Advanced Antivirus & Anti-Spyware Configuration

Real Time Cloud Protection

Real Time Cloud Protection is a new advanced antivirus/anti-spyware feature, introduced in ZoneAlarm 2014. It provides real-time verification of file signatures against up-to-date cloud-based Kaspersky databases. This enhances the performance of protection components, speeds up response time to new malware threats, and reduces the risk of false-positive detections.

To protect your computer even better, and to optimize its performance, you can customize some of the Advanced Antivirus & Anti-spyware options:

  • Scan Options and Riskware Categories - lets you fine-tune the scanning process
  • Scan Targets - lets you select the drives, folders, files, and system components for on-demand system scans
  • Exceptions - lets you specify directories, files, or programs that you do not wish to scan for viruses and malware. This can be useful in cases when you know these directories, files, and programs are safe, but will reduce your overall protection level

Configuring Scan Options and Riskware Categories

To configure scan options and riskware categories:

  1. Click in the ANTIVIRUS & FIREWALL panel of the ZoneAlarm software client.
  2. Click Settings in the Antivirus/Anti-Spyware section.
  3. Click Advanced Settings.
    The Antivirus/Anti-spyware Settings window opens.
  4. From the navigation tree, select Scan Options.
  5. Select options from the Scan Options list:
    Skip if the object is greater than [size] MB Specify the size in Megabytes. The default is 8. Most virus files are smaller than 8MB. Therefore, not scanning larger files improves the scan time. Viruses in larger files can be detected through on-access scanning
    Enable cpChecker Creates scanning rules based on the data scanned before, and optimizes scanning based on those rules. Works on limited file sizes and formats. Most efficient when cpSwift is enabled.
    Enable cpSwift Creates scanning rules based on the data scanned before, and optimizes scanning based on those rules. Works on all file types, sizes, and formats. Most efficient when cpChecker is enabled.
    Enable heuristics scanning Scans files for common behaviors and attributes associated with malware. Adds another layer of security by detecting viruses or spyware not yet known to virus signature databases.
    Enable automatic treatment Automatically attempts to treat files that contain viruses. If a file cannot be treated, it is placed in Quarantine so that it cannot harm your computer.
    Also scan archives Scan unopened archives to detect malware hidden inside. This options is enabled by default.
  6. Click the arrow to expand the Riskware Categories section.
  7. Select additional options from the Riskware Categories list:
    Enable adware scanning Scan for software that automatically shows unwanted advertisements.
    Enable auto-dialer scanning Scan for software with pornographic content.
    Enable other riskware scanning Other programs that can be detected as riskware include remote administration programs, FTP servers, proxy servers, password recovery tools, monitoring programs, telnet servers, Web servers, computer tools, network tools, peer-to-peer client programs, SMTP clients, Web toolbars, and known fraudulent programs. Of these categories of programs, only those with known associated security vulnerabilities are considered to be riskware, and therefore detected.

Selecting Scan Targets for On-Demand Scans

To configure scan targets for on-demand scans:

  1. Click in the ANTIVIRUS & FIREWALL panel of the ZoneAlarm software client.
  2. Click Settings in the Antivirus/Anti-Spyware section.
  3. Click Advanced Settings.
    The Antivirus/Anti-spyware Settings window opens.
  4. From the navigation tree, select Scan Targets.
  5. Select individual drives, folders, files, and components for scanning.
  6. To scan boot sectors and system memory (on by default) - other critical components of your computer, select:
    • Scan boot sectors for all local drives.
    • Scan system memory.
  7. Click OK.
Note - These settings apply to on-demand scans in Full Scan mode only. A Quick Scan scans for viruses in memory, boot sectors, startup folders and folders linked to the startup items. You can not change the Scan Targets for the Quick Scan mode. You also can not stop a Full Scan from scanning some mandatory sensitive areas like C:\Windows\System32 or C:\Windows\SysWOW64.

Configuring Scan Exceptions

You can specify directories, files, and folders that you want the virus scanner to ignore. Beware that this can lower your computer's protection level.

To configure scan exceptions:

  1. Click in the ANTIVIRUS & FIREWALL panel of the ZoneAlarm software client.
  2. Click Settings in the Antivirus/Anti-Spyware section.
  3. Click Advanced Settings.
    The Antivirus/Anti-spyware Settings window opens.
  4. From the navigation tree, select Exceptions.
  5. Click Add.
    The Add Antivirus Exception window opens.
  6. From the Select Type drop-down menu select:
    • On-Access Scan, if you want to exclude the selected file(s)/folder(s) from on-access scans
    • Trusted Process, if you want an application to be exempt from the on-access scans - any file such application opens will not be scanned
  7. Fill in the Select exception field in one of these ways:
    • Type a name of a file or a folder, or a wildcard string, using the Sample formats shown
    • Click Browse, navigate to a folder or a file of your choice, click Open
  8. Click OK.

If you later remove an item from the list of exceptions, it will be scanned during the next scan.

© Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.

TRADEMARKS:

Refer to the Copyright page http://www.checkpoint.com/copyright.html for a list of our trademarks.

Refer to the Third Party copyright notices http://www.checkpoint.com/3rd_party_copyright.html for a list of relevant copyrights and third-party licenses.