Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Giveaways
Giveaways, Promotions and Contests
ZoneAlarm Extreme Security NextGen - Free License
Message
<blockquote data-quote="Trident" data-source="post: 1043146" data-attributes="member: 99014"><p>Hello [USER=67091]@Decopi[/USER] and [USER=65838]@Bushman[/USER] , this thread got a bit long now so let’s summarise everything again.</p><p></p><p>The product I am talking about is ZoneAlarm Extreme Security Next Gen. Anyone looking to try the product can download Extreme Security Next Gen and activate it with the following extended trial license, valid until August next year:</p><p></p><p></p><p>Regarding Kaspersky, CheckPoint removed the Kaspersky engine because their customers include governments and other institutions and in the current political landscape, for compliance reasons, they had to switch to Sophos engine.</p><p>This was discussed here:</p><p>[URL unfurl="true"]https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-Kaspersky-free-client-version-available/td-p/143731#[/URL]</p><p></p><p>What they use currently is this, and is intact with their official terminology:</p><p></p><p>Anti-Malware: Standard antivirus aimed at known and unknown (but mainly known) malware. Based on <a href="https://assets.sophos.com/X24WTUEQ/at/pmcvfp2sfvfsg5qjfjj8624/sophos-antivirus-sdk-ds.pdf" target="_blank">Sophos SAVI</a>.</p><p></p><p>File Reputation: performs cloud lookups based on ssdeep hashes. Uses feeds from Kaspersky and Cisco Talos amongst others, as well as proprietary feeds. This is a safer way to deploy Kaspersky as Kaspersky just provides feeds without having any access to customer information.</p><p></p><p>Static Analysis: this is Check Point/ZoneAlarm proprietary Next-Gen antivirus that blocks malware based on attributes and not signatures. This is where the NextGen in the name comes from.</p><p></p><p>Behavioural Guard: uses Check Point forensics engine which constantly records all actions from all processes (Zero Trust philosophy). Later on, yara rules, signatures and AI are used to classify malicious behaviour, reverse it and generate a detailed forensic report.</p><p></p><p>Anti-Bot: was added about 15 days after my complaints (added to ZA, it was always there in Harmony Endpoint) and conversation with a manager. Anti-bot blocks communications to known CnC servers by inspecting URL reputation and further classifies malware based on behaviour that looks like related to bots.</p><p></p><p>Anti-Ransomware: Detects and blocks ransomware based on behaviour as well as trap files. Works online as well as offline and reverses encryption.</p><p></p><p>Zero-Phishing: once you click on a website field, Zero-Phishing will start analysing various parameters like URL, reputation, logos, favicons, typos and others to determine if it’s fraudulent. This is very effective, I’ve tested it many times.</p><p></p><p>And finally the king in their world:</p><p>Threat Emulation and Threat Extraction: executable files and scripts are sent for cloud emulation which is very actively developed, see <a href="https://support.checkpoint.com/results/sk/sk95235" target="_blank">release notes</a>.</p><p>Documents are sent for emulation and simultaneously, a cleaned up version is given until emulation finishes (all executable content is removed). If emulation concludes that a document is safe, original version with executable content becomes available to download.</p><p>Threat emulation uses a variety of engines, including Bitdefender engine.</p><p></p><p>Now what I like and dislike:</p><p>Product is light but not as light as some others, such as Norton. Because forensic engine is based on 0-trust, it is more active in recording than let's say Norton Behavioural and Heuristics Security engine which excludes many processes from monitoring. There is a small 0.3% activity frequently and if you launch a second-opinion scanner (example), this will go to 15% as the product records every file accessed. This information is needed in case of attack to determine what wad accessed/read by attackers.</p><p></p><p>Memory usage is very high, at about 500 MB average. After my complaints, a low-memory mode was released in Check Point and it will appear after some time in ZoneAlarm as well, but security will be lower and turning it on is not recommended.</p><p></p><p>Check Point Harmony offers very detailed configuration, but ZA doesn't. Check Point allows file size for emulation to be increased to 50 MB, you can right click to emulate a file, you can remove low and medium confidence detections from Static Analysis, deploy experimental signatures and configure incidents to always be investigated.</p><p>In ZA the maximum emulation size is 15MB, you can't right click to emulate, only high confidence detections from Static Analysis will be displayed and treated and certain incidents won't trigger forensic investigation.</p><p></p><p>The product is also exhibiting minor bugs here and there (all have been reported now). Threat emulation is extremely effective on 0-days including scripts (but you will have to download the file or save it from email, introducing scripts from packs and archives decreases the effectiveness). Protection against executable files is always very high even from a malware in archives/packs.</p><p></p><p>I hope the information above clears the confusion. Let me know if you have other questions.</p></blockquote><p></p>
