Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

1, 5, 395, 0 3.70%
1, 5, 395, 0 3.70%
1, 5, 393, 22 33.33%
1, 5, 393, 22 11.11%
1, 5, 393, 18 25.93%
1, 5, 393, 18 3.70%
1, 5, 388, 0 11.11%
1, 5, 388, 0 3.70%
1, 5, 350, 0 3.70%

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
DeleteService, ControlService, QueryServiceStatus, OpenServiceW, ChangeServiceConfig2W, GetLengthSid, StartServiceW, CreateServiceW, OpenSCManagerW, CloseServiceHandle, EqualSid, GetTokenInformation, RegQueryValueExW, RegCloseKey, RegSetValueExW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegOpenKeyExW, OpenThreadToken, DuplicateTokenEx, LookupAccountNameW, SetKernelObjectSecurity, GetAce, GetSecurityInfo, InitializeAcl, LookupPrivilegeValueW, AddAccessAllowedAce, AdjustTokenPrivileges, OpenProcessToken, ConvertStringSidToSidW, MakeAbsoluteSD, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, GetSecurityDescriptorSacl, SetSecurityInfo, RegEnumKeyW, RegDeleteKeyW, AddAce, AddAccessAllowedAceEx, ConvertSidToStringSidW, QueryServiceConfigW, RegOpenKeyW, RegCreateKeyW, CryptAcquireContextW, CryptGenRandom, CryptReleaseContext, RevertToSelf, ImpersonateLoggedOnUser, ImpersonateNamedPipeClient
gdi32.dll
GetPixel
kernel32.dll
GlobalSize, GlobalLock, CompareStringW, CompareStringA, CreateNamedPipeW, ConnectNamedPipe, DisconnectNamedPipe, FlushFileBuffers, WideCharToMultiByte, OutputDebugStringW, Sleep, GetCurrentProcess, GetLastError, GetThreadPriority, DeleteFileW, SetLastError, GetCurrentThread, SetThreadPriority, OpenProcess, SetErrorMode, WaitForSingleObject, CreateProcessW, TerminateProcess, CloseHandle, GetFileAttributesW, InterlockedCompareExchange, LoadLibraryW, QueueUserWorkItem, OpenEventW, SetEvent, UnmapViewOfFile, MapViewOfFile, GetVersionExW, CreateFileMappingW, GetSystemInfo, SetProcessWorkingSetSize, GetCurrentProcessId, GetCurrentThreadId, GetCommandLineW, GetTickCount, OpenMutexW, FreeLibrary, CreateEventW, GlobalMemoryStatusEx, GetLocalTime, GetPrivateProfileIntW, GetExitCodeThread, InterlockedIncrement, InterlockedDecrement, WaitForMultipleObjects, GetExitCodeProcess, OpenFileMappingW, CreateFileW, GetFileTime, InterlockedExchange, GetStartupInfoA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, QueryPerformanceCounter, GetSystemTimeAsFileTime, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, ReleaseSemaphore, CreateSemaphoreW, OpenThread, TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, GetProcessAffinityMask, WriteFile, WaitNamedPipeW, RemoveDirectoryW, SetFileAttributesW, FindNextFileW, GetComputerNameW, GetVersion, LocalFree, MultiByteToWideChar, SearchPathW, GetEnvironmentStringsW, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, CreateDirectoryW, GetEnvironmentVariableW, CopyFileW, GetModuleHandleW, GetPrivateProfileStringW, WaitForSingleObjectEx, ExitThread, VirtualAlloc, VirtualFree, GetCurrentDirectoryW, FindFirstFileW, GetModuleFileNameW, GetProcAddress, FindClose, GetFileSize, ReadFile, GetShortPathNameW, DuplicateHandle, ReleaseMutex, CreateMutexW, LoadLibraryExW, HeapFree, CompareFileTime, SetFilePointerEx, GlobalFree, GlobalAlloc, MoveFileExW, GetSystemTime, QueryPerformanceFrequency, SetEndOfFile, HeapAlloc, HeapDestroy, HeapCreate, GetFileSizeEx, SystemTimeToFileTime, QueueUserAPC, GlobalUnlock, VirtualQuery
msvcp80.dll
DllMain
msvcr80.dll
DllMain
netapi32.dll
NetUserDel, NetLocalGroupAdd
ntdll.dll
ZwCreateEvent, ZwYieldExecution, ZwOpenThread, ZwDelayExecution, ZwResetEvent, ZwCreateMutant, ZwOpenMutant, ZwSetInformationFile, ZwWaitForMultipleObjects, ZwQueryFullAttributesFile, ZwQueryInformationThread, RtlFreeUnicodeString, ZwCreateFile, ZwQueryInformationFile, ZwQueryValueKey, ZwSetValueKey, ZwFlushBuffersFile, ZwWriteFile, RtlFormatCurrentUserKeyPath, ZwReadFile, RtlInitUnicodeString, ZwCreateKey, ZwOpenEvent, ZwClose, ZwQueryInformationProcess, ZwReleaseMutant, ZwOpenFile, RtlGetVersion, ZwQueryKey, ZwSetEvent, ZwWaitForSingleObject, ZwOpenKey
ole32.dll
CoUninitialize, CoInitialize, CoCreateGuid
shell32.dll
CommandLineToArgvW, ShellExecuteExW, Shell_NotifyIconW, SHGetSpecialFolderPathW, ShellExecuteW
shlwapi.dll
SHDeleteKeyW
user32.dll
IsWindowVisible, SendMessageTimeoutW, PostMessageW, wsprintfW, WaitForInputIdle, CloseDesktop, GetWindowThreadProcessId, SendMessageW, AllowSetForegroundWindow, SetTimer, GetMessageW, EnumDesktopWindows, TranslateMessage, DispatchMessageW, GetAsyncKeyState, CreateDesktopW, MessageBoxW, DefWindowProcW, GetWindowLongW, LoadIconW, RegisterClassW, RegisterWindowMessageW, CreateWindowExW, SetWindowLongW, GetCursorPos, GetDoubleClickTime, LoadImageW, SetForegroundWindow, CharUpperW, CharUpperBuffW, CharUpperBuffA, CharLowerBuffA, FindWindowW, FindWindowExW, KillTimer, PostThreadMessageW, CharLowerBuffW, LoadStringW, PeekMessageW, MsgWaitForMultipleObjects, GetWindowRect, GetDC, ReleaseDC, GetDesktopWindow
wininet.dll
InternetOpenW, InternetOpenUrlW, InternetReadFile, InternetCloseHandle, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, InternetGetConnectedState, InternetCrackUrlW

