Zemana Antilogger Hijacks NIS 2013 Sonar Protection!

I know I will ignite a fire storm with this posting. All I will do is post what I found on my WIN 7 SP1 installation running Zemana Antilogger paid and NIS 2013.

A while back, I was examing what associated modules Zemana uses in Resource Monitor. I noticed a ref. to Norton bash definitions. Thought that was odd but ignored it. As time went by, this kept bothering me so I checked it in detail. Here is what I found.

Zemana is loading UMEngx86.dll. That is NIS 2013 Sonar protection! I have verified this multiple times. Worse, UNEngx86.dll was not loaded in ccsvchst.exe as it should have been. It appears that Zemana is controlling NIS 2013 realtime protection! Well that is one way to ensure that there are no conflicts with other AV software!

I will be contacting Symantec as to why NIS would allow this.

I have uninstalled Zemana and UMEngx86.dll is now associated with ccsvchst.exe as it should be. I will not be reinstalling Zemana. More so since it took me a half an hour to scrub the registry of a traces of it after uninstalling with RevoUnistaller. I also had to manually uninstall the hidden antilog64.sys driver.

I open this up to other members who have Zemana Antilogger and NIS installed to verify.

 

Translated in more technical and less conspiracy theory: Zemana prevents the loading of a Norton DLL. Simply report the bug to technical support, I guess if you really want the bug to be fixed you need to reinstall Zemana and use their tool to send logs.

 

A bigger question is even though Zemana was preventing a .DLL from loading was Sonar protection still working in Norton? I figure if it was not working Norton should have been throwing an alert warning of an error in the program

 

Looks like I intrepreted this the wrong way. Appears it is NIS that is injecting the sonar .dll into anything that can connect remotely that it doesn't trust? For example, it also shows up in Adobe's armsvc.exe, my USB 3 software, and nVidia's steam software.

 

The bottom line is if Zemana's antilog32.exe will allow NIS to inject a .dll, it will allow malware to do the same. Try to fool around with NIS ccsvchst.exe and see what will happen. It will block anything that comes close to it. Zemana Antilogger stays off my PC.

 

Just add it to the exclusion list if you have a problem.

If NIS Sonar works like an anti-keylogger, then it'll be disabled. Don't run two AL's at the same time!

 

No way I know of to add any exclusions to Zemana AL.

And you are correct - NIS 2013 does have anti-keylogging capability. Now that Zemana AL is off my PC, things are much snapper; especially web browsing.

 

Perhaps i had a faulty install of zemana or something but it never appeared to be doing anything.
Nothing was being analyzed but i suspect its passive protection and only monitors the keyboard and screen etc.

Also some of the you tube tests have been unfair to this product because its not an anti virus or antimalware,its solely for detecting keyloggers.

 

Before MRG tested Zemana Anti-Malware(rebranded Hitman Pro) in the Flash tests, they tested Zemana AntiLogger and it was one of the top scorers:
http://www.mrg-effitas.com/wp-content/uploads/2012/06/MRG-Effitas-Flash-Tests-2010.pdf
Are you not talking about the free version? The paid version has anti key/screen/clipboard/webcam/mic -logger, Man in the Browser protection(to prevent banking trojans from altering and capturing information from the browser) and a system defense module which is basically a mini-hips.

 

Looks like I was right the first time. Zemana Antilogger is injecting antilog32.exe with your AV realtime protection module. Below is Zemana's response to my e-mail.

To me this is a security issue - that another product can intercept your primary security product real time protection. I also have to question NIS 2013 effectiveness in blocking access to it's critical software components. Obviously this is something Zemana and Symantec have colaborated upon?

For the time being, I will keep Zemana Antilogger installed since NIS 2013 protection against keyloggers and code injection are zip on x64 OSes - see my thread on this subject in the Antivirus section of this forum.

I will be dumping both Zemana Antilogger and NIS 2013 when their licenses expire and most likely go with Emisoft IS that includes both Online Armor and real time Antimalware protection.

Dear xxxxxx,

Yes,this is by design. Because it is needed to work with Norton Internet Security compatible. It does not cause any security risk.

Please feel free to contact us if you have any further questions.

--
Best Regards,
Armagan Tugsal
Junior Engineer
T: +1-866-293-2016
www.zemana.com


On Thu, Feb 14, 2013 at 10:53 PM, <info@zemana.com> wrote:

Name: xxxxxxxxxxxx
Email: xxxxxxxxxxxx

Subject: Antilog32.exe .dll injection
Country: US
Product: Zemana AntiLogger
Product Version: 1.9.3.251
Operating System: Windows 7 64-bit
Form Url: http://www.zemana.com/support/Contact.aspx
Browser: IE 9.0

Message: Is Zemana aware that Norton Internet Security 2013 module, UMEngx86.dll, which is NIS's Sonar engine is being injected into antilog32.exe? Is this by design? I personally would like to know why antilog32.exe would allow anything to be injected.

IsFromProduct: No

 

Bitdefender paid and Zemana conflict so i have had to dump Zemana .Big problems when trying to remove all traces of Zemana I had great help from Bitdefender support and sorted it in the end but Bitdefender paid had problems with it untill all traces were all gone

 

I am surprised there was a conflict between Zemana AK and BitDefender since Bitdefender is on Zemana's compatiable software list.

I also am perplexed by Zemana's AK lack of a clean uninstall. Prior versions uninstalled cleanly. The most remanents I had was when I used RevoUninstaller. So uninstalling using Windows add/remove programs might be preferred. Then do a manual HDD/registry scrub.

I am also not happy that the product dumped some adware on my PC that I had to remove using AdwCleaner. Appears the trial of paid version does this.

 

Bitdefender paid had the conflict.Support sent me a download tool which sent them details.They then replied,saying there was a conflict.They said to uninstall Zemana and sent me details how to do this and a download to uninstall.