Protecting Your Computer With Antivirus/Anti-Spyware

The Antivirus & Anti-spyware engine detects and blocks malware such as viruses, spyware, Trojans, worms, bots, and rootkits. The Web Scanning component prevents your browser from accessing malicious URLs and downloading malicious applications or other malicious files.

You can configure ZoneAlarm software to best suite your needs:

• Turn the Antivirus & Anti-spyware Engine on or off ("Turning the Antivirus and Anti-Spyware On or Off" on page 16) - by default, the Antivirus & Anti-spyware engine is on and protects your computer from the moment you install the ZoneAlarm software
• Customize the default On-Access File Scanning ("Customizing On-Access File Scanning" on page 16) - ZoneAlarm automatically scans each file for viruses before you open or execute it
• Customize the periodic system-wide scan schedule ("Changing System-wide Scan Schedule" on page 17) - change the scan schedule as necessary.
• Quick Scan - is the fastest. It scans for malware in memory, boot sectors, and the system folders that are most susceptible to hacker attacks and viruses, such as Startup folders and folders linked to startup items. It runs on a weekly basis by default.
• Full Scan - is more thorough than the Quick Scan. It scans all files.
• Run on-demand scans ("Running On-Demand Scans" on page 18) in Quick Scan or Full Scan mode ("Customizing On-Demand Scan Settings" on page 18) between the periodically scheduled system-wide scans
• Configure Behavioral Scanning ("Detecting Malicious Behaviors" on page 21) to detect the newest malware threats, based on the malicious behavioral patterns in processes
• Set a schedule to regularly update the virus definitions ("Keeping the Antivirus and Anti-spyware Up to Date" on page 22), to keep your antivirus protection up to date
• Set a schedule to regularly update the ZoneAlarm software ("Updating the Product" on page 11), to keep up with the latest improvements
• Treat quarantined files ("Dealing with Quarantined Files" on page 20) - restore them, delete them, or rescan them
• Configure other settings ("Advanced Antivirus & Anti-Spyware Configuration" on page 23), including Premium Protection features, to fine-tune the behavior of the Antivirus & Anti-spyware Engine

After you install ZoneAlarm software, the Antivirus & Anti-spyware engine is on by default.

To turn Antivirus and Anti-Spyware off or on:

1. Click in the ANTIVIRUS & FIREWALL panel of the ZoneAlarm software client.
2. Move the ON/OFF slider in the Antivirus/Anti-Spyware section to ON or OFF position, as necessary.

By default, On-Access File Scanning is enabled and set to Scan in Smart Mode. It checks each file when you open, save, or execute it. You can change the default settings as necessary.

To customize automated On-Access File Scanning:

1. Click in the ANTIVIRUS & FIREWALL panel of the ZoneAlarm software client.
2. Click Settings in the Antivirus/ Anti-Spyware section.
3. In the Current Settings section, click Files and downloads are scanned when accessed.
   The Antivirus/Anti-spyware Settings window opens and shows the On-Access Scanning settings.
4. Make sure Enable On-Access Scanning is selected.
   Note - We do not recommend to turn off the On-Access Scanning, because it provides protection against viruses and spyware in real time.
5. Select the scan mode:
   • Scan when reading and writing - scans files when they are opened, saved, or executed
   • Scan when reading - scans files when they are opened or executed
   • Scan in Smart Mode - scans according to a set of intelligent rules
6. Click OK.

By default, the periodic system-wide scan is set to the Quick Scan mode and runs once a week.

To change the periodic system-wide scan schedule:

1. Click in the ANTIVIRUS & FIREWALL panel of the ZoneAlarm software client.
2. Click Settings in the Antivirus / Anti-Spyware section.
3. In the Current Settings section, click Quick Scan occurs weekly.
   Note: If the periodic system-wide scan has been set to the Full Scan mode, the line in the current settings shows Full Scan occurs every 3 months. In this case, click occurs every 3 months.
   

   The Scheduled Tasks window opens.
   

