ZoneAlarm Anti-ransomware (windows)

simmerskool

Level 35
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,436
I ran into curious SNAFU with ZA anti-ransomware on my win10_vm. I was interested in ZAAR for mac after @Trident started a thread

I decided against installing ZAAR on my mac_mini (for today) then realized I had a VM perfect for ZAAR, or so I thought. win10_vm running MS Defender and ZA firewall (free). I assumed ZAAR would be a perfect addition, but it literally would NOT install or even run. Could not figure what was blocking its installation. I got a system popup saying "windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." I logged in as admin, moved (copied) zaarsetup.exe to admin desktop, checked the file permission = full access, etc... I even disabled MS Defender with same result. I do not recall that ever happening in most recent past several decades! It just occurred to me that perhaps ZA firewall was blocking ZAAR, but don't have a clear idea why that would be, but it's the only thing I did not try, ie, disabling or uninstalling ZA firewall. Seems unlikely that it was somehow blocked by VMware. The setup file has a good hash per Virustotal.
Clueless, ideas welcome.
 

Bot

AI-powered Bot
Apr 21, 2016
4,179
It sounds like a tricky situation. It's possible that the ZA firewall could be blocking ZAAR, even though they're from the same company. You could try temporarily disabling the firewall to see if that helps. If not, there might be an issue with the VM or the specific ZAAR setup file. It's also worth checking if there are any specific system requirements for ZAAR that your VM might not meet.
 
  • Like
Reactions: simmerskool

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,355
You can’t have more than one ZoneAlarm product installed, contact me and I will provide you with a ZA license that you can use for extreme security.

Uninstall any current ZoneAlarm products using Revo, make sure all leftovers are removed.

Then, install Extreme Security.
 

simmerskool

Level 35
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,436
You can’t have more than one ZoneAlarm product installed, contact me and I will provide you with a ZA license that you can use for extreme security.

Uninstall any current ZoneAlarm products using Revo, make sure all leftovers are removed.

Then, install Extreme Security.
@Trident well how about that! never occurred to me last night in my frenzied frustration. I used to have a VM with a ZA next-gen version (may be a trial version?) but let it go as it seemed sorta duplicative of Harmony (my fav). Appreciate the offer but unlikely I'd use it. I'm happy with the VM with MS Defender & ZA free firewall (without ZA_AR). Mostly I'm running VM Harmony (today), but also like VM Norton & VM G Data.
 

simmerskool

Level 35
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,436
@Trident so I decided to uninstall ZA firewall (free) and install the ZA Anti-Ransomware (paid) to along with along with MS Defender & win_firewall on VM. So far very nice! It tells you it is running Harmony (enterprise) Web Protection on browser(s), and I see it checking downloads. So far (couple hours) I am liking ZA-AR more than ZA firewall free based on how I use the computer 98% of the time.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,355
@Trident so I decided to uninstall ZA firewall (free) and install the ZA Anti-Ransomware (paid) to along with along with MS Defender & win_firewall on VM. So far very nice! It tells you it is running Harmony (enterprise) Web Protection on browser(s), and I see it checking downloads. So far (couple hours) I am liking ZA-AR more than ZA firewall free based on how I use the computer 98% of the time.
New patent granted on the 16th of April allows Check Point to detect ransowmare data modifications in memory and halt encryption, as well as better restore after ransomware.
The present disclosure provides a system and method for detecting and mitigating a storage attack at the block level by monitoring specific memory blocks to detect data storage attacks and restoring other memory blocks modified by the detected storage attack.

Not sure if ZAAR has been updated but Harmony definitely has been, it was on the release notes.
 

simmerskool

Level 35
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,436
New patent obtained on the 16th of April allows Check Point to backup data modifications in memory and halt encryption, as well as better restore after ransomware.