[QUOTE="Trident, post: 1043146, member: 99014"] Hello [USER=67091]@Decopi[/USER] and [USER=65838]@Bushman[/USER] , this thread got a bit long now so let’s summarise everything again. The product I am talking about is ZoneAlarm Extreme Security Next Gen. Anyone looking to try the product can download Extreme Security Next Gen and activate it with the following extended trial license, valid until August next year: Regarding Kaspersky, CheckPoint removed the Kaspersky engine because their customers include governments and other institutions and in the current political landscape, for compliance reasons, they had to switch to Sophos engine. This was discussed here: [URL unfurl="true"]https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-Kaspersky-free-client-version-available/td-p/143731#[/URL] What they use currently is this, and is intact with their official terminology: Anti-Malware: Standard antivirus aimed at known and unknown (but mainly known) malware. Based on [URL='https://assets.sophos.com/X24WTUEQ/at/pmcvfp2sfvfsg5qjfjj8624/sophos-antivirus-sdk-ds.pdf']Sophos SAVI[/URL]. File Reputation: performs cloud lookups based on ssdeep hashes. Uses feeds from Kaspersky and Cisco Talos amongst others, as well as proprietary feeds. This is a safer way to deploy Kaspersky as Kaspersky just provides feeds without having any access to customer information. Static Analysis: this is Check Point/ZoneAlarm proprietary Next-Gen antivirus that blocks malware based on attributes and not signatures. This is where the NextGen in the name comes from. Behavioural Guard: uses Check Point forensics engine which constantly records all actions from all processes (Zero Trust philosophy). Later on, yara rules, signatures and AI are used to classify malicious behaviour, reverse it and generate a detailed forensic report. Anti-Bot: was added about 15 days after my complaints (added to ZA, it was always there in Harmony Endpoint) and conversation with a manager. Anti-bot blocks communications to known CnC servers by inspecting URL reputation and further classifies malware based on behaviour that looks like related to bots. Anti-Ransomware: Detects and blocks ransomware based on behaviour as well as trap files. Works online as well as offline and reverses encryption. Zero-Phishing: once you click on a website field, Zero-Phishing will start analysing various parameters like URL, reputation, logos, favicons, typos and others to determine if it’s fraudulent. This is very effective, I’ve tested it many times. And finally the king in their world: Threat Emulation and Threat Extraction: executable files and scripts are sent for cloud emulation which is very actively developed, see [URL='https://support.checkpoint.com/results/sk/sk95235']release notes[/URL]. Documents are sent for emulation and simultaneously, a cleaned up version is given until emulation finishes (all executable content is removed). If emulation concludes that a document is safe, original version with executable content becomes available to download. Threat emulation uses a variety of engines, including Bitdefender engine. Now what I like and dislike: Product is light but not as light as some others, such as Norton. Because forensic engine is based on 0-trust, it is more active in recording than let's say Norton Behavioural and Heuristics Security engine which excludes many processes from monitoring. There is a small 0.3% activity frequently and if you launch a second-opinion scanner (example), this will go to 15% as the product records every file accessed. This information is needed in case of attack to determine what wad accessed/read by attackers. Memory usage is very high, at about 500 MB average. After my complaints, a low-memory mode was released in Check Point and it will appear after some time in ZoneAlarm as well, but security will be lower and turning it on is not recommended. Check Point Harmony offers very detailed configuration, but ZA doesn't. Check Point allows file size for emulation to be increased to 50 MB, you can right click to emulate a file, you can remove low and medium confidence detections from Static Analysis, deploy experimental signatures and configure incidents to always be investigated. In ZA the maximum emulation size is 15MB, you can't right click to emulate, only high confidence detections from Static Analysis will be displayed and treated and certain incidents won't trigger forensic investigation. The product is also exhibiting minor bugs here and there (all have been reported now). Threat emulation is extremely effective on 0-days including scripts (but you will have to download the file or save it from email, introducing scripts from packs and archives decreases the effectiveness). Protection against executable files is always very high even from a malware in archives/packs. I hope the information above clears the confusion. Let me know if you have other questions. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
