Q1. What checks does Threat Emulation perform in the cloud?
When you click on Threat Emulation Analyze button, your file is uploaded to our cloud servers for analysis. The analysis consists of launching your file in a sandboxed virtual PC and emulating what would happen if you had opened the file on your own PC.
After opening the file in the sandboxed PC, we apply sophisticated analysis engines to monitor if there is any unusual activity in the operating system that would not normally occur when launching such a file. We look for things like registry changes, new processes, changes to the file system and unexpected network activity. We typically run the emulation for about a minute. If anything is out of the normal then we know its a malware and youll immediately receive a detailed report of the analysis.
Q2. Can Threat Emulation analyze all file types?
A:The Threat Emulation cloud supports Microsoft Office files (Word, PowerPoint and Excel), as well as Adobe PDF documents. These are the most common delivery formats of new zero-day attacks. We are working to add support for additional file types in Threat Emulation cloud. Your ZoneAlarm client will automatically adjust as new file types are added.
Q3. How long does Threat Emulation take to analyze a file in the cloud?
A: In order to provide maximum detection rate, the Threat Emulation cloud emulates each file for about one minute, opening it in a within a virtual sandbox and carefully monitoring the Windows operating system while the file is open.
Actual analysis time may, in some cases, vary depending on the file upload time and the sporadic load on the Threat Emulation cloud. If we detect malware behavior in your file, then analysis will always take longer as the system spends additional time analyzing the results of the emulation cycle, making sure it is not a false-positive detection.
Q4. Does file size influence the analysis time?
A: The file size has a minor impact on the analysis phase. Threat Emulation will open your file in a sandboxed cloud PC, and allow approximately one minute for the analysis phase to complete.
For a very large file, the file size may impact the upload time to get the file to the Threat Emulation cloud component.
Q5. How do you protect my files when I send them to Threat Emulation?
A: ZoneAlarm Threat Emulation cloud service is powered by Check Point Software Technologies and also used by Fortune 500 companies. Threat Emulation is built with the strongest possible protections to meet the most demanding enterprise security and privacy standards.
Q8. When does Threat Emulation prompt me to analyze a file?
A: By default, Threat Emulation monitors your PCs download folders (folders used by browsers for download). Any new or changed file of a supported file type (such as PDF or Microsoft Office document) that appears in monitored folders will initiate a Threat Emulation prompt to analyze it.
Use Threat Emulation's settings page to control which folders are monitored. You can also right-click a file in Windows Explorer (in any folder) to initiation a Threat Emulation analysis.
Q9. Should I analyze all the files I download?
A: Threat Emulation is provided as a second layer of defense to complement ZoneAlarms Antivirus. It detects zero-day attacks that are too new to be detectable by antivirus software. It is always a good practice to use Threat Emulation on any file you receive as an email attachment or download from the Web if you have any reason to be suspicious.
Q10. Can I request Threat Emulation analyze a specific file on my hard disk?
A: Yes you can - right-click a file in Windows Explorer (in any folder) to initiation a Threat Emulation analysis. This can be done only for supported file types: Microsoft Office and Adobe PDF.
Q11. What happens if I download several files simultaneously?
A:Threat Emulation supports working with files multiple simultaneously. The files will all appear in the Threat Emulation dialog as they complete to download, and you can select which files to analyze.
Q12. Can I open my file before Threat Emulation analysis is finished?
A: Yes you can - files are not locked while they are being emulated in cloud by Threat Emulation. But if possible you should wait to open these files until Threat Emulation analysis is completed.
Q13. Can I change which folders on my PC Threat Emulation monitors?
A: Yes you can - by default, Threat Emulation monitors your PCs download folders (folders used by browsers for download). Use Threat Emulation settings page to control which folders are monitored.
Q14. What information will I get if Threat Emulation finds that my file contains malware?
A:If malware is detected by Threat Emulation, you will receive a detailed report of the system changes and anomalous activity detected while emulating your file. Never open a file that was detected to be malicious by Threat Emulation.
Threat Emulation is designed to detect zero-day attacks that are not yet covered by antivirus. For this reason we can only share symptoms of the malware infection as detected by our cloud. The virus itself will not be identified in the report as fresh zero-day malware does not yet have a name. If you suspect that you may be infected by this malware, please contact ZoneAlarm support for assistance.
Q15. If Threat Emulation detects a malicious file, what do I do next? Does it mean my PC infected?
A: If you have a malicious file then it does not necessarily mean that your system is infected. It depends on whether you have opened the file or not. If you have not opened the file then delete it completely by click the Delete button in the Threat Emulation dialog.
If you have opened the file (for example, if its a PDF document, if you have viewed it), then your system may be infected with a zero-day malware that is not yet detected by antivirus software. Please carefully study the Threat Emulation report and promptly contact ZoneAlarm support for further assistance.
Q16. Does Threat Emulation quarantine files that contain malware?
A:Threat Emulation does not currently have a quarantine mechanism for files detected as malicious. Click the Delete button in the Threat Emulation dialog to delete the malicious file.
Q17. Threat Emulation detected a malicious file before completing an analysis.
A:Before prompting you to upload your file to Threat Emulation, we first check if Threat Emulation already knows that file. If it a known malicious file, Threat Emulation will notify you immediately before repeating the analysis.
Q18. I've downloaded a file but Threat Emulation didnt prompt me about it.
A:Before prompting you to upload your file to Threat Emulation, we first check if Threat Emulation already knows that file. If its a known safe file then we will not prompt you.
Threat Emulation settings allow you to configure whether or not you want Threat Emulation to show you files that are known to be safe.
Zero Day Threats
Hundreds of new threats are launched every day by cybercriminals. Before antivirus protection can be updated, your PC is vulnerable to these Zero Day Threats. These threats reach your PC through corrupted email attachments and files downloaded from compromised websites.
Threat Emulation Solution
Threat Emulation prevents infections from zero-day attacks. This innovative solution quickly inspects email attachments and website downloads in a cloud-based virtual sandbox. Files that are determined to contain zero-day and other malicious threats can be safely deleted before your PC can be infected.
How Threat Emulation Works