First, I have been a very happy user of FreeFileSync for years. I use it almost every day and love it.
I have always unchecked the add-on programs that are present in the installer (I assume this is simply to augment limited funding) as I never feel comfortable with 3rd party add-ons. But to say "thanks" to the great work you do - and to obtain the added features of the donation edition - I have begun donations with my downloads – not always, but on occasion - and will continue this.
For security I have long used Zonealarm (even before Checkpoint bought it). Very recently I added the Zonealarm Anti-Ransomware for added security. I immediately began seeing ransomware alerts after using FFS as I usually do (to duplicate/replicate my NAS drive to additional backup). I am very displeased with the Zonealarm response to this matter as you can tell from the attached (first-and-only) direct response message from them. {BTW: I had to convert the msg format to docx for this attachment to work].
[/attachment]
You can see that Zonealarm is blaming FFS for the problem. I don't believe them as I am not getting any solid evidence from ZA that indicates the issue is real together with specific reasons why. Their APP is poor in user interaction (logs are sent silently to their Development group so I don't see them). Furthermore their alert diagnostic window shows a large number of attacked and encrypted files which in reality are not encrypted at all. I have attached a screen shot showing some of the long list of "hacked" files their ZAAR app has generated. Note that I have randomly inspected samples of the claimed "encrypted" files and they are not encrypted - they are normal. The only "Treated" file in the list (at the very bottom, not shown in screenshot) is the FreeFileSync exe .
I am trying to get ZA Support to give me some more professional information to determine if this is a false positive (which I believe) or if there is some real issue of concern. So far I have only the one message, plus promises that they are looking into this.
Any insight you can give would be helpful. If ZA is a problem and not FFS I will remove it and look for an alternative to their Anti-Ransomware tool. I am concerned as to why they would flag FFS as a culprit here unless this is a result of an incorrect analysis of the extensive file & folder activities normal for FFS.
Please advise.
Regards, Harry Crowe
(805) 760-1100
Harry@Crowezone.com
Issue with Zonealarm Anti-Ransomware
- Posts: 2
- Joined: 21 Sep 2017
- Attachments
-
- Harry-Crowe_ZA-Support-Reply_20170920.docx
- (12.6 KiB) Downloaded 102 times
-
- Harry-Crowe_ZAAR_Screenshot_20170921.png (175.31 KiB) Viewed 2103 times
-
- Site Admin
- Posts: 7052
- Joined: 9 Dec 2007
A software reporting fake infections, with support staff spreading fear, uncertainty, doubt? Sounds like classic snake oil software. The support contact is waving lots of unproven accusations and doesn't address the issue with their own software's false positives. IMHO this is simply first-level support who is badly paid and doesn't know what they're talking about (not that that's uncommon in IT) and unfortunately you weren't able to get someone from the second level who could have given you a real answer why their software is doing what it does. (This answer would have been that Zonealarm uses heuristics and that these cannot be exact by their very nature and blah blah blah).
- Posts: 2
- Joined: 21 Sep 2017
Thank you , Zenju. You confirm my own thoughts about this. I think I have enough evidence now to go back to ZA Support and indicate I will be removing ZAAR and seek a better, more accurate alternative. I think it interesting that even the Zonealarm AV system from Checkpoint does not seem to agree with their Anti-Ransomware component. A deep scan with the ZA Extreme Secuirity tool does indicate that the "normal" FFS download contains code identified as "adware" (NOT-a-Virus -- which makes sense), but does NOT find anything in the actual installed FFS executable. I will present this finding to ZA in parting.
Thanks again, and I will continue to happily use - and donate to - your excellent product.
Harry
Thanks again, and I will continue to happily use - and donate to - your excellent product.
Harry
- Posts: 1
- Joined: 1 Feb 2018
FYI, this post is a bit older, but I think more people will find this post due to the same ZAAR behavior
therefore I decided to post
installed ZAAR a couple of days ago and ran into the same odd behavior after moving files from my download folder to others (local and on NAS), using xplorer2 dual pane explorer for win10
immediately suspected false positives, but it may indeed be the case that this ZAAR program is sending false messages as a "buy me immediately" push-over; which of course is a deadly sin for any software vendor
also be aware of the fact that ZAAR is being promoted by PCMag and other Ziff Davis channels, which in themselves are adware channels
therefore I decided to post
installed ZAAR a couple of days ago and ran into the same odd behavior after moving files from my download folder to others (local and on NAS), using xplorer2 dual pane explorer for win10
immediately suspected false positives, but it may indeed be the case that this ZAAR program is sending false messages as a "buy me immediately" push-over; which of course is a deadly sin for any software vendor
also be aware of the fact that ZAAR is being promoted by PCMag and other Ziff Davis channels, which in themselves are adware channels
