Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

1, 5, 395, 0 3.70%
1, 5, 395, 0 3.70%
1, 5, 393, 22 33.33%
1, 5, 393, 22 11.11%
1, 5, 393, 18 25.93%
1, 5, 393, 18 3.70%
1, 5, 388, 0 11.11%
1, 5, 388, 0 3.70%
1, 5, 350, 0 3.70%

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
DeleteService, ControlService, QueryServiceStatus, OpenServiceW, ChangeServiceConfig2W, GetLengthSid, StartServiceW, CreateServiceW, OpenSCManagerW, CloseServiceHandle, EqualSid, GetTokenInformation, RegQueryValueExW, RegCloseKey, RegSetValueExW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegOpenKeyExW, OpenThreadToken, DuplicateTokenEx, LookupAccountNameW, SetKernelObjectSecurity, GetAce, GetSecurityInfo, InitializeAcl, LookupPrivilegeValueW, AddAccessAllowedAce, AdjustTokenPrivileges, OpenProcessToken, ConvertStringSidToSidW, MakeAbsoluteSD, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, GetSecurityDescriptorSacl, SetSecurityInfo, RegEnumKeyW, RegDeleteKeyW, AddAce, AddAccessAllowedAceEx, ConvertSidToStringSidW, QueryServiceConfigW, RegOpenKeyW, RegCreateKeyW, CryptAcquireContextW, CryptGenRandom, CryptReleaseContext, RevertToSelf, ImpersonateLoggedOnUser, ImpersonateNamedPipeClient
gdi32.dll
GetPixel
kernel32.dll
GlobalSize, GlobalLock, CompareStringW, CompareStringA, CreateNamedPipeW, ConnectNamedPipe, DisconnectNamedPipe, FlushFileBuffers, WideCharToMultiByte, OutputDebugStringW, Sleep, GetCurrentProcess, GetLastError, GetThreadPriority, DeleteFileW, SetLastError, GetCurrentThread, SetThreadPriority, OpenProcess, SetErrorMode, WaitForSingleObject, CreateProcessW, TerminateProcess, CloseHandle, GetFileAttributesW, InterlockedCompareExchange, LoadLibraryW, QueueUserWorkItem, OpenEventW, SetEvent, UnmapViewOfFile, MapViewOfFile, GetVersionExW, CreateFileMappingW, GetSystemInfo, SetProcessWorkingSetSize, GetCurrentProcessId, GetCurrentThreadId, GetCommandLineW, GetTickCount, OpenMutexW, FreeLibrary, CreateEventW, GlobalMemoryStatusEx, GetLocalTime, GetPrivateProfileIntW, GetExitCodeThread, InterlockedIncrement, InterlockedDecrement, WaitForMultipleObjects, GetExitCodeProcess, OpenFileMappingW, CreateFileW, GetFileTime, InterlockedExchange, GetStartupInfoA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, QueryPerformanceCounter, GetSystemTimeAsFileTime, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, ReleaseSemaphore, CreateSemaphoreW, OpenThread, TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, GetProcessAffinityMask, WriteFile, WaitNamedPipeW, RemoveDirectoryW, SetFileAttributesW, FindNextFileW, GetComputerNameW, GetVersion, LocalFree, MultiByteToWideChar, SearchPathW, GetEnvironmentStringsW, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, CreateDirectoryW, GetEnvironmentVariableW, CopyFileW, GetModuleHandleW, GetPrivateProfileStringW, WaitForSingleObjectEx, ExitThread, VirtualAlloc, VirtualFree, GetCurrentDirectoryW, FindFirstFileW, GetModuleFileNameW, GetProcAddress, FindClose, GetFileSize, ReadFile, GetShortPathNameW, DuplicateHandle, ReleaseMutex, CreateMutexW, LoadLibraryExW, HeapFree, CompareFileTime, SetFilePointerEx, GlobalFree, GlobalAlloc, MoveFileExW, GetSystemTime, QueryPerformanceFrequency, SetEndOfFile, HeapAlloc, HeapDestroy, HeapCreate, GetFileSizeEx, SystemTimeToFileTime, QueueUserAPC, GlobalUnlock, VirtualQuery
msvcp80.dll
DllMain
msvcr80.dll
DllMain
netapi32.dll
NetUserDel, NetLocalGroupAdd
ntdll.dll
ZwCreateEvent, ZwYieldExecution, ZwOpenThread, ZwDelayExecution, ZwResetEvent, ZwCreateMutant, ZwOpenMutant, ZwSetInformationFile, ZwWaitForMultipleObjects, ZwQueryFullAttributesFile, ZwQueryInformationThread, RtlFreeUnicodeString, ZwCreateFile, ZwQueryInformationFile, ZwQueryValueKey, ZwSetValueKey, ZwFlushBuffersFile, ZwWriteFile, RtlFormatCurrentUserKeyPath, ZwReadFile, RtlInitUnicodeString, ZwCreateKey, ZwOpenEvent, ZwClose, ZwQueryInformationProcess, ZwReleaseMutant, ZwOpenFile, RtlGetVersion, ZwQueryKey, ZwSetEvent, ZwWaitForSingleObject, ZwOpenKey
ole32.dll
CoUninitialize, CoInitialize, CoCreateGuid
shell32.dll
CommandLineToArgvW, ShellExecuteExW, Shell_NotifyIconW, SHGetSpecialFolderPathW, ShellExecuteW
shlwapi.dll
SHDeleteKeyW
user32.dll
IsWindowVisible, SendMessageTimeoutW, PostMessageW, wsprintfW, WaitForInputIdle, CloseDesktop, GetWindowThreadProcessId, SendMessageW, AllowSetForegroundWindow, SetTimer, GetMessageW, EnumDesktopWindows, TranslateMessage, DispatchMessageW, GetAsyncKeyState, CreateDesktopW, MessageBoxW, DefWindowProcW, GetWindowLongW, LoadIconW, RegisterClassW, RegisterWindowMessageW, CreateWindowExW, SetWindowLongW, GetCursorPos, GetDoubleClickTime, LoadImageW, SetForegroundWindow, CharUpperW, CharUpperBuffW, CharUpperBuffA, CharLowerBuffA, FindWindowW, FindWindowExW, KillTimer, PostThreadMessageW, CharLowerBuffW, LoadStringW, PeekMessageW, MsgWaitForMultipleObjects, GetWindowRect, GetDC, ReleaseDC, GetDesktopWindow
wininet.dll
InternetOpenW, InternetOpenUrlW, InternetReadFile, InternetCloseHandle, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, InternetGetConnectedState, InternetCrackUrlW