   Note - Another way to access the Scheduled Tasks configuration window is through Tools > Scheduled Tasks in the main menu toolbar ("ZoneAlarm Software Client Interface" on page 12).
4. To schedule periodic quick scans, make sure the Antivirus Quick Scan is enabled.
5. Select the frequency of scans from the drop-down menu in the Frequency column:
   1. every day
   2. weekly (default)
   3. every 2 weeks
6. To schedule periodic full scans, make sure the Antivirus Full Scan is enabled.
7. Select the frequency of scans from the drop-down menu in the Frequency column:
   1. monthly
   2. every 3 months (default)
   3. every 6 months
   4. every year
8. In the Initial Task Start Time column, select the date and the time for the first Antivirus Quick Scan and for the first Antivirus Full Scan.
9. Click OK.

To see the date of the last scan and the date of the next scheduled scan, click the arrow to expand the scan configuration section of the window.

By default, all on-demand scans run in the Quick Scan mode.

To change the on-demand scan mode:

1. Click in the ANTIVIRUS & FIREWALL panel of the ZoneAlarm software client.
2. Click Settings in the Antivirus/Anti-Spyware section.
3. In the Current Settings section, click Scan mode is set to Quick Scan.
   Note - If the on-demand scanning mode has been set to Full Scan, the line in the current settings shows Scan mode is set to Full Scan.
   The Antivirus/Anti-spyware Settings window opens and shows the Scan Modes settings.
4. Select a scan mode -
   • Quick Scan - (recommended default) scan only folders that are likely to contain viruses, such as the Startup folders and the folders that are linked to them
   • Full Scan - scan all files and folders
     Note: to scan the archives, make sure the Also scan archives is selected.
5. Click OK.

You can run an on-demand system scan at any time. This does not interfere with the scheduled system scans ("Changing System-wide Scan Schedule" on page 17).

To run an on-demand scan with the scan mode option:

1. Click Scan on the main menu of the client ("ZoneAlarm Software Client Interface" on page 12).
2. Select a scan mode from the drop-down menu:
   • Quick Scan
   • Full Scan
   • Full Scan with Archive Files.

   The Antivirus/Anti-spyware Scan window opens and shows the progress of the scan (scan duration and the critical area that is being scanned at the moment) and the results of the completed scan (the total number of scanned files and the total number of detected infections).

   Note - You can also click Scan Now in the Antivirus/Anti-Spyware section of the ANTIVIRUS & FIREWALL tab, to run an on-demand scan.

To run an on-demand scan in the configured scan mode

1. Click in the ANTIVIRUS & FIREWALL panel of the ZoneAlarm software client.
2. Click Settings in the Antivirus & Anti-spyware section.
3. Click Scan Now.

   The Antivirus/Anti-Spyware Scan window opens, and shows the progress of the scan (scan duration and the critical area that is being scanned at the moment) and the results of the completed scan (the total number of scanned files and the total number of detected infections).

To run an on-demand scan in the configured scan mode ("Customizing On-Demand Scan Settings" on page 18) on a specific file:

In a Windows explorer, right-click the filename, and select ZoneAlarm > Scan with ZoneAlarm Antivirus.

To see the infected files while a scan is in progress:

1. While the scan is in progress, in the Antivirus/Anti-spyware Scan window, click the arrow to expand the Show Detections section.
   Infected files show in the table:

   Field Name	Field Description
   File name	Name of the infected file.
   Virus name	Common name of the detected malware.
   Type	The type of malware: Virus Trojan Rootkit Worm Bot Spyware
   Risk	Risk level of the detected malware. All viruses are considered High risk. Other malware that is not a virus can also be Low, or Medium risk.
   Treatment	Treatment automatically applied to the infected file: Treated Treatment failed Treatment on reboot Ignored Ignored Always
   Path	Full location path of the malware.

2. Select an infected file and click one of these:
   • Treat - let the Antivirus & Anti-spyware security engine automatically treat the infection
     Note - Automatic treatment is enabled by default. This option is only available, if you previously disabled the automatic treatment.
   • Ignore once - do not treat the infected file this time
   • Ignore always - never treat this infected file
3. Click Close, when finished.
   Notes -

   • The scan process continues, even if you minimize or close the Scan window. You can see the scan progress through the View Scan option in the Main Menu, ANTIVIRUS & FIREWALL panel, or the system tray.
   • If the infected files can not be treated, they are placed in quarantine, so that they can not harm your computer. To see what you can do with the quarantined files, see Dealing with Quarantined Files

When the ZoneAlarm software can not treat the infected files, it puts them in quarantine. Files in quarantine are not deleted, or used, but they are harmless.

To view and deal with quarantined files:

1. Click in the ANTIVIRUS & FIREWALL panel of the ZoneAlarm software client.
2. Click Settings in the Antivirus/Anti-Spyware section.
3. In History section, click view quarantine.
   The Antivirus/Anti-spyware Settings window opens and shows the View Quarantine table. The files in the Quarantine table show:
   • Infection - the name of the virus or the malware that affected the file, or the type of infected file
   • Days in Quarantine - how many days the file has been in quarantine
   • Path - the full location path of the infected file
4. Select a file in the Quarantine table, then click one of these:
   • Delete - to permanently delete an infected file from your computer
   • Restore - to restore the file in its original location on your computer
   Note - Select Rescan when new signatures are received, if you want to leave the files in quarantine and rescan them after the next virus definition update. This option is selected by default.
5. Click OK.

Behavioral scanning analyzes object behavior in the system and detects the newest threats that are still not defined in the signatures. A program behaves suspiciously when it does one of these:

• Acts like a worm - copies itself to network resources, the startup folder, or the system registry, and then sends copies of itself
• Makes changes to the file system
• Embeds modules in other processes
• Masks processes in the system
• Modifies certain Microsoft Windows system registry keys

Behavioral scanning is on by default, and we recommend to keep it on. However, you can turn it off, if necessary.

To turn behavioral scanning off:

1. Click in the ANTIVIRUS & FIREWALL panel of the ZoneAlarm software client.
2. Click Settings in the Antivirus/Anti-Spyware section.
3. In the Current Settings section, click Behavioral scan is enabled.
   • Note - If the behavioral scan is off, the configuration line in the Current Settings shows Behavioral scan is disabled.
   • The Antivirus/Anti-Spyware Settings window opens and shows the Behavioral Scan configuration section.
4. Clear Enable behavioral scanning.
   If you wish to turn Behavioral Scan on at another time, select Enable behavioral scanning.
5. Click OK.

By default, virus definitions are updated automatically every hour. You can change the frequency of automatic virus definition updates, or run an update manually if necessary.

To change the frequency of automatic virus definition updates:

1. In the main menu of the ZoneAlarm software client ("ZoneAlarm Software Client Interface" on page 12), click Tools > Scheduled Tasks.
   The Scheduled Tasks window opens.
2. Make sure Antivirus Update is enabled.
3. Select the frequency of updates from the drop-down menu:
   • every 30 minutes
   • hourly (default)
   • every 3 hours
   • every 6 hours
   • every 12 hours
   • every 24 hours
   To see the time of the last update and the time of the next scheduled update, click the arrow to expand the Antivirus Update section.
4. Click OK.

To run a manual update:

1. In the main menu of the ZoneAlarm software client ("ZoneAlarm Software Client Interface" on page 12), click Update.
   The Update in progress window opens. You can close the window, while the update runs, and the update process will continue. To see the progress of the update, click View update.
2. Click Close to exit.
   Note - If the update fails, you can click Retry to run the update again.

   These are other ways to run a manual update:

   • In the MS Windows system notification area ("MS Windows System Notification Area Icons and Menus" on page 14), right-click ZoneAlarm icon, and select Update Now
   • In the ANTIVIRUS & FIREWALL panel of the ZoneAlarm software client, click Update Now button in the Antivirus/Anti-Spyware section