When you click on Threat Emulation Analyze button, your file is uploaded to our cloud servers for analysis. The analysis consists of launching your file in a sandboxed virtual PC and emulating what would happen if you had opened the file on your own PC.
After opening the file in the sandboxed PC, we apply sophisticated analysis engines to monitor if there is any unusual activity in the operating system that would not normally occur when launching such a file. We look for things like registry changes, new processes, changes to the file system and unexpected network activity. We typically run the emulation for about a minute. If anything is out of the normal then we know it's a malware and you'll immediately receive a detailed report of the analysis.
The Threat Emulation cloud supports Microsoft Office files (Word, PowerPoint and Excel), as well as Adobe PDF documents. These are the most common delivery formats of new zero-day attacks. We are working to add support for additional file types in Threat Emulation cloud. Your ZoneAlarm client will automatically adjust as new file types are added.
In order to provide maximum detection rate, the Threat Emulation cloud emulates each file for about one minute, opening it in a within a virtual sandbox and carefully monitoring the Windows operating system while the file is open.
Actual analysis time may, in some cases, vary depending on the file upload time and the sporadic load on the Threat Emulation cloud. If we detect malware behavior in your file, then analysis will always take longer as the system spends additional time analyzing the results of the emulation cycle, making sure it is not a false-positive detection.
The file size has a minor impact on the analysis phase. Threat Emulation will open your file in a sandboxed cloud PC, and allow approximately one minute for the analysis phase to complete.
For a very large file, the file size may impact the upload time to get the file to the Threat Emulation cloud component.
ZoneAlarm Threat Emulation cloud service is powered by Check Point Software Technologies and also used by Fortune 500 companies. Threat Emulation is built with the strongest possible protections to meet the most demanding enterprise security and privacy standards.
Threat Emulation is included with ZoneAlarm Extreme Security Suite.
Yes there is. With ZoneAlarm Extreme, you are entitled to analyze up to 100 files per day using Threat Emulation.
By default, Threat Emulation monitors your PCs download folders (folders used by browsers for download). Any new or changed file of a supported file type (such as PDF or Microsoft Office document) that appears in monitored folders will initiate a Threat Emulation prompt to analyze it.
Use Threat Emulation's settings page to control which folders are monitored. You can also right-click a file in Windows Explorer (in any folder) to initiation a Threat Emulation analysis.
Threat Emulation is provided as a second layer of defense to complement ZoneAlarm's Antivirus. It detects zero-day attacks that are too new to be detectable by antivirus software. It is always a good practice to use Threat Emulation on any file you receive as an email attachment or download from the Web if you have any reason to be suspicious.
Yes you can - right-click a file in Windows Explorer (in any folder) to initiation a Threat Emulation analysis. This can be done only for supported file types: Microsoft Office and Adobe PDF.
Threat Emulation supports working with files multiple simultaneously. The files will all appear in the Threat Emulation dialog as they complete to download, and you can select which files to analyze.
Yes you can - files are not locked while they are being emulated in cloud by Threat Emulation. But if possible you should wait to open these files until Threat Emulation analysis is completed.
Yes you can - by default, Threat Emulation monitors your PCs download folders (folders used by browsers for download). Use Threat Emulation settings page to control which folders are monitored.
If malware is detected by Threat Emulation, you will receive a detailed report of the system changes and anomalous activity detected while emulating your file. Never open a file that was detected to be malicious by Threat Emulation.
Threat Emulation is designed to detect zero-day attacks that are not yet covered by antivirus. For this reason we can only share symptoms of the malware infection as detected by our cloud. The virus itself will not be identified in the report as fresh zero-day malware does not yet have a name. If you suspect that you may be infected by this malware, please contact ZoneAlarm support for assistance.
If you have a malicious file then it does not necessarily mean that your system is infected. It depends on whether you have opened the file or not. If you have not opened the file then delete it completely by click the Delete button in the Threat Emulation dialog.
If you have opened the file (for example, if it's a PDF document, if you have viewed it), then your system may be infected with a zero-day malware that is not yet detected by antivirus software. Please carefully study the Threat Emulation report and promptly contact ZoneAlarm support for further assistance.
Threat Emulation does not currently have a quarantine mechanism for files detected as malicious. Click the Delete button in the Threat Emulation dialog to delete the malicious file.
Before prompting you to upload your file to Threat Emulation, we first check if Threat Emulation already knows that file. If it a known malicious file, Threat Emulation will notify you immediately before repeating the analysis.
Before prompting you to upload your file to Threat Emulation, we first check if Threat Emulation already knows that file. If it's a known safe file then we will not prompt you.
Threat Emulation settings allow you to configure whether or not you want Threat Emulation to show you files that are known to be safe.