App Review ZoneAlarm Extreme Security Next Gen 2024 - With Malware Tests

[TuxTalk]

ZoneAlarm emulation detects stuff like phishing pdf documents, simple PowerShell keyloggers and many others. Stuff that nobody else would detect. At the same time, anti-phishing with real time analysis blocks more pages than big brands like Norton ever will.

Components like Anti-Bot and Behavioural Guard block advanced attacks, the behavioural blocking is based around Mitre tactics and techniques and not just around profiles, like SONAR or ATD (Bitdefender). The level of cleanup after a threat is amazing too, if you have a look at the forensic reports.

All in all, awesome product and all the advanced technology is dressed in a very simple UI with no muss and fuss, unlike Eset for example, with 1000 settings and potential configurations, tweaks and then upon failure, they will turn around and say you don’t understand the software.

 

[Bot]

Sure, I'd be happy to help! Could you please specify your question or the issue you're facing?

 

[TuxTalk]

Latest QuasarRAT dll file

Low Detection on VT

Blocked by ZoneAlarm by FileReputation !

Another awesome Job by ZA.

 

[TuxTalk]

Another test : StrelaStealer ( bat file )

Low Detection VirusTotal

Detected by Malicious Behaviour

 

[Moonhorse]

Does zonealarm still use kaspersky engine? and it seems license of 2 years costs like 50eur wich is reasonable, but its 60% off , are you able to grab this ''cheap'' license after the 2 year license expires or how often ZonAlarm is on sale usually?

Not buying it anytime soon, but interested of the future of zonealarm indeed, sadly the free version is poor and should not even exist

 

[TuxTalk]

Does zonealarm still use kaspersky engine? and it seems license of 2 years costs like 50eur wich is reasonable, but its 60% off , are you able to grab this ''cheap'' license after the 2 year license expires or how often ZonAlarm is on sale usually?

Not buying it anytime soon, but interested of the future of zonealarm indeed, sadly the free version is poor and should not even exist

Bought one year for now made a deal as soon as it expires they give me a good renewal deal. To be honest @Moonhorse Trend can not compete against ZoneAlarm.
According to @Trident its most on the time " on Sale "

 

[BSONE]

I gave Trend Micro Total Security a try last week without incident. Time to change again. I might give the man with the Spear an opportunity to advise before the final in Berlin

 

[gery79]

Does zonealarm still use kaspersky engine? and it seems license of 2 years costs like 50eur wich is reasonable, but its 60% off , are you able to grab this ''cheap'' license after the 2 year license expires or how often ZonAlarm is on sale usually?

Not buying it anytime soon, but interested of the future of zonealarm indeed, sadly the free version is poor and should not even exist

my question too

 

[Trident]

my question too

No, ZoneAlarm and Check Point use Sophos engine now, which is there just to provide local signatures (something Check Point does not do in software products, just in their Next Gen Firewall). The Sophos engine is very unimportant in the whole mix and runs with dynamic analysis (in-memory emulation) off, according to my communication with the company.

At the heart of Check Point products is proprietary technology, like Threat Cloud, which is a collection of 60+ engines and growing, Endpoint Forensics and Behavioural Guard, Anti-Bot and NGAV (Deep Learning antivirus) that covers executables, modules and office files. The Check Point NGAV also performs dynamic analysis and binary disassembly.

For an even better experience, Harmony Endpoint is available, but ZoneAlarm Extreme Security NextGen is also not bad at all.

 

[Behold Eck]

How "light on resources" is it really ?

I take it then that the free version only has the Sophos sigs and none of the next gen stuff.

Regards Eck

 

[TuxTalk]

How "light on resources" is it really ?

I take it then that the free version only has the Sophos sigs and none of the next gen stuff.

Regards Eck

Correct dont use the free version.

 

[Behold Eck]

Correct dont use the free version.

I won`t.

Regards Eck

 

[Trident]

How "light on resources" is it really ?

I take it then that the free version only has the Sophos sigs and none of the next gen stuff.

Regards Eck

It is not light on memory usage, it is the Bitdefender level in terms of memory. But it is light on everything else. That being said, CPU usage will be a bit higher than Norton let’s say, because trusted processes are not excluded from behavioural monitoring and recording (Trend Micro is another software that doesn’t monitor anything digitally signed). The only thing that is excluded from monitoring is wuaclt.exe (Windows Update Modules Install Worker).

