ZoneAlarm Extreme Security NextGen - Free License
- Thread starter BigWrench
- Start date
Disclaimer: We cannot guarantee that all promo codes will remain active. Some offers have a short validation period and expire.
Hi,
This "Zone Alarm Next Gen" (ZANG) thread confuses me.
Firstly, in this thread the giveaway link offers "ZoneAlarm Extreme Security NextGen" (ZAESNG), but the link installs "Zone Alarm Next Gen" (ZANG).
I read that ZANG is the giveaway version of ZAESNG, but it'll be nice to see Zone Alarm official webpage confirming that info.
Another reason for my confusion, is that I couldn't find known third-party tests, showing Zone Alarm capabilities. I won't say this is a huge problem, but I do like third-party tests because I can compare them with web articles and forum participant opinions (MalwareTips etc). I like the comparison between different sources.
With regards to web articles, I found several articles making good reviews about ZAESNG... "good" but not "excellent" reviews. And none of them recommends ZAESNG as the best security software, or as the first security software option.
And with regards to forum participant opinions, I found mixed arguments:
@cruelsister is not recommending ZA Free (which she considers sub-optimal in the extreme). But it's not clear if she is talking about ZA free antivirus, or if she is talking about ZANG' s giveaway (offered in this thread).
In the other hand, we have @Trident . His opinions are important to me, because I know he is a very objective (not emotional) + Very well informed forum participant... and he gained my respect.
@Trident seems to like ZAESNG, but for me is not 100% percent clear if he is talking about ZANG, or about ZAESNG, or about Check Point Harmony EndPoint etc. Again, it's not his fault, it's my fault!, I don't have enough info allowing me to understand the difference between ZA' products.
Still taking about @Trident, he has a video testing ZAESNG, but further comments are bothering me (quoting): "On Real World scenario, ZA blocks everything, but on the malware pack, the system is heavily infected and encrypted". "This product does extremely well when malware is downloaded from the internet and is almost impenetrable. Protection is more than stellar". "It is not so good when malware packs containing scripts are introduced".
@Trident also mentioned that ZAESNG' engine is based on Kaspersky's cloud .
And @blueblackwow65 correctly asked: "Why not just use Kaspersky?". It's a fair question!
Finally, @Trident mentioned some performance issues (RAM etc), but in recent comments he said: "The system feels fast, performance is not compromised".
By the way, web articles also complained about ZAESNG' performance.
@Shadowra also made a video test with lot of useful comments, but it was in past September 2022.
He offered a new updated video test.
In short, I'm a bit confused about ZANG, or ZAESNG or Check Point Harmony EndPoint.
My confusion does not even allow me to decide if it is worth doing a test with this software.
Please, I would appreciate if someone, clearly and orderly, could organize a bit the information in this thread. For example:
1. This thread is exactly about which ZA product?
2. What is the level of protection of the offered ZA product?
3. How is its hardware performance (RAM, CPU, SSD readings/writings etc)?
Thanks a lot!
This "Zone Alarm Next Gen" (ZANG) thread confuses me.
Firstly, in this thread the giveaway link offers "ZoneAlarm Extreme Security NextGen" (ZAESNG), but the link installs "Zone Alarm Next Gen" (ZANG).
I read that ZANG is the giveaway version of ZAESNG, but it'll be nice to see Zone Alarm official webpage confirming that info.
Another reason for my confusion, is that I couldn't find known third-party tests, showing Zone Alarm capabilities. I won't say this is a huge problem, but I do like third-party tests because I can compare them with web articles and forum participant opinions (MalwareTips etc). I like the comparison between different sources.
With regards to web articles, I found several articles making good reviews about ZAESNG... "good" but not "excellent" reviews. And none of them recommends ZAESNG as the best security software, or as the first security software option.
And with regards to forum participant opinions, I found mixed arguments:
@cruelsister is not recommending ZA Free (which she considers sub-optimal in the extreme). But it's not clear if she is talking about ZA free antivirus, or if she is talking about ZANG' s giveaway (offered in this thread).
In the other hand, we have @Trident . His opinions are important to me, because I know he is a very objective (not emotional) + Very well informed forum participant... and he gained my respect.
@Trident seems to like ZAESNG, but for me is not 100% percent clear if he is talking about ZANG, or about ZAESNG, or about Check Point Harmony EndPoint etc. Again, it's not his fault, it's my fault!, I don't have enough info allowing me to understand the difference between ZA' products.
Still taking about @Trident, he has a video testing ZAESNG, but further comments are bothering me (quoting): "On Real World scenario, ZA blocks everything, but on the malware pack, the system is heavily infected and encrypted". "This product does extremely well when malware is downloaded from the internet and is almost impenetrable. Protection is more than stellar". "It is not so good when malware packs containing scripts are introduced".
@Trident also mentioned that ZAESNG' engine is based on Kaspersky's cloud .
And @blueblackwow65 correctly asked: "Why not just use Kaspersky?". It's a fair question!
Finally, @Trident mentioned some performance issues (RAM etc), but in recent comments he said: "The system feels fast, performance is not compromised".
By the way, web articles also complained about ZAESNG' performance.
@Shadowra also made a video test with lot of useful comments, but it was in past September 2022.
He offered a new updated video test.
In short, I'm a bit confused about ZANG, or ZAESNG or Check Point Harmony EndPoint.
My confusion does not even allow me to decide if it is worth doing a test with this software.
Please, I would appreciate if someone, clearly and orderly, could organize a bit the information in this thread. For example:
1. This thread is exactly about which ZA product?
2. What is the level of protection of the offered ZA product?
3. How is its hardware performance (RAM, CPU, SSD readings/writings etc)?
Thanks a lot!
Last edited:
- Sep 9, 2017
- 55
I have the same questions as you and I hope that Trident - which, if I have understood correctly, is now using this product - will, as usual, be able to clarify the ambiguities you have identified.
For your information I bought Zone Alarm extreme Security Next Gen 3 days ago the first problem encountered is the fairly frequent disconnection of the firewall in conflict it would seem with Windows Defender which makes that the two firewalls are sometimes disabled together. I have encountered this bug several times. I did not constate strong use of memory. The other features work, but I haven't seen their operational effectiveness yet.
- Feb 7, 2023
- 1,736
Hello @Decopi and @Bushman , this thread got a bit long now so let’s summarise everything again.
The product I am talking about is ZoneAlarm Extreme Security Next Gen. Anyone looking to try the product can download Extreme Security Next Gen and activate it with the following extended trial license, valid until August next year:
Regarding Kaspersky, CheckPoint removed the Kaspersky engine because their customers include governments and other institutions and in the current political landscape, for compliance reasons, they had to switch to Sophos engine.
This was discussed here:
community.checkpoint.com
What they use currently is this, and is intact with their official terminology:
Anti-Malware: Standard antivirus aimed at known and unknown (but mainly known) malware. Based on Sophos SAVI.
File Reputation: performs cloud lookups based on ssdeep hashes. Uses feeds from Kaspersky and Cisco Talos amongst others, as well as proprietary feeds. This is a safer way to deploy Kaspersky as Kaspersky just provides feeds without having any access to customer information.
Static Analysis: this is Check Point/ZoneAlarm proprietary Next-Gen antivirus that blocks malware based on attributes and not signatures. This is where the NextGen in the name comes from.
Behavioural Guard: uses Check Point forensics engine which constantly records all actions from all processes (Zero Trust philosophy). Later on, yara rules, signatures and AI are used to classify malicious behaviour, reverse it and generate a detailed forensic report.
Anti-Bot: was added about 15 days after my complaints (added to ZA, it was always there in Harmony Endpoint) and conversation with a manager. Anti-bot blocks communications to known CnC servers by inspecting URL reputation and further classifies malware based on behaviour that looks like related to bots.
