Zemana Antilogger Hijacks NIS 2013 Sonar Protection!

Discussion in 'other anti-malware software' started by itman, Feb 9, 2013.

Thread Status:
Not open for further replies.
  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I know I will ignite a fire storm with this posting. All I will do is post what I found on my WIN 7 SP1 installation running Zemana Antilogger paid and NIS 2013.

    A while back, I was examing what associated modules Zemana uses in Resource Monitor. I noticed a ref. to Norton bash definitions. Thought that was odd but ignored it. As time went by, this kept bothering me so I checked it in detail. Here is what I found.

    Zemana is loading UMEngx86.dll. That is NIS 2013 Sonar protection! I have verified this multiple times. Worse, UNEngx86.dll was not loaded in ccsvchst.exe as it should have been. It appears that Zemana is controlling NIS 2013 realtime protection! Well that is one way to ensure that there are no conflicts with other AV software!

    I will be contacting Symantec as to why NIS would allow this.

    I have uninstalled Zemana and UMEngx86.dll is now associated with ccsvchst.exe as it should be. I will not be reinstalling Zemana. More so since it took me a half an hour to scrub the registry of a traces of it after uninstalling with RevoUnistaller. I also had to manually uninstall the hidden antilog64.sys driver.

    I open this up to other members who have Zemana Antilogger and NIS installed to verify.
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Translated in more technical and less conspiracy theory: Zemana prevents the loading of a Norton DLL. Simply report the bug to technical support, I guess if you really want the bug to be fixed you need to reinstall Zemana and use their tool to send logs. :)
     
  3. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    A bigger question is even though Zemana was preventing a .DLL from loading was Sonar protection still working in Norton? I figure if it was not working Norton should have been throwing an alert warning of an error in the program
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Looks like I intrepreted this the wrong way. Appears it is NIS that is injecting the sonar .dll into anything that can connect remotely that it doesn't trust? For example, it also shows up in Adobe's armsvc.exe, my USB 3 software, and nVidia's steam software.
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    The bottom line is if Zemana's antilog32.exe will allow NIS to inject a .dll, it will allow malware to do the same. Try to fool around with NIS ccsvchst.exe and see what will happen. It will block anything that comes close to it. Zemana Antilogger stays off my PC.
     
  6. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441
    Just add it to the exclusion list if you have a problem.

    If NIS Sonar works like an anti-keylogger, then it'll be disabled. Don't run two AL's at the same time! :rolleyes:
     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    No way I know of to add any exclusions to Zemana AL.

    And you are correct - NIS 2013 does have anti-keylogging capability. Now that Zemana AL is off my PC, things are much snapper; especially web browsing.
     
    Last edited: Feb 12, 2013
  8. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Perhaps i had a faulty install of zemana or something but it never appeared to be doing anything.
    Nothing was being analyzed but i suspect its passive protection and only monitors the keyboard and screen etc.

    Also some of the you tube tests have been unfair to this product because its not an anti virus or antimalware,its solely for detecting keyloggers.
     
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Before MRG tested Zemana Anti-Malware(rebranded Hitman Pro) in the Flash tests, they tested Zemana AntiLogger and it was one of the top scorers:
    http://www.mrg-effitas.com/wp-content/uploads/2012/06/MRG-Effitas-Flash-Tests-2010.pdf
    Are you not talking about the free version? The paid version has anti key/screen/clipboard/webcam/mic -logger, Man in the Browser protection(to prevent banking trojans from altering and capturing information from the browser) and a system defense module which is basically a mini-hips.
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Looks like I was right the first time. Zemana Antilogger is injecting antilog32.exe with your AV realtime protection module. Below is Zemana's response to my e-mail.

    To me this is a security issue - that another product can intercept your primary security product real time protection. I also have to question NIS 2013 effectiveness in blocking access to it's critical software components. Obviously this is something Zemana and Symantec have colaborated upon?

    For the time being, I will keep Zemana Antilogger installed since NIS 2013 protection against keyloggers and code injection are zip on x64 OSes - see my thread on this subject in the Antivirus section of this forum.

    I will be dumping both Zemana Antilogger and NIS 2013 when their licenses expire and most likely go with Emisoft IS that includes both Online Armor and real time Antimalware protection.

    Dear xxxxxx,

    Yes,this is by design. Because it is needed to work with Norton Internet Security compatible. It does not cause any security risk.:doubt:

    Please feel free to contact us if you have any further questions.

    --
    Best Regards,
    Armagan Tugsal
    Junior Engineer
    T: +1-866-293-2016
    www.zemana.com


    On Thu, Feb 14, 2013 at 10:53 PM, <info@zemana.com> wrote:

    Name: xxxxxxxxxxxx
    Email: xxxxxxxxxxxx

    Subject: Antilog32.exe .dll injection
    Country: US
    Product: Zemana AntiLogger
    Product Version: 1.9.3.251
    Operating System: Windows 7 64-bit
    Form Url: http://www.zemana.com/support/Contact.aspx
    Browser: IE 9.0

    Message: Is Zemana aware that Norton Internet Security 2013 module, UMEngx86.dll, which is NIS's Sonar engine is being injected into antilog32.exe? Is this by design? I personally would like to know why antilog32.exe would allow anything to be injected.

    IsFromProduct: No
     
  11. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    934
    Bitdefender paid and Zemana conflict so i have had to dump Zemana .Big problems when trying to remove all traces of Zemana I had great help from Bitdefender support and sorted it in the end but Bitdefender paid had problems with it untill all traces were all gone
     
  12. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I am surprised there was a conflict between Zemana AK and BitDefender since Bitdefender is on Zemana's compatiable software list.

    I also am perplexed by Zemana's AK lack of a clean uninstall. Prior versions uninstalled cleanly. The most remanents I had was when I used RevoUninstaller. So uninstalling using Windows add/remove programs might be preferred. Then do a manual HDD/registry scrub.

    I am also not happy that the product dumped some adware on my PC that I had to remove using AdwCleaner. Appears the trial of paid version does this.
     
    Last edited: Feb 16, 2013
  13. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    934
    Bitdefender paid had the conflict.Support sent me a download tool which sent them details.They then replied,saying there was a conflict.They said to uninstall Zemana and sent me details how to do this and a download to uninstall.
     
Loading...
Thread Status:
Not open for further replies.