App Review ZoneAlarm NextGen Antivirus 2022

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra

CyberDevil

Level 9
Verified
Well-known
Apr 4, 2021
415
In a series of fresh tests from COMSS, ZoneAlarm has one of the best results when compared even with the more established players - Kaspersky, Bitdefender, Norton ... I wonder how the free and paid versions differ? I guess I want to wait a year on Norton and see how ZoneAlarm will be developing, they've definitely gotten a lot better in a couple of years, but there's still a feeling that the product is unpolished.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
In a series of fresh tests from COMSS, ZoneAlarm has one of the best results when compared even with the more established players - Kaspersky, Bitdefender, Norton ... I wonder how the free and paid versions differ? I guess I want to wait a year on Norton and see how ZoneAlarm will be developing, they've definitely gotten a lot better in a couple of years, but there's still a feeling that the product is unpolished.
Free and paid versions differ a lot. The paid version offers threat emulation, anti bot, anti ransomware and malicious websites blocking. The free version doesn’t offer all that, it just blocks viruses and phishing. The product is actually quite stable and polished. I am investigating an increased boot time, by the time I publish my review on Friday I will know if it’s due to ZA. Other than that, the product has no ads, bundlers and is one of the few that truly give off a premium feeling. I can’t say it’s better than Norton though.
 

likeastar20

Level 9
Verified
Mar 24, 2016
423
There are a lot of things that could be improved: there is no way to manually check for updates or change the update frequency, lack of customization for everything, sometimes when a file is removed there is a delay in the notification, I tried to restore a file and it got stuck on restore, after restarting the PC the file was restored, sometimes the events timeline gets buggy and I cannot see anything that was previously detected, the notification of detected malware is too simple, just says "detected by X module". This product feels like it's in beta.
 

likeastar20

Level 9
Verified
Mar 24, 2016
423
My tests of ZoneAlarm continue.


This is not a bug. ZoneAlarm uses a tripple engine setup. One of the engines is Sophos Cloud (evidence for that is the existence of a module called EiSophosAV.dll). The second engine is static analysis and the third one is emulation. Even disabling antivirus (Sophos and their own), emulation is still enabled and it continues to detect malware. It must be disabled as well.

Btw cloud emulation categorises also uses the Bitdefender engine (evidence for that is the trojan.GenericKD detection). It also record video of the threat. In addition, ZoneAlarm definition and malware family identification is very accurate.

ZoneAlarm doesn’t have an option to display emulation reports but I found my way around it. A video test and full review is coming from me this week, most likely Friday.
That is crazy. Are you talking about the endpoint version?
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
That is crazy. Are you talking about the endpoint version?
This is in ZoneAlarm. There is a forensic report as well which I found yesterday. ZoneAlarm is just a rebrand of the Harmony with a different UI.

there is no way to manually check for updates or change the update frequency
This is a cloud AV, it stores 10-15 mb of signatures for Sophos and about 30 mb of information for the static analysis. It’s not a product that is in a desperate need of updates.
 
Last edited:
  • Like
Reactions: simmerskool

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
One should not consider installing ZA Free. Without any effort, testing the product against not so fresh malware of diverse types will result in rather annoyingly system trashing infections.

Sub-optimal in the extreme.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
One should not consider installing ZA Free. Without any effort, testing the product against not so fresh malware of diverse types will result in rather annoyingly system trashing infections.

Sub-optimal in the extreme.
No, ZoneAlarm Free is not an option to consider at all. Not unless combined with other tools. I am talking about the Extreme Security Next-Gen.
 

Sandbox Breaker

Level 11
Verified
Top Poster
Well-known
Jan 6, 2022
530
One should not consider installing ZA Free. Without any effort, testing the product against not so fresh malware of diverse types will result in rather annoyingly system trashing infections.

Sub-optimal in the extreme.
To be honest my favorite feature it the threat emulation sandbox. Corporate version you can select as many sandboxes as you want and you can force everything to be emulated. It's not 100% but it's caught some nasty RATs also that were scripted at some of our customers. Signatures has no chance ;)
 

Sandbox Breaker

Level 11
Verified
Top Poster
Well-known
Jan 6, 2022
530
The home version uses Sophos exclusively on the local endpoint. Not referring to threat emulation. Their mac version also is only Sophos. Harmony can be e1 Kaspersky or e2 Sophos. Customer chooses.
 
  • Like
Reactions: Trident

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
The home version uses Sophos exclusively
It uses few engines, Sophos is one such. Apart from that it uses their static analysis, anti-bot, behaviour guard, threat emulation and codename cipolla. It was discussed in an earlier post of mine.
Sandbox returns Gen.SB.”file format”
Static analysis returns Gen.Mal.SA
Anti-ransomware returns Gen.Cipo.”letters”
Sophos returns their proprietary name.
 

Sandbox Breaker

Level 11
Verified
Top Poster
Well-known
Jan 6, 2022
530
It uses few engines, Sophos is one such. Apart from that it uses their static analysis, anti-bot, behaviour guard, threat emulation and codename cipolla. It was discussed in an earlier post of mine.
Sandbox returns Gen.SB.”file format”
Static analysis returns Gen.Mal.SA
Anti-ransomware returns Gen.Cipo.”letters”
Sophos returns their proprietary name.
Was referring to local third party av engine only.
 
  • Like
Reactions: simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top