Anti-Ransomware: Detects and blocks ransomware based on behaviour as well as trap files. Works online as well as offline and reverses encryption.
Zero-Phishing: once you click on a website field, Zero-Phishing will start analysing various parameters like URL, reputation, logos, favicons, typos and others to determine if it’s fraudulent. This is very effective, I’ve tested it many times.
And finally the king in their world:
Threat Emulation and Threat Extraction: executable files and scripts are sent for cloud emulation which is very actively developed, see release notes.
Documents are sent for emulation and simultaneously, a cleaned up version is given until emulation finishes (all executable content is removed). If emulation concludes that a document is safe, original version with executable content becomes available to download.
Threat emulation uses a variety of engines, including Bitdefender engine.
Now what I like and dislike:
Product is light but not as light as some others, such as Norton. Because forensic engine is based on 0-trust, it is more active in recording than let's say Norton Behavioural and Heuristics Security engine which excludes many processes from monitoring. There is a small 0.3% activity frequently and if you launch a second-opinion scanner (example), this will go to 15% as the product records every file accessed. This information is needed in case of attack to determine what wad accessed/read by attackers.
Memory usage is very high, at about 500 MB average. After my complaints, a low-memory mode was released in Check Point and it will appear after some time in ZoneAlarm as well, but security will be lower and turning it on is not recommended.
Check Point Harmony offers very detailed configuration, but ZA doesn't. Check Point allows file size for emulation to be increased to 50 MB, you can right click to emulate a file, you can remove low and medium confidence detections from Static Analysis, deploy experimental signatures and configure incidents to always be investigated.
In ZA the maximum emulation size is 15MB, you can't right click to emulate, only high confidence detections from Static Analysis will be displayed and treated and certain incidents won't trigger forensic investigation.
The product is also exhibiting minor bugs here and there (all have been reported now). Threat emulation is extremely effective on 0-days including scripts (but you will have to download the file or save it from email, introducing scripts from packs and archives decreases the effectiveness). Protection against executable files is always very high even from a malware in archives/packs.
I hope the information above clears the confusion. Let me know if you have other questions.
The product I am talking about is ZoneAlarm Extreme Security Next Gen. Anyone looking to try the product can download Extreme Security Next Gen and activate it with the following extended trial license, valid until August next year:
Regarding Kaspersky, CheckPoint removed the Kaspersky engine because their customers include governments and other institutions and in the current political landscape, for compliance reasons, they had to switch to Sophos engine.
This was discussed here:
Harmony Endpoint - Kaspersky-free client version available!
In these Times Of Cyber Uncertainty many security agency and .gov's recommend to avoid using Kaspersky products. Examples: USA CISA Directive 17-01-Removal of Kaspersky products (September 13, 2017) FCC supply chain exclusion (March 25, 2022) Germany BSI warns of using Kaspersky products...
community.checkpoint.com
What they use currently is this, and is intact with their official terminology:
Anti-Malware: Standard antivirus aimed at known and unknown (but mainly known) malware. Based on Sophos SAVI.
File Reputation: performs cloud lookups based on ssdeep hashes. Uses feeds from Kaspersky and Cisco Talos amongst others, as well as proprietary feeds. This is a safer way to deploy Kaspersky as Kaspersky just provides feeds without having any access to customer information.
Static Analysis: this is Check Point/ZoneAlarm proprietary Next-Gen antivirus that blocks malware based on attributes and not signatures. This is where the NextGen in the name comes from.
Behavioural Guard: uses Check Point forensics engine which constantly records all actions from all processes (Zero Trust philosophy). Later on, yara rules, signatures and AI are used to classify malicious behaviour, reverse it and generate a detailed forensic report.
Anti-Bot: was added about 15 days after my complaints (added to ZA, it was always there in Harmony Endpoint) and conversation with a manager. Anti-bot blocks communications to known CnC servers by inspecting URL reputation and further classifies malware based on behaviour that looks like related to bots.
Anti-Ransomware: Detects and blocks ransomware based on behaviour as well as trap files. Works online as well as offline and reverses encryption.
Zero-Phishing: once you click on a website field, Zero-Phishing will start analysing various parameters like URL, reputation, logos, favicons, typos and others to determine if it’s fraudulent. This is very effective, I’ve tested it many times.
And finally the king in their world:
Threat Emulation and Threat Extraction: executable files and scripts are sent for cloud emulation which is very actively developed, see release notes.
Documents are sent for emulation and simultaneously, a cleaned up version is given until emulation finishes (all executable content is removed). If emulation concludes that a document is safe, original version with executable content becomes available to download.
Threat emulation uses a variety of engines, including Bitdefender engine.
Now what I like and dislike:
Product is light but not as light as some others, such as Norton. Because forensic engine is based on 0-trust, it is more active in recording than let's say Norton Behavioural and Heuristics Security engine which excludes many processes from monitoring. There is a small 0.3% activity frequently and if you launch a second-opinion scanner (example), this will go to 15% as the product records every file accessed. This information is needed in case of attack to determine what wad accessed/read by attackers.
Memory usage is very high, at about 500 MB average. After my complaints, a low-memory mode was released in Check Point and it will appear after some time in ZoneAlarm as well, but security will be lower and turning it on is not recommended.
Check Point Harmony offers very detailed configuration, but ZA doesn't. Check Point allows file size for emulation to be increased to 50 MB, you can right click to emulate a file, you can remove low and medium confidence detections from Static Analysis, deploy experimental signatures and configure incidents to always be investigated.
In ZA the maximum emulation size is 15MB, you can't right click to emulate, only high confidence detections from Static Analysis will be displayed and treated and certain incidents won't trigger forensic investigation.
The product is also exhibiting minor bugs here and there (all have been reported now). Threat emulation is extremely effective on 0-days including scripts (but you will have to download the file or save it from email, introducing scripts from packs and archives decreases the effectiveness). Protection against executable files is always very high even from a malware in archives/packs.
I hope the information above clears the confusion. Let me know if you have other questions.
Last edited:
- Sep 9, 2017
- 55
Trident have you noticed like me a deactivation from time to time of the Zone Alarm firewall while windoms Defender is what is normal also disabled?Hello @Decopi and @Bushman , this thread got a bit long now so let’s summarise everything again.
The product I am talking about is ZoneAlarm Extreme Security Next Gen. Anyone looking to try the product can download Extreme Security Next Gen and activate it with the following extended trial license, valid until August next year:
Regarding Kaspersky, CheckPoint removed the Kaspersky engine because their customers include governments and other institutions and in the current political landscape, for compliance reasons, they had to switch to Sophos engine.
This was discussed here:
Harmony Endpoint - Kaspersky-free client version available!
In these Times Of Cyber Uncertainty many security agency and .gov's recommend to avoid using Kaspersky products. Examples: USA CISA Directive 17-01-Removal of Kaspersky products (September 13, 2017) FCC supply chain exclusion (March 25, 2022) Germany BSI warns of using Kaspersky products...
What they use currently is this, and is intact with their official terminology:
Anti-Malware: Standard antivirus aimed and known and unknown (but mainly known) malware. Based on Sophos SAVI.
File Reputation: performs cloud lookups based on ssdeep hashes. Uses feeds from Kaspersky and Cisco Talos amongst others, as well as proprietary feeds. This is a safer way to deploy Kaspersky as Kaspersky just provides feeds without having any access to customer information.
Static Analysis: this is Check Point/ZoneAlarm proprietary Next-Gen antivirus that blocks malware based on attributes and not signatures. This is where the NextGen in the name comes from.
Behavioural Guard: uses Check Point forensics engine which constantly records all actions from all processes (Zero Trust philosophy). Later on, yara rules, signatures and AI are used to classify malicious behaviour, reverse it and generate a detailed forensic report.
Anti-Bot: was added about 15 days after my complaints (added to ZA, it was always there in Harmony Endpoint) and conversation with a manager. Anti-bot blocks communications to known CnC servers by inspecting URL reputation and further classifies malware based on behaviour that looks like related to bots.
Anti-Ransomware: Detects and blocks ransomware based on behaviour as well as trap files. Works online as well as offline and reverses encryption.
Zero-Phishing: once you click on a website field, Zero-Phishing will start analysing various parameters like URL, reputation, logos, favicons, typos and others to determine if it’s fraudulent. This is very effective, I’ve tested it many times.
And finally the king in their world:
Threat Emulation and Threat Extraction: executable files and scripts are sent for cloud emulation which is very actively developed, see release notes.
Documents are sent for emulation and simultaneously, a cleaned up version is given until emulation finishes (all executable content is removed). If emulation concludes that a document is safe, original version with executable content becomes available to download.
Threat emulation uses a variety of engines, including Bitdefender engine.
Now what I like and dislike:
Product is light but not as light as some others, such as Norton. Because forensic engine is based on 0-trust, it is more active in recording than let's say Norton Behavioural and Heuristics Security engine which excludes many processes from monitoring. There is a small 0.3% activity frequently and if you launch a second-opinion scanner (example), this will go to 15% as the product records every file accessed. This information is needed in case of attack to determine what wad accessed/read by attackers.
Memory usage is very high, at about 500 MB average. After my complaints, a low-memory mode was released in Check Point and it will appear after some time in ZoneAlarm as well, but security will be lower and turning it on is not recommended.
Check Point Harmony offers very detailed configuration, but ZA doesn't. Check Point allows file size for emulation to be increased to 50 MB, you can right click to emulate a file, you can remove low and medium confidence detections from Static Analysis, deploy experimental signatures and configure incidents to always be investigated.
In ZA the maximum emulation size is 15MB, you can't right click to emulate, only high confidence detections from Static Analysis will be displayed and treated and certain incidents won't trigger forensic investigation.
The product is also exhibiting minor bugs here and there (all have been reported now). Threat emulation is extremely effective on 0-days including scripts (but you will have to download the file or save it from email, introducing scripts from packs and archives decreases the effectiveness). Protection against executable files is always very high even from a malware in archives/packs.
I hope the information above clears the confusion. Let me know if you have other questions.
- Feb 7, 2023
- 1,736
Yes, it is a bug with the Windows Security Centre integration, reported as well.
- Sep 9, 2017
- 55
Thank you very much for all your information always very clear and your great computer knowledge that teaches us a lot
Great answer, as usual.
Very useful for me. Thank you.
Between the lines, you seem (me) very enthusiastic about this ZA product.
I am more curious about your enthusiasm, than about the ZA product itself.
You definitely motivated me to try this ZA product.
In advance, I am aware that the hardware performance might not be what I demand.
But I am going to do a test, I will test this software.
I'm still not sure about the differences between ZA products mentioned in this thread.
But I'm going to download the official version, and I'll use the extended trial license you kindly shared with us... thank you!
Once again, thanks for your comprehensive answers, your help, and for sharing your amazing knowledge!
- Feb 7, 2023
- 1,736
I am enthusiastic because I was never really interested in ZoneAlarm (I tested it only once, very briefly circa 2011-2012). Check Point actually turned out to be very professional company, just look around their website or their research. They seem like a jewel I’ve ignored. So now I am testing ZoneAlarm because at work I intend to replace Deep Instinct as well as few other solutions used here and there with Check Point products.
So, download Extreme Security NextGen from the official website if you are looking to try it, and enter the license. The one that gets downloaded from the link here I haven’t tried and I got no idea what it is. I’ve only used Extreme Security NextGen.
