- Feb 7, 2023
- 1,759
Threat emulation for the same (one of the files downloaded by the inflated malware):
Last edited:
ZoneAlarm by Check Point Info, Guides, Tests
- Thread starter Trident
- Start date
- Apr 16, 2017
- 2,095
Do you access this report with ZA/ESNG or with Checkpoint Harmony, or both? (or I'm not seeing ZA reports because it has not detected any malware on my VM??)
- Feb 7, 2023
- 1,759
Forensic reports from ZoneAlarm are saved in C:\ProgramData\CheckPoint\DBStore\Events.
Every folder there represents one incident and the folder name carries the incident ID. Open any HTML file inside the folder to get started.
Threat emulation reports are saved in C:\ProgramData\CheckPoint\Endpoint Security\Threat Emulation.
They are archived. Unarchive the content to view the reports.
Harmony Endpoint contains easier way to access these reports and they are organised on a timeline as well as centrally accessed and for all machines. On ZoneAlarm you can open them locally from the folders above.
Download Eicar Test file to generate a report.
- Apr 16, 2017
- 2,095
@Decopi, we seem to mostly agree. I would prefer that ZA block that sneaky 65mb stealer malware without the user having to throw a switch in firewall. That's my only point. Why do I want to install an AV with default reduced protection, and then have to tweak it for max protection? (perhaps there's something I'm missing
) I assume ZA is configuring it features to max protection as default since ZA has nothing to tweak. If it failed with that 65mb malware, ZA should fix that by default without user needing to tweak its firewall. (aside if I want to tweak a firewall, then I run CF@cs).no events here after continuously running ZA for +4.7 days. have not DL'd eicar yet. The few ZA popups generated have been this file is good, or this is not phishing site which are unobtrusive.
Last edited:
There is no perfect security software.
Therefore, you always will need to live in two dimensions: 1) Default settings or 2) Customized settings.
If the minimalist UI doesn't allow customized settings, then you are forced to live with default settings.
And that's my only point.
I think minimalist UIs must leave some room for few customization. I don't mean to ruin the minimalist style. I like minimalism. But IMHO ZA UI needs few options, among them, a basic granular firewall.
Because different users have different profiles.
For average Joe, default settings usually are enough. Hardening settings for average Joe profile will be a nightmare, because average Joes don't know how to deal with hardened settings (it blocks too much stuff for them, and they don't know how to unblock needed stuff).
Now, for users like me, I always need to harden default settings, because I use to be exposed to cyber threats, and I know how to block, unblock, allow, disable stuff.
(perhaps there's something I'm missing
I don't believe "default settings" are configured to maximum protection.
I believe "default settings" are configured to "average use".
There is no security software with "default settings" and "maximum security" at the same time.
Default settings is about default use, and security level is about user profile... two different things.
Last edited:
- Apr 16, 2017
- 2,095
We disagree on a few points above: I suggest there is no need for two dimensions, at the moment ZA/ESNG seem to agree since it does not have settings, ie, one dimension, which is ok for me as long as I'm not getting infected. (no events here, yet)
Average Joe should be using MS Defender. I agree you & me and some others need or like "hardened." I want ZA to be default configured hardened out of the box.
As for how "hard" ZA is default configured, we'll understand that better when we start seeing the tests at MT and labs.
Again my sense is that ZA is both default & maximum at the same time. I could be wrong... but if I can't tweak it, I assume default is max. Can it be improved, sure!
@Trident seems to have a line into ZA to make suggested improvements.
- Feb 7, 2023
- 1,759
Missing malware is normal and doesn’t mean the software is mediocre or badly developed. Specially when we are talking about 1 sample
I haven’t seen anyone not missing malware yet and if I download Trend Micro, it will miss hundreds (even though on other tests here it’s been praised). It takes a lot of time and digging to find a ZoneAlarm compromise (in total I have about 112 incidents blocked) whilst some others are getting compromised 5 minutes after installation so I think that’s worth something.
Of course, a good program control will prevent the damage and unfortunately as @Decopi mentioned is missing. Hence many users are pushing to get it. We have to wait and see.
Last edited:
- Feb 7, 2023
- 1,759
It misses some malware there and some PUPs but I don’t even know where they got this version, this one doesn’t get updates since 2022 and emulation is also blocked. If you try and emulate a file it won’t work. As of March last year, it has been replaced with the NextGen.
ZoneAlarm Free Antivirus + Firewall release history official page
Check out the latest ZoneAlarm Free Antivirus + Firewall updates and verify you have the most updated ZoneAlarm security software installed.
Yeah, that's one of the reason originally I wasn't convinced to share this ruský test.
As I said, this video is totally in Russian, no texts, too long, and difficult to follow for non Russian speakers.
Also, from the beginning is possible to see the tester using a very old version of ZA.
Considering ZAESNG is under development, I think only recent tests (from last 2 moths) are interesting.
- Feb 7, 2023
- 1,759
Yeah that one from Comms TV or whatever the channel is called is a very recent one.
ZoneAlarm passed clean whilst others like Trend Micro and Bitdefender weren’t that fortunate.
Mine was recent as well, but was before the addition of anti-bot and was also a very difficult one, much more difficult then needed to draw valuable conclusion for home users. It was mostly for geeks.
For now we can see protection is OK but not wow and needs more work.
Exactly, you're right.
I'm not saying ZA is perfect. But seems to me lot of users are judging ZA based in old versions.
That's the reason and purpose of this new thread, to test the latest ZA version, confirming or rejecting its new protection capabilities.
There is no need to share ZA info before past March, because the last ZA changed in the past 3 months.
- Feb 7, 2023
- 1,759
Harmony Endpoint depends on the reseller and number of devices but as single license is usually about £60 per year, per device. If you buy in huge bulk (something which I will have to do soon) it will be a lot cheaper. You could get Harmony Total (which includes the Email and Collaboration Suite) and everything for 150 devices for about £30 per device.
Yeah, that’s very accurate. Before the addition of anti-bot I didn’t like it too much and it wasn’t ready to protect a system properly.
The UK government has Harmony Endpoint as well on their digital marketplace and I believe it’s their officially-recommended software as well as what the NHS uses.
Check Point Harmony Endpoint - Digital Marketplace
www.applytosupply.digitalmarketplace.service.gov.uk
They sell it for £18.00. I will Create a Check Point Harmony thread as well soon so we don’t confuse users.
Doesn't seem that much, for example I was quoted $42 for Deepinstinct. What other cheap endpoint products do you know of?The UK government has Harmony Endpoint as well on their digital marketplace and I believe it’s their officially-recommended software as well as what the NHS uses.
Check Point Harmony Endpoint - Digital Marketplace
They sell it for £18.00. I will Create a Check Point Harmony thread as well soon so we don’t confuse users.
- Feb 7, 2023
- 1,759
It all depends on the reseller, they work for percentage. I am not aware of other cheap products tbh, I am not really interested in free and cheap
Check Point is more complete than Deep Instinct. One of the DI founders is an ex-Check Point employee.
- Feb 7, 2023
- 1,759
I am testing version 4 only and that incident with the inflated file was triggered by anti-bot. It means that if it was version 3 it would’ve been a miss. The one on Comms TV has been version 3 as well. @Shadowra today has tested version 4.
- Sep 2, 2021
- 2,330
I actually shot the video.
During the URLs, I bypassed ZoneAlarm's Web Shield, it was handling downloads and it took more than 20 MINUTES to download...
All in all, it did fine. But not everything is perfect. That's all I'll say, as the video will be out in a few days
Similar threads
