What is Zone+ Security Scanner?
Zone+ Security Scanner is a web security monitoring system that gives a user an overview of website vulnerabilities and potentially dangerous actions on the web server.
What is a homepage fast scan interval?
During a quick scan, Zone+ Security Scanner checks only the main page with open/public access.
What is a website deep scan?
During this deep scan, Zone+ Security Scanner checks all pages of the site with open/public access.
What is a server scan?
During server scan Zone+ Security Scanner analyses files on the server. This allows detection of vulnerabilities as well as problems not visible with open or public access.
What is advanced defacement analysis?
Zone+ Security Scanner can detect changes on the main page and notifies the user when anomalous changes occur, for example, main page is changed,, page content is replaced with one picture file or text is changed to Arabic etc
What is SSL analysis?
Zone+ Security Scanner checks the validity period of SSL/TLS certificate on site, its chain and SSL/TLS configuration problems.
How does Zone+ Security Scanner recognize malicious software?
Zone+ Security Scanner analyzes files based on known antivirus signatures and behaviour pattterns when source code of files has been changed.
What information does Zone provide Zone+ Security Scanner with, when the user orders the service through Zone+?
Zone provides Zone+ Security Scanner the following:
ZoneID contact information
Domain name for monitoring
This information is necessary to compose and transmit scan reports.
Does Zone+ Security Scanner copy user data to its servers?
No. Zone+ Security Scanner scans files on the Zone server, only list of files and the hash composed based on these files are copied to the Zone+ Security Scanner servers. This information is used to detect vulnerabilities and malicious software, as well as for composing the reports.
Find additional information on security policy here: Imprint & Data Protection – Nimbusec Website Security & Compliance
Does Zone+ Security Scanner work like a firewall?
No. Zone+ Security Scanner is not an active tool for data monitoring. Unlike a firewall, which scans data in realtime, Zone+ Security Scanner scans are performed at specific intervals.
Does Zone+ Security Scanner remove malicious software from the server?
No. Zone+ Security Scanner works only as a server monitoring system. Malicious software on the website must be removed by website administrator. Also, this service can be ordered either from Zone or Zone+ Security Scanner.
Can I change the Zone+ Security Scanner settings?
Yes. When Zone+ Security Scanner is ordered and activated, you can enter the control panel via Zone+.
How will Zone+ Security Scanner warn me about security issued and problems found?
By default, Zone+ Security Scanner sends alerts via email. When “Aggressive” package is chosen, users will be notified via SMS as well. The ZoneID contact information is used when sending notifications. Zone+ Security Scanner management can be accessed via Zone+.
Where can I see the results and history of Zone+ Security Scanner scans?
The overview, report and history of scans are available in Zone+ Security Scanner control panel, which is accessible via Zone+.
What to do if the result is false-positive?
If you are sure that the file detected by the Zone+ Security Scanner doesn’t contain virus and malicious code, then you can mark it as “False positive”. In order to mark file as false-positive, in Zone+ Security Scanner management choose “Bulk actions” and “False positive” next to the corresponding file.
When does the server scan take place?
The initial scan is performed within 15 minutes after the application is installed.
Server scans are scheduled according to chosen package as follows:
Basic: Every Sunday at 10
Advanced: Every morning at 8
Aggressive: Every 4 hours (0, 4, 8, 12, 16, 20)
The infected files are removed from the server, but are they still present on the report?
The deleted files will be present in report until the next scan is completed, i.e. scan results will be updated according to selected package. If you need to scan the server before the next scheduled scan, please contact the support at email@example.com.