App Review ZoneAlarm NextGen Antivirus 2022

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra

Shadowra

Level 37
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,617
Hello and welcome to the ZoneAlarm NextGen test!
ZoneAlarm NextGen is a new product from the Israeli editor CheckPoint, developer of ZoneAlarm.
Based on Cloud IA Machine Learning, it offers a very simple and easy to use software.

Even if the protection is very good, many problems are present...
First of all, it analyzes the downloads, but the analysis is ABSOLUTELY long! It could take several minutes for ZoneAlarm to give its verdict! (yet the test machine is very well equipped and has a fiber connection)

Then on malware launches, ZoneAlarm can take a long time to react to an attack (the attack on Powershell is the proof) which is unforgivable for a security software!
And finally, even when deactivated, ZoneAlarm deleted files from the malware pack before analysis...

The machine is infected by the NanoCore RAT Trojan and JS traces are present. Even if it protected well, its instabilities and its numerous bugs and slowness push me to advise against its use....



RAM Usage : High
Malware URL test : 10/10 (All blocked)
Fake crack : 1/1 (The fake crack could not be launched, ZA has detected)
Malware Pack : Remaining 16 files out of 223.
ZoneAlarm detected the files even when disabled before the analysis!
After reactivation and testing, ZoneAlarm reacts very late to infections. The machine is infected by various scripts and NanoCore RAT.

Resistance to script attacks: Medium

Result :
ZA 0
NPE: 8
KVRT : 5

Recommand : No, given the bugs, instability and problems encountered during the test
System Clean : No system infected

@Bushman , @9ucto5 and @icarus request
 

9ucto5

Level 1
Sep 3, 2022
13
Hello and welcome to the ZoneAlarm NextGen test!
ZoneAlarm NextGen is a new product from the Israeli editor CheckPoint, developer of ZoneAlarm.
Based on Cloud IA Machine Learning, it offers a very simple and easy to use software.

Even if the protection is very good, many problems are present...
First of all, it analyzes the downloads, but the analysis is ABSOLUTELY long! It could take several minutes for ZoneAlarm to give its verdict! (yet the test machine is very well equipped and has a fiber connection)

Then on malware launches, ZoneAlarm can take a long time to react to an attack (the attack on Powershell is the proof) which is unforgivable for a security software!
And finally, even when deactivated, ZoneAlarm deleted files from the malware pack before analysis...

The machine is infected by the NanoCore RAT Trojan and JS traces are present. Even if it protected well, its instabilities and its numerous bugs and slowness push me to advise against its use....



RAM Usage : High
Malware URL test : 10/10 (All blocked)
Fake crack : 1/1 (The fake crack could not be launched, ZA has detected)
Malware Pack : Remaining 16 files out of 223.
ZoneAlarm detected the files even when disabled before the analysis!
After reactivation and testing, ZoneAlarm reacts very late to infections. The machine is infected by various scripts and NanoCore RAT.

Resistance to script attacks: Medium

Result :
ZA 0
NPE: 8
KVRT : 5

Recommand : No, given the bugs, instability and problems encountered during the test
System Clean : No system infected

@Bushman , @9ucto5 and @icarus request

yes it have too much bug and they still try to patch
igoing back to old extreme security from them
thanks for testing
 

Bushman

Level 2
Verified
Sep 9, 2017
55
yes it have too much bug and they still try to patch
igoing back to old extreme security from them
thanks for testing
Hello and welcome to the ZoneAlarm NextGen test!
ZoneAlarm NextGen is a new product from the Israeli editor CheckPoint, developer of ZoneAlarm.
Based on Cloud IA Machine Learning, it offers a very simple and easy to use software.

Even if the protection is very good, many problems are present...
First of all, it analyzes the downloads, but the analysis is ABSOLUTELY long! It could take several minutes for ZoneAlarm to give its verdict! (yet the test machine is very well equipped and has a fiber connection)

Then on malware launches, ZoneAlarm can take a long time to react to an attack (the attack on Powershell is the proof) which is unforgivable for a security software!
And finally, even when deactivated, ZoneAlarm deleted files from the malware pack before analysis...

The machine is infected by the NanoCore RAT Trojan and JS traces are present. Even if it protected well, its instabilities and its numerous bugs and slowness push me to advise against its use....



RAM Usage : High
Malware URL test : 10/10 (All blocked)
Fake crack : 1/1 (The fake crack could not be launched, ZA has detected)
Malware Pack : Remaining 16 files out of 223.
ZoneAlarm detected the files even when disabled before the analysis!
After reactivation and testing, ZoneAlarm reacts very late to infections. The machine is infected by various scripts and NanoCore RAT.

Resistance to script attacks: Medium

Result :
ZA 0
NPE: 8
KVRT : 5

Recommand : No, given the bugs, instability and problems encountered during the test
System Clean : No system infected

@Bushman , @9ucto5 and @icarus request


Hello and welcome to the ZoneAlarm NextGen test!
ZoneAlarm NextGen is a new product from the Israeli editor CheckPoint, developer of ZoneAlarm.
Based on Cloud IA Machine Learning, it offers a very simple and easy to use software.

Even if the protection is very good, many problems are present...
First of all, it analyzes the downloads, but the analysis is ABSOLUTELY long! It could take several minutes for ZoneAlarm to give its verdict! (yet the test machine is very well equipped and has a fiber connection)

Then on malware launches, ZoneAlarm can take a long time to react to an attack (the attack on Powershell is the proof) which is unforgivable for a security software!
And finally, even when deactivated, ZoneAlarm deleted files from the malware pack before analysis...

The machine is infected by the NanoCore RAT Trojan and JS traces are present. Even if it protected well, its instabilities and its numerous bugs and slowness push me to advise against its use....



RAM Usage : High
Malware URL test : 10/10 (All blocked)
Fake crack : 1/1 (The fake crack could not be launched, ZA has detected)
Malware Pack : Remaining 16 files out of 223.
ZoneAlarm detected the files even when disabled before the analysis!
After reactivation and testing, ZoneAlarm reacts very late to infections. The machine is infected by various scripts and NanoCore RAT.

Resistance to script attacks: Medium

Result :
ZA 0
NPE: 8
KVRT : 5

Recommand : No, given the bugs, instability and problems encountered during the test
System Clean : No system infected

@Bushman , @9ucto5 and @icarus request

The name is high-sounding but the results are very disappointing...thank you for this test which comforts me to keep Emsisoft on my computers for another year
 

OhioRebel

Level 1
Verified
Sep 29, 2018
41
Hello and welcome to the ZoneAlarm NextGen test!
ZoneAlarm NextGen is a new product from the Israeli editor CheckPoint, developer of ZoneAlarm.
Based on Cloud IA Machine Learning, it offers a very simple and easy to use software.

Even if the protection is very good, many problems are present...
First of all, it analyzes the downloads, but the analysis is ABSOLUTELY long! It could take several minutes for ZoneAlarm to give its verdict! (yet the test machine is very well equipped and has a fiber connection)

Then on malware launches, ZoneAlarm can take a long time to react to an attack (the attack on Powershell is the proof) which is unforgivable for a security software!
And finally, even when deactivated, ZoneAlarm deleted files from the malware pack before analysis...

The machine is infected by the NanoCore RAT Trojan and JS traces are present. Even if it protected well, its instabilities and its numerous bugs and slowness push me to advise against its use....



RAM Usage : High
Malware URL test : 10/10 (All blocked)
Fake crack : 1/1 (The fake crack could not be launched, ZA has detected)
Malware Pack : Remaining 16 files out of 223.
ZoneAlarm detected the files even when disabled before the analysis!
After reactivation and testing, ZoneAlarm reacts very late to infections. The machine is infected by various scripts and NanoCore RAT.

Resistance to script attacks: Medium

Result :
ZA 0
NPE: 8
KVRT : 5

Recommand : No, given the bugs, instability and problems encountered during the test
System Clean : No system infected

@Bushman , @9ucto5 and @icarus request

Thanks for the test!
 

Sandbox Breaker

Level 11
Verified
Top Poster
Well-known
Jan 6, 2022
530
We use Check Point Harmony Endpoint with the full Kaspersky SDK + Threat Emulation. I can tell you that you are missing a lot with the threat emulation(Cloud Sandbox). Their cloud sandbox is on par with VMRay and is highly resistant to evasion techniques. It's all in the way you set it up. We have all downloads, and files on disk and network drive analyzed by threat emulation, which means that all files are submitted to get verified. It's overkill and takes a lot of network usage... but it's a great layer! Combine this with a tightly hardened system and complete threat hunting/monitoring and now you have a hack that costs more than the data itself!
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
I tested ZoneAlarm Next Gen Extreme yesterday. Very mixed feelings about it.

My findings as in a timeline:
The installer is a Chrome installer copy. Upon opening it said “On your marks” and initiated the download. UI is the same as installing Chrome. Installation didn’t ask any questions but was rather slow. Specially considering that it’s not a feature-packed product.

After installation:
Immediately can be noticed that the product has no settings whatsoever. There are no antivirus settings such as whether to scan archives or not, no aggressiveness levels, no alerts settings/silent mode, nothing. Ease of use is important, but in this case way overdone.
All you can do is turn antivirus on/off and schedule scans. Firewall settings all come down to 2 sliders to set up the trust zone.

Malware Protection:
ZoneAlarm protection is a mixed bag. Though I didn’t find any samples that were not detected (I did not try very hard), detecting a sample took forever. One example was an MSI installer. After execution, it took about 3 minutes for ZoneAlarm to kick in and delete a malicious DLL. ZoneAlarm left startup items and a seemingly harmful (abused) exe. On every computer start it generates errors. Majority of detections are produced by “Threat Emulation” some were called “Abnormal File”, “Reputation” and “Behavioural Detection”. Interesting fact is ZoneAlarm will detect even malware in password-protected archives (they probably use a list of commonly used passwords).

For all downloads (not in an archive) ZoneAlarm would act as a download manager, display an alert and then remove the file. This included scripts, documents and Java malware.

Though it all was slow and not great in terms of experience, ZoneAlarm did not leave the system compromised neither from documents, nor MSI installers, signed files, inflated samples, scripts and everything else I tried. However other products like Norton and Kaspersky detected everything far quicker and remediated better.

Ransomware Protection:
Very effective. It reacts quick and it reverses encryption.

Phishing Protection:
That was very iffy. ZoneAlarm adds extension in browsers without begging users to install it (unlike other vendors). This extension provides an option called “Scan Site”. When opening ebay.com this scan got triggered, an alert called “Zero Phishing” appeared and site was scanned. When I started to open various links from my junk folder, the scan was not triggered and I could open many. Manually clicking on “Scan Site” detected many. New tab was opened in the browser where ZoneAlarm claims site is blocked. However, the site is still open in another tab and I was able to interact with it.

ZoneAlarm is not great in terms of blocking Phishing as their “heuristic-based Zero Phishing” scan triggers only sometimes automatically and I don’t think anyone would initiate manual scans. Very shaky implementation.

Botnet Protection:
ZoneAlarm displays no alert and keeps no logs to make botnet protection existence evident. However, on many occasions trying to download a malicious file resulted in a browser error.

Performance:
The system overall felt very snappy and no visible indicators of compromised performance were observed. I have not performed benchmarks.

Logs/user communication:
The only logs kept are for detected malware. They are displayed in a timeline manner and contain time, date, file name and path, and the component that blocked it. There is a button that says “Not Malware” to restore the file (not recommended).

Final verdict:
ZoneAlarm is great product that is in no way underdeveloped but according to their official release notes, updates are not very frequent and some features are visibly not quality-tested. For a paid product this is not acceptable.
Once again it is proven that the signature-less approach that many vendors so tout brings no benefit to the users.
 
Last edited:

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
My tests of ZoneAlarm continue.

ZoneAlarm detected the files even when disabled before the analysis!
This is not a bug. ZoneAlarm uses a tripple engine setup. One of the engines is Sophos Cloud (evidence for that is the existence of a module called EiSophosAV.dll). The second engine is static analysis and the third one is emulation. Even disabling antivirus (Sophos and their own), emulation is still enabled and it continues to detect malware. It must be disabled as well.

Btw cloud emulation categorises also uses the Bitdefender engine (evidence for that is the trojan.GenericKD detection). It also record video of the threat. In addition, ZoneAlarm definition and malware family identification is very accurate.

IMG_1245.jpeg

IMG_1242.jpeg

IMG_1243.jpeg

IMG_1244.jpeg
ZoneAlarm doesn’t have an option to display emulation reports but I found my way around it. A video test and full review is coming from me this week, most likely Friday.
 
Last edited:

Shadowra

Level 37
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,617
My tests of ZoneAlarm continue.


This is not a bug. ZoneAlarm uses a tripple engine setup. One of the engines is Sophos Cloud (evidence for that is the existence of a module called EiSophosAV.dll). The second engine is static analysis and the third one is emulation. Even disabling antivirus (Sophos and their own), emulation is still enabled and it continues to detect malware. It must be disabled as well.

Btw cloud emulation categorises also uses the Bitdefender engine (evidence for that is the trojan.GenericKD detection). It also record video of the threat. In addition, ZoneAlarm definition and malware family identification is very accurate.

ZoneAlarm doesn’t have an option to display emulation reports but I found my way around it. A video test and full review is coming from me this week, most likely Friday.

A new test by me is also planned
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
I do not trust the zonealarm program. Zonealarm is a company founded by former MOSSAD employees. does not give me confidence.I wondered and looked, there is a 2 -year purchase option. How did you buy a 4 year license?
I am not into these political, geographical and privacy debacles. I'm a very open guy who's got nothing special to hide. I only care about the product and its quality, there are institutions to set the appropriate laws for everything else.

I purchased a license using the link within the trial version (which is a bit cheaper) and also used a discount code. I then logged in to my account and used the renewal option with the same discount coupon. I can't say if I will keep using it but I definitely like it so far. I may end up giving it to family and friends. For me ZoneAlarm and Check Point are an entirely new experience, the last time I tried something from them was 10 years ago and I didn't like them.
 

Sandbox Breaker

Level 11
Verified
Top Poster
Well-known
Jan 6, 2022
530
There's a way to modify the host file after install. You can install as many as you want. Add machine then delete it. The host file patch will prevent the uninstall command. Haha
 

M4RT1NE2

Level 14
Verified
Top Poster
Well-known
Mar 19, 2022
651
I tested ZoneAlarm Next Gen Extreme yesterday. Very mixed feelings about it.

My findings as in a timeline:
The installer is a Chrome installer copy. Upon opening it said “On your marks” and initiated the download. UI is the same as installing Chrome. Installation didn’t ask any questions but was rather slow. Specially considering that it’s not a feature-packed product.

After installation:
Immediately can be noticed that the product has no settings whatsoever. There are no antivirus settings such as whether to scan archives or not, no aggressiveness levels, no alerts settings/silent mode, nothing. Ease of use is important, but in this case way overdone.
All you can do is turn antivirus on/off and schedule scans. Firewall settings all come down to 2 sliders to set up the trust zone.

Malware Protection:
ZoneAlarm protection is a mixed bag. Though I didn’t find any samples that were not detected (I did not try very hard), detecting a sample took forever. One example was an MSI installer. After execution, it took about 3 minutes for ZoneAlarm to kick in and delete a malicious DLL. ZoneAlarm left startup items and a seemingly harmful (abused) exe. On every computer start it generates errors. Majority of detections are produced by “Threat Emulation” some were called “Abnormal File”, “Reputation” and “Behavioural Detection”. Interesting fact is ZoneAlarm will detect even malware in password-protected archives (they probably use a list of commonly used passwords).

For all downloads (not in an archive) ZoneAlarm would act as a download manager, display an alert and then remove the file. This included scripts, documents and Java malware.

Though it all was slow and not great in terms of experience, ZoneAlarm did not leave the system compromised neither from documents, nor MSI installers, signed files, inflated samples, scripts and everything else I tried. However other products like Norton and Kaspersky detected everything far quicker and remediated better.

Ransomware Protection:
Very effective. It reacts quick and it reverses encryption.

Phishing Protection:
That was very iffy. ZoneAlarm adds extension in browsers without begging users to install it (unlike other vendors). This extension provides an option called “Scan Site”. When opening ebay.com this scan got triggered, an alert called “Zero Phishing” appeared and site was scanned. When I started to open various links from my junk folder, the scan was not triggered and I could open many. Manually clicking on “Scan Site” detected many. New tab was opened in the browser where ZoneAlarm claims site is blocked. However, the site is still open in another tab and I was able to interact with it.

ZoneAlarm is not great in terms of blocking Phishing as their “heuristic-based Zero Phishing” scan triggers only sometimes automatically and I don’t think anyone would initiate manual scans. Very shaky implementation.

Botnet Protection:
ZoneAlarm displays no alert and keeps no logs to make botnet protection existence evident. However, on many occasions trying to download a malicious file resulted in a browser error.

Performance:
The system overall felt very snappy and no visible indicators of compromised performance were observed. I have not performed benchmarks.

Logs/user communication:
The only logs kept are for detected malware. They are displayed in a timeline manner and contain time, date, file name and path, and the component that blocked it. There is a button that says “Not Malware” to restore the file (not recommended).

Final verdict:
ZoneAlarm is great product that is in no way underdeveloped but according to their official release notes, updates are not very frequent and some features are visibly not quality-tested. For a paid product this is not acceptable.
Once again it is proven that the signature-less approach that many vendors so tout brings no benefit to the users.
Respect for using ZoneAlarm.
For me, ZoneAlarm is associated with a reliable firewall somewhere twenty-odd years ago. Where I always installed during a new system installation.
Today, I personally would not trust this programme. It is no longer about mosad or others. I just don't trust it. That's my opinion.
But still, respect for buying it.
 
  • Like
Reactions: kylprq and Harputlu

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top