App Review ZoneAlarm NextGen Antivirus 2022

[CyberDevil]

In a series of fresh tests from COMSS, ZoneAlarm has one of the best results when compared even with the more established players - Kaspersky, Bitdefender, Norton ... I wonder how the free and paid versions differ? I guess I want to wait a year on Norton and see how ZoneAlarm will be developing, they've definitely gotten a lot better in a couple of years, but there's still a feeling that the product is unpolished.

 

[ForgottenSeer 98186]

but there's still a feeling that the product is unpolished.

You can forget about that. Israeli technology culture does not embrace high refinement. ZA's curret state is as good as it will ever be.

 

[Trident]

In a series of fresh tests from COMSS, ZoneAlarm has one of the best results when compared even with the more established players - Kaspersky, Bitdefender, Norton ... I wonder how the free and paid versions differ? I guess I want to wait a year on Norton and see how ZoneAlarm will be developing, they've definitely gotten a lot better in a couple of years, but there's still a feeling that the product is unpolished.

Free and paid versions differ a lot. The paid version offers threat emulation, anti bot, anti ransomware and malicious websites blocking. The free version doesn’t offer all that, it just blocks viruses and phishing. The product is actually quite stable and polished. I am investigating an increased boot time, by the time I publish my review on Friday I will know if it’s due to ZA. Other than that, the product has no ads, bundlers and is one of the few that truly give off a premium feeling. I can’t say it’s better than Norton though.

 

[likeastar20]

There are a lot of things that could be improved: there is no way to manually check for updates or change the update frequency, lack of customization for everything, sometimes when a file is removed there is a delay in the notification, I tried to restore a file and it got stuck on restore, after restarting the PC the file was restored, sometimes the events timeline gets buggy and I cannot see anything that was previously detected, the notification of detected malware is too simple, just says "detected by X module". This product feels like it's in beta.

 

[likeastar20]

My tests of ZoneAlarm continue.


This is not a bug. ZoneAlarm uses a tripple engine setup. One of the engines is Sophos Cloud (evidence for that is the existence of a module called EiSophosAV.dll). The second engine is static analysis and the third one is emulation. Even disabling antivirus (Sophos and their own), emulation is still enabled and it continues to detect malware. It must be disabled as well.

Btw cloud emulation categorises also uses the Bitdefender engine (evidence for that is the trojan.GenericKD detection). It also record video of the threat. In addition, ZoneAlarm definition and malware family identification is very accurate.

Spoiler: Emulation

View attachment 273942
View attachment 273938
View attachment 273940
View attachment 273941

ZoneAlarm doesn’t have an option to display emulation reports but I found my way around it. A video test and full review is coming from me this week, most likely Friday.

That is crazy. Are you talking about the endpoint version?

 

[Trident]

That is crazy. Are you talking about the endpoint version?

This is in ZoneAlarm. There is a forensic report as well which I found yesterday. ZoneAlarm is just a rebrand of the Harmony with a different UI.

there is no way to manually check for updates or change the update frequency

This is a cloud AV, it stores 10-15 mb of signatures for Sophos and about 30 mb of information for the static analysis. It’s not a product that is in a desperate need of updates.

 

[cruelsister]

One should not consider installing ZA Free. Without any effort, testing the product against not so fresh malware of diverse types will result in rather annoyingly system trashing infections.

Sub-optimal in the extreme.

 

[Trident]

One should not consider installing ZA Free. Without any effort, testing the product against not so fresh malware of diverse types will result in rather annoyingly system trashing infections.

Sub-optimal in the extreme.

No, ZoneAlarm Free is not an option to consider at all. Not unless combined with other tools. I am talking about the Extreme Security Next-Gen.

 

[Sandbox Breaker - DFIR]

One should not consider installing ZA Free. Without any effort, testing the product against not so fresh malware of diverse types will result in rather annoyingly system trashing infections.

Sub-optimal in the extreme.

To be honest my favorite feature it the threat emulation sandbox. Corporate version you can select as many sandboxes as you want and you can force everything to be emulated. It's not 100% but it's caught some nasty RATs also that were scripted at some of our customers. Signatures has no chance

 

[Sandbox Breaker - DFIR]

The home version uses Sophos exclusively on the local endpoint. Not referring to threat emulation. Their mac version also is only Sophos. Harmony can be e1 Kaspersky or e2 Sophos. Customer chooses.

 

[Trident]

The home version uses Sophos exclusively

It uses few engines, Sophos is one such. Apart from that it uses their static analysis, anti-bot, behaviour guard, threat emulation and codename cipolla. It was discussed in an earlier post of mine.
Sandbox returns Gen.SB.”file format”
Static analysis returns Gen.Mal.SA
Anti-ransomware returns Gen.Cipo.”letters”
Sophos returns their proprietary name.

 

[Sandbox Breaker - DFIR]

It uses few engines, Sophos is one such. Apart from that it uses their static analysis, anti-bot, behaviour guard, threat emulation and codename cipolla. It was discussed in an earlier post of mine.
Sandbox returns Gen.SB.”file format”
Static analysis returns Gen.Mal.SA
Anti-ransomware returns Gen.Cipo.”letters”
Sophos returns their proprietary name.

Was referring to local third party av engine only.