forcefield.exe

ZoneAlarm Browser Security by Check Point Software Technologies Ltd. (Signed)

Remove forcefield.exe
Version:   1, 5, 393, 22
MD5:   9f9d928f2004559247e8dea4d1361d9b
SHA1:   81cc194e05a2639c4a64b02ddb38c1d50e1e7e40
SHA256:   dfc243c9c76d89ea88092415462d5607451167a76b2ac946bbac8f0041e3f521

What is forcefield.exe?

Check Point's ZoneAlarm ForceField is designed to secure Web browsing sessions through the use of browser virtualization, inline download scanning and DNS validation services.

About forcefield.exe (from Check Point Software Technologies Ltd.)

Get ZoneAlarm ForceField for your browser. ForceField works hard at Web safety so you don't have to, but you should continue to browse with common sense in mind.

Overview

forcefield.exe executes as a process with the local user's privileges typically within the context of its parent iswsvc.exe (ZoneAlarm Browser Security by Check Point Software Technologies Ltd.). It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). The file is digitally signed by Check Point Software Technologies Ltd. which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:forcefield.exe
Publisher:Check Point Software Technologies
Product name:ZoneAlarm Browser Security
Typical file path:C:\Program Files\checkpoint\zaforcefield\forcefield.exe
File version:1, 5, 393, 22
Size:721.66 KB (738,984 bytes)
Certificate
Issued to:Check Point Software Technologies Ltd.
Authority (CA):VeriSign
Expiration date:Monday, May 5, 2014
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++ 8.0
.NET CLR:No
More details

BehaviorsBehaviors

Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'ISW' → "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
Network connections
  • [TCP] 2.20.182.24:80

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00631667%
    0.028634%
    Kernel CPU:0.00494464%
    0.013761%
    User CPU:0.00137203%
    0.014873%
    Kernel CPU time:12,734,881 ms/min
    100,923,805ms/min
    CPU cycles:47,666/sec
    17,470,203/sec
    Memory
    Private memory:20.94 MB
    21.59 MB
    Private (maximum):18.09 MB
    Private (minimum):3.32 MB
    Non-paged memory:20.94 MB
    21.59 MB
    Virtual memory:140.39 MB
    140.96 MB
    Virtual memory (peak):178.35 MB
    169.69 MB
    Working set:5.55 MB
    18.61 MB
    Working set (peak):24.84 MB
    37.95 MB
    Page faults:328,738/min
    2,039/min
    I/O
    I/O read transfer:1.18 KB/sec
    1.02 MB/min
    I/O read operations:5/sec
    343/min
    I/O write transfer:1.89 KB/sec
    274.99 KB/min
    I/O write operations:8/sec
    227/min
    I/O other transfer:6.27 KB/sec
    448.09 KB/min
    I/O other operations:527/sec
    1,671/min
    Resource allocations
    Threads:20
    12
    Handles:445
    600
    GUI GDI count:63
    103
    GUI GDI peak:183
    142
    GUI USER count:29
    49
    GUI USER peak:108
    71

    BehaviorsProcess properties

    Integrety level:High
    Platform:32-bit
    Command lines:
    • "C:\Program Files\checkpoint\zaforcefield\forcefield.exe" /icon="hidden"
    • C:\Program Files\checkpoint\zaforcefield\forcefield.exe /icon="hidden"
    Owner:User
    Parent processes:

    ResourcesThreads

    Averages
     
    ntdll.dll
    Total CPU:0.00194735%
    0.272967%
    Kernel CPU:0.00144649%
    0.107585%
    User CPU:0.00050086%
    0.165382%
    Memory:712 KB
    1.16 MB
    ForceField.exe (main module)
    Total CPU:0.00025754%
    Kernel CPU:0.00021747%
    User CPU:0.00004008%
    CPU cycles:1,234/sec
    Memory:716 KB
    MSVCR80.dll
    Total CPU:0.00002303%
    Kernel CPU:0.00002303%
    User CPU:0.00000000%
    CPU cycles:819/sec
    Memory:620 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Premium 51.85%
    Microsoft Windows XP 14.81%
    Windows Vista Home Basic 7.41%
    Windows 8 Pro 7.41%
    Windows 7 Professional 7.41%
    Windows 7 Ultimate N 3.70%
    Windows Vista Ultimate 3.70%
    Windows 7 Ultimate 3.70%

    Distribution by countryDistribution by country

    United States installs about 55.56% of ZoneAlarm Browser Security.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Hewlett-Packard 80.00%
    Acer 20.00%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE