Discussion in 'other anti-malware software' started by fax, Mar 15, 2012.
Thanxx for the info.
Tested it with zeroday malware on Real System XP SP3 32 Bits
Protection was not bad but decent.
I think it can be a good free product if -
Frequency of updates are more instead of 1 in 24 hours. The updates made quite a difference in my tests here i.e after doing initial updates I tried again & it mentioned up to date. I scanned the folder with malware. After about 1 hour I tried manual updates & it updated again & I again scanned the malware folder & there was quite a good more detection.
RealTime & On-Demand difference in protection/detection was there i.e I scanned malware folder with 55 zeroday malware & also executed & run all the 55 malware & installed completely whaever installed.
On-Demand missed 25.
RealTime missed 30.
I checked & executed the missed 5 malware again but no detection from RealTime when On-Demand detected those, dont know why?
RiskWare detection should be there.
The ability to select all the malware at once in result window to quarantine the malware & in quarantine window to remove the malware is needed.
Any one know what eng & sigs is it using? i.e
Is it using kasperky eng + sigs & inhouse eng + sigs or what actually it is using?
Only Kaspersky engine for on-demand scanning. With retail versions you can scan downloaded files with an advanced heuristic engine running files in a sandbox (ZA engine).
Thanks for confirming. That takes testing it off the table for me. Is that true for the "final'' products are well? Testing in a VM is pretty common these days - it would be nice if the lack of VM support could have been stated in the "system requirements".
yes, also final. See here:
What engine & signatures for RealTime Protection in this Free Version?
as mentioned below those are features of kaspersky AV.Update was on the slower side and no fdm/media player classic working.
Did your browser hangup when you try to download eicar's AV test file?
Hi have sent feedback to zonealarm to include riskware detection to the beta and here is the reply from them :
We've listened to your feedback and the next beta version will include riskware/potentially unwanted programs in the anti-virus database.
Thanks for helping make the new release of ZoneAlarm the best ever!
- ZoneAlarm Beta Team
Just curious but is forcefield being utilized here?
Thats a good news.
Can you request them to give info on AV engine, sigs, etc & what is missing in the free version if compared to its equivalent paid version of FW + AV?
Kaspersky engine + ZA web protection (ZA websites blacklist + ZA heuristics of phishing and malware websites).
From the screenshots I have seen these are the main differences (Comparing with retail ZA AV)
- Riskware detection (to be included)
- Checker and Swift technology for fast scanning
- On access settings
- Mailbox scanning
- Network drive scanning
- Automatic treatment
- Advanced heuristic download protection
- Advanced firewall (OSfirewall, component control, advanced program control)
You have to understand there will be differences otherwise they will risk to be out of businness very soon
Kaspersky engine means kaspersky signatures too, right?
So I think with RiskWare detection to be included, we will not lose much in terms of protection i.e protection/detection wise it will be the same as the paid, if the signatures provided are not limited, and I hope signatures provided are full, right?
MailBox scanning - is it the email protection?
What do we miss on On-Access settings?
Its ok if they are not providing HIPS features, many users dont like or understand HIPS & basic ZA FW is good too.
Instead of 1 update in 24 hours, I wish they provide the same autoupdate as paid version & restrict the priority updates, wot say?
Is the behaviour blocker active in this beta? And is it automatic i.e blocks & notifies or gives the option allow/block?
I tested 55 zeroday malware i.e executed every malware but didn't got any BB alerts so asking if BB is active in this beta or not.
The overall concept seems good and kudos to Checkpoint for developing a free suite, but based on my personal experience this application needs lots of work !
Updating the signatures was extremely slow; about sixteen minutes for the initial update and just under seven minutes for a manual update roughly three hours later.
Two more subsequent updates took about the same amount of time.
On-demand full scan including archives (14.1 GB) took slightly under 27 minutes.
Boot time has at least doubled.
Going from desktop to the home page took 21 seconds.
A second attempt took 16 seconds.
A third attempt took 18 seconds.
(All using IE 8 with Sandboxie).
Page rendering was noticeably slower but did complete every time without error.
Running XP SP-2.
Pentium 4 630 Prescott. Four GB RAM. No other real-time scanner.
CPU usage at 35-40%; 250 MB to about 1300 MB of RAM in use. Way too high in both cases.
I can't use anything that slows me down this much. Hopefully, the resource usage will soon improve to the point where I will have a better experience. For now, I'll skip any further involvement.
It means manly the signature + heuristic + behavioral scan part of the KAV SDK engine. ZA and Kaspersky are very different products with different GUI and options.
yes, it would be crazy to have ZA skipping one trojan out of three because its free or blocking Zeus.a but not Zeus.b
Mailbox scanning--> scanning of e-mail while downloading. E-mails are scanned "on-access" instead.
On-access settings --> choosing between different mode: smart, read/write, write.
No idea, sorry. You should try the same with KAV enterprise and see if you get different/same results.
Sorry for the double post but does anyone know if this suite is utilizing forcefield? The reason I ask is I see some componets actively working with the browser. I didn't install the toolbar.
Yes, it should be there to provide the web protection (you can check in the task manager). This is regardless the toolbar that only provides additional control and info.
In my previous posts I forgot to mention -
Here the RealTime Alert is always behind open windows, anyone confirm this?
Oh & its not an autoupdate for AV database but scheduled update & it will update at specific time only, I hate this.
Remember to send feedback directly to them via the beta feedback form!
(also try to explain better your issues and suggest alternatives)
... and sorry in advance for the pedantic reminder…
I tried it quite a few times but it mentions correct the errors & shows no errors.
I tried with different browsers & running Ccleaner too but the same prob.
One problem in the past was that too much text is inserted in the box. Try to introduce less text and see if it works otherwise I am not sure what to suggest. As I see from previous posts users seems able to provide feedback successfully.
A real pity since with no feedback all your time dedicated to test as well as your finding and recommendation will be wasted... development does not monitor this or the ZA board
Separate names with a comma.