Zemana AntiMalware 2 BETA

@ Emre,
Path Scan (WinZip Folder): 2 "Failed" / "There are no detected objects" ? .............

Spoiler: Path Scan Log

Zemana AntiMalware 2.18.2.19 (Portable)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2015-10-24
Operating System : Windows 10 64-bit
Processor : 6X AMD FX(tm)-6100 Six-Core Processor
BIOS Mode : Legacy
CUID : xxxxxxxxx
Scan Type : Path Scan
Duration : 9m 24s
Scanned Objects : 171
Detected Objects : 0
Excluded Objects : 1
Read Level : Normal
Auto Upload : Yes
Include All Extensions : No
Scan Documents : No
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------

There are no detected objects

 

I noticed sometimes Zemana realtime works and sometimes it doesn't or at least that is what I thought, but I as well as others might be mistaken. I tested this with iwin.com files. You have to let the file run like it is installing something and then it exits the program out and tells you it blocked a malicious file. And then I scanned with Adwcleaner which detects Iwin and it didn't detect anything, but when I had just Norton on it did.

Zemana Antimalware doesn't even detect this in their signatures anymore yet it still knows this file is malicious and it is. It is a pup. Try it with any iwin file. They are all bad and detected.

Update: I was as well as others were right the first time sometimes it works and sometimes it doesn't. The Zemana realtime should have kicked in when I was testing their realtime protection with an Iwin file, but it didn't. It did many times before that. I exited out when they asked me to except their license agreement. That is when Zam detected the malicious file and it didn't do nothing, I restarted the computer and ran another iwin file to test it out and it detected it.

 

Ok, the word "protection" is somewhat misleading, or easily misundertstood then, since it does not protect - directly - only indirectly - actually.

Question: what makes this one a REALTIME protector in difference to other scanners - why is your scanner more of a "REALTIME scanner" then others ?

 

-Yes I PM-ed you. Getting back to you ASAP with an answer!

-Thank you for your feedback. We will take it into consideration!

-What do you mean? Delete, allow, quarantine?

-We will reproduce the issue and get back to you shortly.

-IntelliGuard+ is the improved version of our IntelliGuard technology it is much more faster and capable.
-ZALs relatime defense and IntelliGuard are designed to be compatible even they are both active on the same system. So, you won't face any issues using them together.
-Yes we are still partners with VT, we even have a stronger relationship with them compared to the past.
-OK will do and get back to you soon!

-Can you please send one of those files to our support team, so we can inspect the issue? support@zeman.com

-We are providing Cloud Based Real Time Protection and it is much more powerful than other AntiVirus vendors. Got it?


Best regards and everyone have a great Monday!

Ida

 

You have still not explained how the REALTIME protection works, how it differentiates in your product to an Av.
An Av has REALTIME protection - a scanner has no REALTIME protection. You said formerly that your product is a scanner, so therefore it can not have a REALTIME protection in a classical meaning.

So my question still is - how does the REALTIME protection work - what is it in the Product that makes you call it REALTIME.

If you still do not get my question please read my 2 former posts above about this that you answered and together with this one it should be very clear what i am asking you.

 

It works just like MBAM Premium....scans a file on-execution.
Most AVs today have that option in their settings so you can set them the same way.
With scanner, you usually make on-demand (manual) scan or set a scheduled one.

 

I wish everyone was like you, KIND and patient Thank you

 

It is still true but when a major change is done in our cloud infrastructure which would render old versions non-compatible, we publish a "Forced Update" so you don't have a chance to run the old version. This release was released as forced update so that's the reason you have experienced this.

 

Not for now but we are planning to "Allow this file in the future" into the alerts displayed.

Thanks for reporting this issue. Can you please send me an example game link over PM so we can inspect the issue.

 

Thanks for explanation!

What about the rest?
=
https://www.wilderssecurity.com/threads/zemana-antimalware-2-beta.372569/page-50#post-2536732
https://www.wilderssecurity.com/threads/zemana-antimalware-2-beta.372569/page-51#post-2536736

 

Hello Everyone,

In order to clear the confusion about real time scanning, I wanted to write some notes about how it works and what is our goal in the near future.

First of all, Zemana AntiMalware started as an on-demand scanner a year ago but we have always had the idea of adding real time protection feature so it can protect our users as well as cleaning their PCs. According to the feedbacks we get from our users, ZAM does a great job at cleaning PCs from a variety of different threats (rootkit, malware, dns hijackers, browser extensions, root certificates and much more). So, we believe we did a good job with your help in this area.
Now it is time for protecting our users before the infection takes place. So, we are testing the real time and there are still minor issues left but they will all be resolved soon and ZAM will be much more efficient. The reason we are doing this is, we will soon make Zemana AntiMalware a Free product so everyone can use it for on-demand scanning and a paid version with real time protection.

And here are some notes about real time feature:
It detects files before they execute. But why? Regular AV solutions have a filter driver just like we do but they inspect each and every single file. This may look good for protection but detecting a malicious file on your downloads folder costs you too much in terms of system resources since every single file should be inspected. So, we chose to opt-out on-access scans and focused on files which can harm your PC. This is the motive behind choosing on-execution scans. AV suites have extra features such as content filtering, firewall and etc and they all have on-access scans. Since, ZAM is an added security layer (a really powerful one indeed), having two products scan files on access will consume too much resources. Btw, the term "extra layer of security" doesn't mean that it is simple or useless. It is powered by cloud and our cloud based heuristics based detection system (Pandora) + file reputation service which makes it very very good at stopping zero days.

To sum it up, real time protection will soon be free from bugs and I am sure that you will all love it. Take my word for it

 

I was just writing the answer but you were faster Can you please send those files or scan reports to me over PM so we can inspect what is wrong with those files? This could be due to a cloud connection issue but let's see.

 

@Emre:
Great explanation, on how real-time works (should work, in final)

 

https://www.wilderssecurity.com/threads/zemana-antimalware-2-beta.372569/page-50#post-2536732
https://www.wilderssecurity.com/threads/zemana-antimalware-2-beta.372569/page-51#post-2536736
The logs are included, just hit the spoiler.

The files are quite big =
WzWFR64.dll (20,5 MB)
WzProdAdv.dll (24,2 MB)

 

In order to explain how we provide real-time protection, I should write the technical details on how it works. So, here you go:

1. Our cloud is powered by Microsoft Azure Technology and it is highly optimized for handling high numbers of scan requests from our users. It currently scans ~100K files on a daily basis as you can see from the screen shot below.



2. You may have an anti-virus installed on your PC and think that you are safe but looking at the screenshot below may change your idea. Below is the *DAILY* stats for infected PCs which have at least one AV installed.



2. ZAM has IntelliGuard+ Technology which has a signature database which is updated twice an hour (30 mins). It enables ZAM to detect malicious files without asking them to cloud so it doesn't increase cloud load and makes it faster to detect malicious files.

3. ZAM also has Pandora Technology which analyses unknown files in the cloud before they execute on your PC. If you turn this off, unknown files will be allowed to execute and in the mean time, they will be sent to cloud for analysis. If the file in question is detected, ZAM will automatically start a smart scan to clean your PC.

4. ZAM has a filter driver and process creation callbacks which is capable of monitoring files before they execute. So when ever an execution attempt takes place, the executable file gets scanned by IntelliGuard+, ZAM Cloud, Pandora and Reputation System and if it found to be safe, it will be allowed.

Please let me know, if you have further questions.

Thanks.

 

@Emre:
Awesome in detail description, how ZAM works.

That should answer all previous questions, and avoid further ping-pong...

 

Ok, i see.
So it is just like an Av, in its CLASSICAL meaning. As it was back in the Days. File monitor. That is what i suspected and that makes it for example a good light companion to MBAM Premium in just the basic minimum way that they themself recommend

 

MBAM also scans on-execution only so make sure to exclude ZAM processes in MBAM and vice versa.

 

EANING

Yeah, your comment made me realize that i was thinking backwards i of course meant that it works with an Av. MBAM needs something more as a companion then what ZAM offers and that is why they recommend an Av.

I am curious on how the 1 presented test of Zam`s capabilities will look like, it has to be pretty good otherwise it is almost meaningless with all these good Av´s out there.

 

@Emre TINAZTEPE
I don't know the source of the image posted. If what I guess is correct, that graph is obtained from the data you get after a ZAM scan. Correct ?

 

Exactly. ZAM is out there since January, 20 2015 and these are the stats collected from our user base. The big picture is much more dramatic...

 

I think another expression vs "ask" would be "user intervention." In reading the more recent posts here, I'm of the opinion that there are far too many automatic things targeting the user's system. Like "ZAM will automatically start a smart scan to clean your PC." While this is a necessary focus these days for the uninitiated, I don't think I'm alone in expressing the need for an "expert mode" where an alert would intervene presenting the user with actionable selections: delete, allow always, quarantine and allow once for setups and those pesky system temp executables. And a yes/no/ask later for those automatic scans, to clean or anything else.

I installed ZAM on a Windows 10 test system today and the first thing that happened was Nirsoft's currports.exe got dumped into quarantine. This detection's validity can be argued, but I've been using this for years and having to restore it (instead of one click in an alert) was an annoyance at the very least. (Many of the members here will recognize this as Mr. Sofer's unfortunate Sisyphus-like fate.)

EDIT: Not unexpectedly, everything (well, everything I've got) NirSoft is blackballed; exclusions created for both my NirSoft file folders.

I'm not sure what ZAM brings to the table above and beyond what ZAL's realtime and IntelliGuard serves up on my two Windows 7 systems. Ida reports ZAL will be updated shortly and until then and if ZAM offers greater flexibility, I need to pass on it's implementation on them.

Keep up the good work. Let me take this moment to express great appreciation for Ida and Enre's most excellent participation here.

 

If you are counting number of infections directly without consulting the number of deployed machines too, you would have some "interesting" results like the graph. You should either remove small sample sizes or provide the number of available machines.

 

Has anyone had any luck trying to get their lifetime license activations reset? I sent a support form off a while ago asking if they could be reset due to my recently moving to a new computer and that went completely unanswered. I've sent another one off earlier on today but still no reply.

 

https://www.wilderssecurity.com/threads/mse-does-anyone-still-use-it.379323/page-9#post-2537419