Threat Emulation

Using Threat Emulation Against Zero-Day Attacks

ZoneAlarm Threat Emulation adds protection against Zero-day threats – newly launched threats that exploit new vulnerabilities that developers did not yet have a chance to address and patch. These threats can reach your computer through corrupted email attachments and files downloaded from compromised websites.

By default, ZoneAlarm Threat Emulation is enabled and monitors the Desktop and the Downloads folder for new files.

ZoneAlarm Threat Emulation supports these file types:

  • MS Word
  • MS PowerPoint
  • MS Excel
  • Adobe PDF

When a file of one of the supported file types is downloaded or opened in one of the monitored locations on your computer, Threat Emulation checks if it is a known Safe or Malicious file. If the file is unknown, Threat Emulation asks you if you want to analyze it. If you agree, it opens the file on a virtual machine in the Cloud environment and monitors it for abnormal behavior. If Threat Emulation determines that the file is malicious, the antivirus/anti-malware databases are updated with this file’s signature, the report on found threats shows, and you are prompted to delete the file.

To analyze a file previously stored on your computer:

Right-click the file name, and select ZoneAlarm > Analyze with Threat Emulation.

The file is uploaded to a cloud server and is tested in a virtual environment.

Note - Files are not locked while they are being analyzed. You can open them at any time. However, we strongly recommend to wait to open these files until Threat Emulation analysis finishes.

To change Threat Emulation settings:

  1. Click in the ANTIVIRUS & FIREWALL panel of the ZoneAlarm software client.
  2. Click Settings in the Threat Emulation section.
    The Thread Emulation Settings window opens.
  3. Change default selections as necessary:
    • Enable Threat Emulation (selected by default)
    • Ignore files known to be safe - do not analyze files that are known to be safe
    • Only analyze files downloaded from the Internet (selected by default) - clear, if you want to be able to analyze all files of supported file types, including the files copied from the network, other media, or different locations on the same computer
    • Monitor Downloads folder and Desktop (selected by default)
  4. To add folders to be monitored by ZoneAlarm Threat Emulation engine, for each folder:
    1. Click Add.
    2. In the window that opens, select a folder. To exclude subfolders, clear Include subfolders (selected by default).
    3. Click OK.

    To remove the folders from the list of folders monitored by ZoneAlarm Threat Emulation, select them and click Remove from List.

  5. Click OK.
© Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.


Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.


Refer to the Copyright page for a list of our trademarks.

Refer to the Third Party copyright notices for a list of relevant copyrights and third-party licenses.