How Advanced Download Protection* Works

Spyware, viruses, botnets, and zero-day threats often come through downloads you initiated or were tricked into initiating through click fraud or other techniques.

Malware creators sometimes try to outsmart security scans by creating multiple self-generating variations of a virus. This is one reason that scanning for known malware signatures is not enough anymore. To detect rapidly created new and unknown malware, more sophisticated scanning methods are applied.

The three layers of Advanced Download Protection are:

1. Unsigned Download Detection
2. Malware Detection and Heuristic Scan
3. Advanced Heuristic Scan

Unsigned Download Detection

ZoneAlarm browser security determines whether a software download is digitally signed. Digital signing confirms the software author and that the code has not been altered or corrupted since it was created.

If an executable that you are downloading from the Web is unsigned, ZoneAlarm browser security warns you so you can delete it before causes any damage. Note that you do have the option of running an unsigned executable, which is only recommended if you know and trust the source of the file.

Malware Detection and Heuristic Scan

ZoneAlarm browser security receives constant updates about known malware. If you choose to download an executable file harboring a known spyware or virus, the scanner detects it by scanning for exact matches in the latest malware signature database.

To help detect malware not yet recorded in the database, a static heuristic scan also analyzes the file for properties associated with malware files.

If the above methods cannot determine that the file is safe, you are given the option of an advanced scan.

Advanced Heuristic Scan

If a program you are downloading cannot be determined to be safe according to the first two layers of detection, a dialog appears offering you the option of Advanced Scan. This is a heuristic behavioral review that is able to detect new zero-day malware—even if you are the first person to experience that malware.

The Advanced Scan opens and runs the file in a virtual environment where it can’t touch your real computer. Before you even open the file on your real hard drive, this scan can safely detect harmful behavior in a temporary virtual space created by ZoneAlarm browser security.

This scan takes between 30 seconds to two minutes. If the file is found to be dangerous, a warning appears that lets you delete the file immediately. If the file is found to be safe, you can open it.