemory", "Injection: SetWindowsHookEx", "Injection: SetThreadContext", "Injection: Services", "Injection: ProcessInject" and "Injection: DupHandles".

I've participated in a few SpyShelter Premium giveaways, because I wanted to get x64 protection, but never won one, so I too am on the ZAL bandwagon [their giveaways are so plentiful you can almost consider it a freeware].

 

[Deleted member 178]

Ok understand, thanks for the clarification and comfort me not to use Outpost ^^

 

[NathanF1]

Ok understand, thanks for the clarification and comfort me not to use Outpost ^^

I still think OSS Free has great Firewall/HIPS, sadly they decided to drop the Free Firewall and gave us only the just about adequate AV protection of the VirusBuster engine in their Suite [along with a few usability issues that warrant a separate topic].
I would still recommend it, although OA would definitely be my first choice, shame I was experiencing the issues that caused me to look elsewhere.

Back to ZAL, when I first got it I decided to check it with the SpyShelter and other KL/SL tests as well, and it passed these with ease. It's fast, it's compatible, it's got strong protection, what's not to like? Now if only they release a 64-bit version

 

[Deleted member 178]

I did 2 simple test on ZAL:

1st one : run the Zemana "keyboard.exe" test = ZAL failed o_0 , it is supposed to catch it !!!
2nd one: Run Unikey.exe (a vietnamese software made to permit the use of vietnamese language special characters with western keyboard, it act and must act as a keylogger) = ZAL Failed

let see with the x64 support version, but now it's seems to be weak on this architecture.

 

[Ink]

How did you perform these 2 simple tests?

 

[NathanF1]

Yes, it fails its own sim tests on x64. I think the only component working on 64-bit is the Anti-SSL Logger Module. Anti-SSL simulation test can be found here. It seems that SpyShelter is ahead in the game as far as x64 is concerned, I haven't tested it myself, though.

 

[Deleted member 178]

Spyshelter have an HIPS component that may create conflicts with others HIPS applications...maybe unless deactivated.

---

How did you perform these 2 simple tests?

on my real system, with all setting at "paranoid" (means ask for all) and just run them like any users will do.

 

[NathanF1]

I thought "System Defense" module in ZAL was HIPS of sorts?

Attack methods it is supposed to protects against - link
Zemana themselves refer to it as HIPS - this link mentions about improvements made to HIPS in Expert Mode for v 1.9.2.172

Because I'm using other, full-fledged HIPS [either Online Armor or Outpost, which both have anti-keylogger functionality, and in the case of Outpost 7.5.x anti-clipboard and anti-screen logging as well], I usually check the impact on these HIPS functionality, and if need be, turn "System Defense" OFF on x32 systems, and don't bother with it on x64.

 

[Hungry Man]

Fairly useless on 64bit from what I can tell... I tried their leaktest myself and it failed...

Nice review.

 

[Deleted member 178]

edit: the latest version (1.9.2.731) now seems to works on x64 system and it detects its own simulation test.

 

[Viking]

When I log in to this forum and view View New Posts, I keep on getting an SSL attack pop up from Zemana.....Strange!

 

[nldmyanmar]

Thanks for the review one of my preferred products ,like Avast
PS
loved the cons comment !
Not free (but you may find many giveaways)
So true

 

[Deleted member 178]

loved the cons comment !
Not free (but you may find many giveaways)
So true

thanks, yes so much giveaways, if i wanted i could have a license for all my neighbors

 

[Overkill]

Can this be ran with cis and eam or no?

 

[Vextor]

Can this be ran with cis and eam or no?

Sure, it is just a behaviour component. The only problem could be Mamutu (EAM) and Defense+(CIS). Those are also behaviour components and too-many may adversely affect the system.