Btw thanks @Decopi and @Bushman for your kind words.
You deserve all our compliments.
You're making a great job at MalwareTips, not only by helping and answering tons of questions, but also by sharing your great videos, experiences, info and knowledge.
You became one of the forum participants that worth reading every single post you write.
Thank you again!
By the way, abusing from your patience, I would like your opinion, I found the beta link (Download ZoneAlarm Software), and even if it has bugs, I tend to do my tests with this beta version. Any different recommendation from your side?
- Feb 7, 2023
- 1,736
When you install it, show me the “about” info so I can see the version of engines and everything.
Activation Code: 845DGV
Version number: 4.0.147.0
Version status: Up to date
Device name: Decopi
Device ID:
Anti-Ransomware: 4.000.0115.000
Antivirus version: 3.84
Signature version: 000000000000
Update date: 6/5/2023 1:59:36 PM
Engine version: 86.67.19
Firewall version: 8.60.6.7141
Anti-Bot version: 8.68.68.4
- Feb 7, 2023
- 1,736
Antivirus is newer, mine is 3.5. Also, the product version is slightly higher. I am interested now. I will try it out as well. Signatures have still not been deployed. Once they are deployed, the version number will change to something like 202305061222335. All other versions are the same. There will not be any issue using this version. Are there any features displayed in the main UI with a “Buy Now” tag?
thank you Trident i too have found your input very helpful answering questions videos etc thank you. 
Changed automatically:
Antivirus version: 3.85
Signature version: 202306041950
Nothing about "Buy now" or similar. But is too soon, I installed it less than 1 hour ago.
Also, it's saying that "status is valid", but it's not saying until which day... 30 days trial?... 365 days trial with the activation code? I don't know. We'll see.
In general and at first glance, it feels very nice for my taste.
Hardware performance eats RAM, but I don't see CPU impact or SSD writings/readings impact. I have plenty of RAM, so I don't feel ZAESNG hardware impact.
However, the first "full scan" is slow.
Last edited:
- Feb 7, 2023
- 1,736
If none of the 4 categories in the main UI are with “buy now” then it is the full version. Even on my purchased license, it doesn’t display the validity, it displays it only in the account. I also have 16GB and the RAM consumption is not a problem to me.
- Apr 16, 2017
- 2,094
Version number: 4.0.148.0
Version status: Up to date
Device name: ---------------------------
Device ID: --------------------------------
Anti-Ransomware: 4.000.0115.000
Antivirus version: 3.85
Signature version: 202306041950
Update date: 6/5/2023 1:57:16 PM
Engine version: 86.67.19
Firewall version: 8.60.6.7141
Anti-Bot version: 8.68.68.4
so far so good. Using Edge, ZA is popup chatty saying site checked and ok (paraphrase) but not annoying, it apears related to inputing user name & pw. I did a first scan manually, and not too long but maybe not many files on this win10_VM. Task manager shows 5 checkpoint processes running and 5 za processes running. Total system memory used 4.7gb / 16gb, 29%. I could try adding up just za process, or is there one in particular to focus on: Checkpoint harmony agent Threat Emulation= 356mb, Forensic recorder= 192mb, za process are minimal. Eager to see tests from @Shadowra and @Trident. Initial impression good.
- Feb 7, 2023
- 1,736
This is the Zero-Phishing scan. This notification can be switched off from Windows settings but it only happens the first time a site is opened. If a site is fraudulent, a notification appears in new tab and all fields are blocked (the site is rendered read-only similarly to the FireGlass Web Isolation that Symantec had years ago).
If I perform real-world test, it won’t miss anything (I do it every day). Maybe I will record one soon.
- Sep 9, 2017
- 55
- Feb 7, 2023
- 1,736
It is, yes. My memory was wrong. I’m on the phone all day
Similar threads
