Using Threat Emulation Against Zero-Day Attacks



When ZoneAlarm is installed Threat Emulation is disabled by default.

ZoneAlarm Threat Emulation adds protection against Zero-day threats – newly launched threats that exploit new vulnerabilities that developers did not yet have a chance to address and patch. These threats can reach your computer through corrupted email attachments and files downloaded from compromised websites.

ZoneAlarm Threat Emulation supports these file types:

  • MS Word
  • MS PowerPoint
  • MS Excel
  • Adobe PDF

By default, the Desktop and the Downloads folder are monitored for new files.

When a file of one of the supported file types is downloaded or opened in one of the monitored locations on your computer, Threat Emulation checks if it is a known Safe or Malicious file. If the file is unknown, Threat Emulation asks you if you want to analyze it. If you agree, it opens the file on a virtual machine in the Cloud environment and monitors it for abnormal behavior. If Threat Emulation determines that the file is malicious, the antivirus/anti-malware databases are updated with this file’s signature, the report on found threats shows, and you are prompted to delete the file.

To analyze a file previously stored on your computer:

Right-click the file name, and select ZoneAlarm > Analyze with Threat Emulation.

The file is uploaded to a cloud server and is tested in a virtual environment.

Note - Files are not locked while they are being analyzed. You can open them at any time. However, we strongly recommend to wait to open these files until Threat Emulation analysis finishes.

To change Threat Emulation settings:

  1. Click in the ANTIVIRUS & FIREWALL panel of the ZoneAlarm software client.
  2. Click Settings in the Threat Emulation section.
    The Threat Emulation Settings window opens.
  3. Change default selections as necessary:
    • Enable Threat Emulation (selected by default)
    • Ignore files known to be safe - do not analyze files that are known to be safe
    • Only analyze files downloaded from the Internet (selected by default) - clear, if you want to be able to analyze all files of supported file types, including the files copied from the network, other media, or different locations on the same computer
    • Monitor Downloads folder and Desktop (selected by default)
  4. To add folders to be monitored by ZoneAlarm Threat Emulation engine, for each folder:
    1. Click Add.
    2. In the window that opens, select a folder. To exclude subfolders, clear Include subfolders (selected by default).
    3. Click OK.

    To remove the folders from the list of folders monitored by ZoneAlarm Threat Emulation, select them and click Remove from List.

  5. Click OK.
Was this article helpful?

Have more questions?

Submit Request