Another thing that needs to be known about anti-ransomware is, it does not allow third-party software to delete volume shadow copies, or mess with settings such as Bitlocker, secure boot and others. Any software that attempts to do that is treated as malware and even the desktop shortcut will be purged.

 

[Behold Eck]

It is not light on memory usage, it is the Bitdefender level in terms of memory. But it is light on everything else. That being said, CPU usage will be a bit higher than Norton let’s say, because trusted processes are not excluded from behavioural monitoring and recording (Trend Micro is another software that doesn’t monitor anything digitally signed). The only thing that is excluded from monitoring is wuaclt.exe (Windows Update Modules Install Worker).

Another thing that needs to be known about anti-ransomware is, it does not allow third-party software to delete volume shadow copies, or mess with settings such as Bitlocker, secure boot and others. Any software that attempts to do that is treated as malware and even the desktop shortcut will be purged.

Thanks for the detailed heads up.

Regards Eck

 

[Trident]

The behavioural blocking and forensics is divided in 5 "branches". Screenshots captured from Harmony Endpoint, but ZoneAlarm is a rebrand, it uses the same EFR engine. It even generates the same report, but it is not easily accessible.
The report is enriched with MalwareDNA and VirusTotal Lookups.

Branch 1: EFR (detects Mitre tactics and techniques, does not wait for a full chain of events to be performed, captured and classified). This type is based entirely on offline machine learning and definitions updated daily.
Example:

Process Injection: Portable Executable Injection, Sub-technique T1055.002 - Enterprise | MITRE ATT&CK®

attack.mitre.org

Branch 2: Policy Enforcement: Does not allow stuff like PowerShell obfuscation, script interpreters connecting to websites like pastebin and others. This is based on local signatures as well.
Example:

Branch 3: Behavioural profiles: Detects threats based on specific behavioural profile. This is based on online machine learning and deep learning (AI).
Example:

Branch 4: Anti-Bot: Detects bots based on traffic signatures saved locally (somewhat similar to an IPS), online repository with bots/botnets command and control servers, and bot-like behaviour. Once a bot is detected, everything related to the incident is deleted and activity is reversed, as much as possible. Also detects attempts for usage of vulnerabilities/exploits, much like IPS.
Example:

Branch 5: Anti-ransomware: Detects ransomware based on honeypots, behavioural profiling, policy enforcement. Includes local and online machine learning models.
Example:

 

[outlawxtorn]

Is there a gaming/fullscreen application mode?

 

[likeastar20]

It doesn't seem possible to delete a quarantined file. There is also no way to manually check for updates.

 

[Trident]

It doesn't seem possible to delete a quarantined file. There is also no way to manually check for updates.

Not allowed normally, quarantine management is coming soon, but as a workaround, one can open C:/Program Files (X86)/Check Point/Endpoint Security/Remediation and use the quarantine manager there, in that folder.

There is nothing to update, the Sophos engine receives push updates (usually 1-2 files, kilobytes in size daily). Behavioural guard is updated once a day and updates are delivered when you turn your PC on. Anti-bot traffic signatures are delivered when needed, usually every 2 weeks. The rest is updated only when there is a program update. This is what the NextGen concept is, usage of technologies that don't need update every 2 hours to work.

 

[TuxTalk]

It doesn't seem possible to delete a quarantined file. There is also no way to manually check for updates.

View attachment 284303

No need to delete , More AV do it like this. Do not worry about updates, like @Trident mentions.

 

[likeastar20]

Not allowed normally, quarantine management is coming soon, but as a workaround, one can open C:/Program Files (X86)/Check Point/Endpoint Security/Remediation and use the quarantine manager there, in that folder.

There is nothing to update, the Sophos engine receives push updates (usually 1-2 files, kilobytes in size daily). Behavioural guard is updated once a day and updates are delivered when you turn your PC on. Anti-bot traffic signatures are delivered when needed, usually every 2 weeks. The rest is updated only when there is a program update. This is what the NextGen concept is, usage of technologies that don't need update every 2 hours to work.

pressing Permanently Delete doesn't actually do anything