Zemana Anti Key Logger?

Can you guys give some more info about the System Intrusion Protection HIPS in Zemana?

For example, can you configure it yourself, and can you disable certain protections for certain apps?

 

Do you know if the 12 month license starts immediately or when you install it?

John

 

The fine print:

After you purchase Zemana AntiLogger it may be used for 12 months and will not function after that unless you renew your subscription.
Zemana AntiLogger is licensed per computer, and not per user.
Each license allows installation on 1 computer.
Transfer of a license to another owned computer is allowed.
Online license activation is required. what's this?
This promotion cannot be used to upgrade or extend an existing license.
You can install/register the software at any time.
License can be used for Commercial and Personal use.
Upgrades to future versions of the software will be free for 12 months. For versions after that, upgrades will require additional payment, which will be discounted by 25%.
Support is provided for 12 months after your purchase.
30 days return policy.
Your discount coupon code will be applied to your purchase when you click the 'Buy Now' button.
BitsDuJour downloads use a discount coupon code that comes direct from the software vendor, so you'll always get the latest version of the software app sold under the same terms as a regular sale, just at a great promotional price.
Prices do not necessarily include taxes, which will vary by country.

You can't extend an existing license with it. I still have quite a few months left on my current license, but I took advantage of the sale anyway. When my current subscription lapses, it seems from what I'm reading, that I should be able to install and register my purchase.
--

 

I can confirm all that. Especially the you can't extend an existing license with it. The one time I did that years ago, it did not extend by a year the several months remaining. But some email correspondence with Zemana got that squared away in a couple of days.

I've run ZAL Pro on several XP and Win7x64 systems since 2009 and on several occasions I've gotten $creaming-deal or free licenses and on the day of a current license expiration had no problem with a new license obtained several months previous.

Cheers.

 

Here's a screenie of the defense settings in ZAL Pro. My settings as shown are what I consider to be maximum paranoia/alerts.

There is no method for process exclusion. I've run ZAL Pro on several XP and Win7x64 systems since 2009 and never had an FP or conflict having paid attention to their compatibility list. I'm currently running it on one XP and two Win7x64 systems in parallel with Lavasoft Personal Security (Free on the XP) and MBAM Premium, protections on.

Page 16 of their downloadable pdf user manual will provide the info you seek about the System Defense Module function and a couple of related items under General Settings.

Cheers.

 

Thanks for the info.

Btw, did you ever test SpyShelter, and if so, what did you think of it? For some reason, I get the feeling that SS is a bit more advanced (with more options than Zemana), but I´m not sure yet.

 

@Rasheed187: You're welcome. I never tested SpyShelter as I'm too heavily inve$ted in ZAL Pro. I have followed the threads here and reviewed the screenies at Softpedia now and then.

Popular comparisons and criticisms of the two have generally focused on the ridiculous posting of the clueless results of each others' anti-keylogging "tests" run on each other.

Over the years, anyone paying attention knows no one anti-keylogging app shines when it comes to anti-keylogging. As well, any holes in ZAL-P's anti-keylogging have been plugged by on-the-fly encryption in Windows8 and if run in parallel with ZAL-Free on the, um, lesser Windows.

As you've already observed, SS and ZAL-P are much, much more than anti-keyloggers. Perhaps under different circumstances today I just might have been running SS all this time. Even so, at this point, ZAL-P's VirusTotal real-time API has the edge. A serious edge IMHO.

Cheers.

 

It "is" compatible in Windows7 and down. Free's Encryption was integrated under Windows8 installs a short while back. Soon for all, maybe in Q3.

You don't mention which Windows you're "using." I could reach out and read your puny human mind but that might alert your species to our presence on your pathetic world and then we'd have to destroy your spec-of-dust planet.

But if you're not on Win8, then as you so perfectly reported, you don't have any clue as to why your "system" is borked.

Those are funny dialogues, tho...

 

No it's not borked, only that the Free version wouldn't install on my XP/SP2 ?

Funny, yeah Hilarious !

 

With reference to the current User Manual pdf available at Zemana Web site, it is somewhat out-dated in that...

1) IntelliGuard is not covered.

2) For Anti-SSLLogging: "The protection is available for applications that use the Microsoft SSL coding method (Internet Explorer, Outlook, etc), but not for those using the Mozilla SSL coding method (e.g. Firefox and Thunderbird)."

Over time, that's been greatly enhanced. From a recent Zemana Support email:
"When we first implemented the Anti-SSL it only supported Microsoft based systems (IE, Outlook etc.) but now Anti-SSL(https) protection supports all browsers that uses the Microsoft WININET API , Mozilla NSS API and OpenSSL API. So it supports IE,Firefox,Thunderbird,Chrome, Opera etc. Now Zemana AntiLogger is browser independent."

Yeah, they know the manual needs updating.

Cheers.

 

Now that I think of it, SS gives you full control over monitored actions (see link), does Zemana also have this option? And btw, SS also has the ability to scan files with VirusTotal. To clarify, I´m not trying to make this an A vs B thread, I´m just trying to figure things out, I´m still not happy with my Win 8 setup.

http://i1-win.softpedia-static.com/screenshots/SpyShelter_7.png?1392765781

 

A new question: Zemana has got an anti-SSL logger function right? I´m still trying to figure out how it works.

Can you guys perhaps check if Zemana injects code (.dll file) into the browser?

 

That must be a screen shot of an older program. The new version has an extra tab at bottom of that screen for encryption.

 

@controler
If by "a screen shot" you refer to the one I posted in #30, that is the current settings pane for ZAL Pro installed in all Windows except, I suppose, Win8x64.

In my posts #7 & #33 and in more detail here and there on the Zemana Web site:
"Free and Pro feature sets are integrated in Zemana Paid when installed on Win8x64 since v1.9.3.444 (March 2013)."
"Free's Encryption was integrated under Windows8 installs a short while back." Tho now I notice I failed to emphasize x64 there.

For ZAL keyboard encryption on non-Win8x64 systems with ZAL Pro, Free must be installed, too. Of course, Free all by itself can be run on all.

So, I'm guessing you're running Win8x64? Even if not, why don't you post up a screen shot? Especially since "an extra tab at the bottom" is somewhat bewildering unless they've completely redesigned that settings pane. I'd like to see that as my Win7 systems are about two years old so timing decrees I'll probably be running Win9 (SP1 of course) on my next systems upgrade.

Cheers.

 

@ FOXP2

Are you familiar with Process Explorer? If so, can you perhaps check if Zemana injects code (.dll file) into the browser?

See post #37: https://www.wilderssecurity.com/threads/zemana-anti-key-logger.358634/page-2#post-2383878

 

Rasheed

This link may explain your question? When I installed Zemana and ran Malwarbytes stand alone rootkit scanner this is what you get. I am checking to se why their scanner incorporated in MAlwarbytes Antimalware does not through same flag. It appears they do inject DLL's but code is not signed. I have used process explorer in the past but have been using process lasso lately to see how it works.

https://forums.malwarebytes.org/ind...bytes-anti-rootkit-beta-detects-appinit-dlls/

 

FoxP2 yes I am using Win 8.1 64 bit and here is the screenie.

 

Thanks, but it´s a bit confusing.

How did you check if they inject code into the browser? In Process Explorer you can select the browser process, and choose "view DLLs".

 

Did Spyshelter give you a free year to eval like Zemana did? Also they claim to protect you against zero days

 

"Out of all twenty-seven applications on test, only three were able to protect the system under all conditions, these being Zemana AntiLogger, Quaresso Protect On Q and Trusteer Rapport. An interesting feature of all three of these is that they protected the system silently, never asking for any user input and with no significant impact on system performance."

http://dl9.zemana.com/Website_Media/MRG Banking Report 2011 Final.pdf

I never read the entire document. Just skimmed over it a bit.

 

zemana pro have key encyption feature ?
i think that not implemented

 

niz ? my screen shot shows a tic box for it in settings

 

controler , can you test it with zemana keylogger simulator test
http://www.zemana.com/LeakTest/keylogger-test.aspx

 

See posts #30, 39 and 42 above. For KB encryption, pay attention to references for ZAL Pro & Free and to Win8 x64 only vs. other Windows' versions. Can't really explain and illustrate it any better than that. Good luck.

 

After reading the comments here I sent a support request and received confirmation that the KeyCrypt (keystroke encryption) is not currently enabled in the regular version unless you are on Windows 8/8.1 x64.
I had thought it was for some time so I never installed the 'free' version!

Oddly enough, when I dug inside the Setup.res (located in a protected/hidden folder in Program Data) I found a file called ZALSDK_Pro_Setup.exe which does contain a 32 bit KeyCrypt.dll
I tested it out and it installed just fine for me, creating folders and files along with adding a driver.
The dll was injected into apps, but seemed to be inactive in process explorer/threads

I found that by closing Antilogger and manually editing the config.cfg and adding this line I could enable it.
cbKeyCrypt=1
Then while Antilogger was on/active (eg in the tray)
the dll would not only be added but would actually use some of the cpu.

After a little more investigation I managed to link it to a registry entry at
HKEY_CURRENT_USER\Software\Zemana\AntiLogger SDK\General\Enabled
While Antilogger was active it was set to 1
When I exited it was set to 0

This entry does not exist on a normal install. (Unless you are on 8 x64 I am guessing)

So it was working just not in the background like is possible with the free version.

I mirrored the results to a real install of the free version and the keys it used for it's options. (slight difference in path free vs sdk)
I also re-verified this by checking a few logs.
The only thing I haven't done is throw a keylogger at it ^^

I figured that there must be a reason it's not enabled by default on my OS so I removed it all and then after a reboot reinstalled the regular version again.
This time I took the files/registry entries I saved from another test I did of Antilogger Free and made some manual changes.
The two setups (free and the one I found in the hidden folder) are virtually identical with only one real difference in the registry path and the extra 'free' exe.
This enabled me to add the Keystroke Encryption to the regular version (and feel safe about it) without installing the free version and cluttering up my notification area with redundant icons and an extra exe.

So now the regular version has the keystroke encryption I thought it had before. (WHY isn't this enabled on other OSs?) The coding is obviously there already!
The only current downfall to this method is that the regular version isn't setup to report applications it can't encrypt the keystrokes for and can't be enabled/disabled through the GUI.

I feel like such a fool, all this time thinking the keystrokes were encrypted when they weren't.

Will I keep it this way? I'm not sure but I wanted to share what I learned the hard way. I think installing the free version, running it once, then exiting and selecting to run in the background and removing the startup entry for the free version exe would be the best bet.

On a side note, the version number of the Pro SDK Keycrypt is quite a bit higher than the more recently updated free one. Wierd!