Why did ZoneAlarm Antivirus deem SQRL a Trojan?


Status
Not open for further replies.
Apr 18, 2019
7
0
I just downloaded SQRL. However, when I clicked on it to install, ZoneAlarm popped up and let me know that it deleted the file due it being seen as a trojan. It called it:
Trojan-Ransom.Win32.Blocker.lzsc.
Another file was deleted. It appears to be the SQRL unique password. This as done before I could even create a back up or print it out.
How will I be able to use SQRL?
 

PHolder

Well-known member
May 19, 2018
1,232
205
Why did ZoneAlarm Antivirus deem SQRL a Trojan
There are two or three possible answers:
  1. You didn't get the SQRL client in a proper way, and it is malware? Where did you get it from?
  2. You are already infected/affected with malware and it attacked/attached to the SQRL client you tried to install.
  3. Or the most likely, the short answer that ZoneAlarm isn't a very good piece of software... and uses bad heuristics

How will I be able to use SQRL?
When you know for sure you have a valid SQRL client, that should be installed, you should configure ZoneAlarm to leave it alone... assuming of course you don't just uninstall ZoneAlarm for being poorly designed and causing more problems than it solves.
 
Apr 18, 2019
7
0
I downloaded SQRL from this URL: https://sqrl.grc.com/pages/getting_started_with_sqrl/, thus if it is infected Steve has a problem he needs to fix.

I will find out if I am infected or affected with malware.

Ask Steve what he thinks of ZoneAlarm. He recommends it as a firewall. I will see about what program it uses for Antvirus and Malware. I do prefer Norton's Anti-

virus, but not sure of Norton's Security.
 
Apr 18, 2019
7
0
I did not find the reason that ZoneAlarm thought that sqrl.exe was a Trojan.

However, I tried an experiment by turning off ZoneAlarm's Antivirus & Malware section. I successfully downloaded and installed SQRL.

I was able to successfully set up SQRL. I then turned ZoneAlarm's Antivirus & Malware back on. Then I went to Application Control and changed the settings for

SQRL to high.

Thank you for the help. Steve has a great web site and products here.
 
Apr 18, 2019
7
0
This morning when I checked my e-mail ZoneAlarm gave a pop up notice that both the SQRL download and the files I installed after turning off the ZoneAlarm Antivirus and Malware are now deleted. The reason: ZoneAlarm deemed them Trojans. The same name that is in wayner's post above is the virus name.
What is going on?
Steve, can you help us?
 

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
Richard: My best guess (which is all it is at the moment) is that this is a consequence of my having JUST started using a newly issued Authenticode code-signing certificate issued by DigiCert. The certificate I had been using expired since the last previous release of the SQRL.EXE -- release 63, which raised no alarms and caused no problems. So this new certificate has no "reputation" in the world yet to override the heuristic alarms that the app raises.

The reason the app raises any heuristic alarms at all is that it is a "self-installing" and "self-updating" executable. Unlike other programs which use a 3rd-party system to install their executables, this SQRL executable handles its own installation. And this, in turn, appears to worry some A/V systems (not all, however... note that it was initially 6/73 and without any change it has now dropped to 4/73.)
 
Apr 18, 2019
7
0
Steve,
Thank you for your explanation.
I just downloaded and installed SQRL on another PC I own running Norton Security with Norton Anti-Virus. Norton's dialog box popped up and state that SQRL is A OKAY with Norton.
Thus, I will run an update on the other PC to see if that will fix it.
If it doesn't, I will try to install only the Norton Anti-Virus on that PC, since I do like ZoneAlarm. Especially since it's inception you have recommended it.
 

PHolder

Well-known member
May 19, 2018
1,232
205
I do like ZoneAlarm. Especially since it's inception you have recommended it.
ZoneAlarm was great as a software firewall (perhaps the first of its kind on Windows) but once Windows decided to include a firewall, ZoneAlarm felt they had to change to stay relevant... and have become far less focused.
 

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
I agree with Paul. Windows' built-in firewall provides a super-set of the original ZoneAlarm functions. It provides outbound blocking. That was ZA's big deal at the time. it's what my original "LeakTest" app was designed to test and demonstrate. Just as I do not run any 3rd-party A/V, neither do I run any 3rd-party firewalls. :)
 
Apr 18, 2019
7
0
Steve, I have a question about firewalls. When ZoneAlarm first came out I jumped on-board after testing my PC with Shields UP. I have been using it ever since. In your opinion, does ZoneAlarm still block outward as well as monitor income traffic better than microsoft's firewall? If yes, then I will continue using it. Otheriwse, if it is not doing as it once did, is Norton's Security a good choice? I abhor McAfee's software.
 

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
Hi Richard: Unfortunately I have no idea. Perhaps others here do. Microsoft's outbound firewall is suspiciously quiet. I have NEVER heard it complain about outbound traffic. So I think that in its default configuration they must have opted for easy-of-use and solitude over super-tight outbound control.
 
Apr 18, 2019
7
0
Steve, Thanks for the reply. I have ZoneAlarm on my main business PC and Norton Security on another PC that I use for personal use. I will see from this experiment which I will prefer for my business. I just have concerns about Kaspersky Anti-Virus being used in ZoneAlarm. I might solve my dilemma by getting Norton Anti-Virus Basic, if it will do what I want it to do.
 
Status
Not open for further replies.