Not sure if ZAAR has been updated but Harmony definitely has been, it was on the release notes.
I think my Harmony VM is an update or 2 behind, need to remind Lithify to push (I know I should do it myself... :sleep:
 

Digmor Crusher

Level 24
Verified
Top Poster
Well-known
Jan 27, 2018
1,382
@Trident so I decided to uninstall ZA firewall (free) and install the ZA Anti-Ransomware (paid) to along with along with MS Defender & win_firewall on VM. So far very nice! It tells you it is running Harmony (enterprise) Web Protection on browser(s), and I see it checking downloads. So far (couple hours) I am liking ZA-AR more than ZA firewall free based on how I use the computer 98% of the time.
I may have to give this a whirl.
 

TuxTalk

Level 12
Verified
Top Poster
Well-known
Nov 9, 2022
557
ZA AR is basically same as ZoneAlarm Extreme Security NextGen
I use the Nextgen and really loving the Anti Ransomware module.

1720765460503.png
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,355
The restoring of encrypted files was quite buggy in the past. Did that change?
It wasn’t really buggy, it was more misunderstood. Only certain files of certain size are backed up, till a total size of the repository is reached. In Harmony Endpoint, all these variables are configurable. But ZAAR offer access to emulation, CDR, online and offline reputation, as well as online and offline behavioural analysis. Their latest patents allow them to detect encryption very early and halt it, so it is more preventive.
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,581
It wasn’t really buggy, it was more misunderstood. Only certain files of certain size are backed up, till a total size of the repository is reached. In Harmony Endpoint, all these variables are configurable. But ZAAR offer access to emulation, CDR, online and offline reputation, as well as online and offline behavioural analysis. Their latest patents allow them to detect encryption very early and halt it, so it is more preventive.
I just remember some tests where it crashed while reverting or it simply didn't finish the job.
 

simmerskool

Level 35
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,436
fyi & fwiw: I got an email that was suspicious on its face and had a URL link to confirm whatever, so I copied the link and sent it VT and around 15 vendors said it was spam / phishing. so then curious to see how ZAAR would handle it, and I opened the link with firefox running in a hardened sandbox-plus sandbox, and that link opened ok, so surprised it was was not blocked by ZAAR, although ZAAR said it was protecting that specific sandboxed firefox. Or no perfect security solutions...
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,355
fyi & fwiw: I got an email that was suspicious on its face and had a URL link to confirm whatever, so I copied the link and sent it VT and around 15 vendors said it was spam / phishing. so then curious to see how ZAAR would handle it, and I opened the link with firefox running in a hardened sandbox-plus sandbox, and that link opened ok, so surprised it was was not blocked by ZAAR, although ZAAR said it was protecting that specific sandboxed firefox. Or no perfect security solutions...
Zero Phishing is not included in ZAAR (not even blacklist anti-phishing). If there was Zero Phishing, you’d have to click on a field to initiate the analysis and at that time it would have been blocked.

Only Pro Antivirus + Firewall includes Anti-Phishing (without emulation and no anti-ransomware either) and Extreme Security includes everything. And of course, Harmony Endpoint which is on another VM of yours has it all.

ZAAR also doesn’t include Anti-Bot.
 
Last edited:

simmerskool

Level 35
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,436
Zero Phishing is not included in ZAAR (not even blacklist anti-phishing). If there was Zero Phishing, you’d have to click on a field to initiate the analysis and at that time it would have been blocked.

Only Pro Antivirus + Firewall includes Anti-Phishing (without emulation and no anti-ransomware either) and Extreme Security includes everything. And of course, Harmony Endpoint which is on another VM of yours has it all.

ZAAR also doesn’t include Anti-Bot.
Let me say this about that... certain aspects of ZAAR installation were not that clearly represented, although I think Checkpoint is excellent, some of their verbiage is fuzzy IMO at least during the trial and purchase process. I have no regrets about installing ZAAR, overall I like it. I bought it.
BUT the main screen for ZAAR does say "Web Secure | Anti-Phishing... You are protected" (green checkmark) I guess anti-phishing is not zero phishing :whistle:
Harmony is my daily driver :D
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top