forcefield.exe

ZoneAlarm Browser Security by Check Point Software Technologies Ltd. (Signed)

Remove forcefield.exe
Version:   1, 5, 393, 18
MD5:   35d752e2d4c3dc06fc8f96e1c2388a36
SHA1:   5aafe1c9c4fdf30db1159212af0d53314b4d4814
SHA256:   9aef17b7eab8fc3936a2f0f98536e96554c680a39000166209b6a6b730088b7e

What is forcefield.exe?

Check Point's ZoneAlarm ForceField is designed to secure Web browsing sessions through the use of browser virtualization, inline download scanning and DNS validation services.

About forcefield.exe (from Check Point Software Technologies Ltd.)

Get ZoneAlarm ForceField for your browser. ForceField works hard at Web safety so you don't have to, but you should continue to browse with common sense in mind.

Overview

forcefield.exe executes as a process with the local user's privileges typically within the context of its parent iswsvc.exe (ZoneAlarm Browser Security by Check Point Software Technologies Ltd.). It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). The file is digitally signed by Check Point Software Technologies Ltd. which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:forcefield.exe
Publisher:Check Point Software Technologies
Product name:ZoneAlarm Browser Security
Typical file path:C:\Program Files\checkpoint\zaforcefield\forcefield.exe
File version:1, 5, 393, 18
Size:1.08 MB (1,127,592 bytes)
Certificate
Issued to:Check Point Software Technologies Ltd.
Authority (CA):VeriSign
Expiration date:Monday, May 5, 2014
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++ 8.0
.NET CLR:No
More details

BehaviorsBehaviors

Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'ISW' → "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00031457%
0.028634%
Kernel CPU:0.00019414%
0.013761%
User CPU:0.00012042%
0.014873%
Kernel CPU time:1,057 ms/min
100,923,805ms/min
CPU cycles:41,943/sec
17,470,203/sec
Memory
Private memory:14.01 MB
21.59 MB
Private (maximum):13.94 MB
Private (minimum):1.84 MB
Non-paged memory:14.01 MB
21.59 MB
Virtual memory:149.46 MB
140.96 MB
Virtual memory (peak):154.46 MB
169.69 MB
Working set:5.16 MB
18.61 MB
Working set (peak):16.65 MB
37.95 MB
Page faults:24,390/min
2,039/min
I/O
I/O read transfer:30 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:28 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:91 Bytes/sec
448.09 KB/min
I/O other operations:9/sec
1,671/min
Resource allocations
Threads:21
12
Handles:332
600
GUI GDI count:26
103
GUI GDI peak:28
142
GUI USER count:22
49
GUI USER peak:24
71

BehaviorsProcess properties

Integrety level:Medium
Platform:64-bit
Command lines:
  • C:\Program Files\checkpoint\zaforcefield\forcefield.exe /icon="hidden"
  • "C:\Program Files\checkpoint\zaforcefield\forcefield.exe" /icon="hidden"
Owner:User
Parent process:iswsvc.exe (ZoneAlarm Browser Security by Check Point Software Technologies Ltd.)

ResourcesThreads

Averages
 
ntdll.dll
Total CPU:0.00027313%
0.272967%
Kernel CPU:0.00019904%
0.107585%
User CPU:0.00007408%
0.165382%
CPU cycles:6,781/sec
5,741,424/sec
Memory:1.66 MB
1.16 MB
MSVCR80.dll
Total CPU:0.00012117%
Kernel CPU:0.00011250%
User CPU:0.00000867%
CPU cycles:165,133/sec
Context switches:4/sec
Memory:804 KB
ForceField.exe (main module)
Total CPU:0.00009641%
Kernel CPU:0.00009007%
User CPU:0.00000634%
CPU cycles:2,463/sec
Memory:1.09 MB
rasman.dll
Total CPU:0.00001734%
Kernel CPU:0.00000000%
User CPU:0.00001734%
CPU cycles:37/sec
Memory:112 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 51.85%
Microsoft Windows XP 14.81%
Windows Vista Home Basic 7.41%
Windows 8 Pro 7.41%
Windows 7 Professional 7.41%
Windows 7 Ultimate N 3.70%
Windows Vista Ultimate 3.70%
Windows 7 Ultimate 3.70%

Distribution by countryDistribution by country

United States installs about 55.56% of ZoneAlarm Browser Security.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 80.00%
Acer 20.00%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE