Threatfire false positives ?

[WSFuser]

If ThreatFire gives a prompt on a program that is not malicious (default setting 3), is it considered a false positive? Should FP be reported to PC Tools?

[lucas1985]

I think so.

[solcroft]

Quote:

Originally Posted by WSFuser

If ThreatFire gives a prompt on a program that is not malicious (default setting 3), is it considered a false positive? Should FP be reported to PC Tools?

Yes, please.

[ErikAlbert]

Quote:

Originally Posted by WSFuser

If ThreatFire gives a prompt on a program that is not malicious (default setting 3), is it considered a false positive? Should FP be reported to PC Tools?

I think so too, but you have to do it the old-fashioned way, there is no "report f/p" function in ThreatFire.

[Hairy Coo]

Quote:

Originally Posted by WSFuser

If ThreatFire gives a prompt on a program that is not malicious (default setting 3), is it considered a false positive? Should FP be reported to PC Tools?

The best way probably would be to turn on Community Protection,which would assist in having FPs placed on the TF whitelist.
Settings-general-community protection-can always be turned off

[KDNeese]

Just for info:

wextract.exe is a process associated with the operating system, not malware.

interop.shell32.dll is associated somehow with MS NET Framework, not malware.

I couldn't find any info on the other one.

[EASTER]

Quote:

Originally Posted by ErikAlbert

Why doesn't ThreatFire create a whitelist of all objects on my system partition, like Anti-Executable in order to avoid these false positives.
TF doesn't need to protect me against already installed objects, TF has to protect me against NEW objects, that try to install themselves.

That is the essence which makes whitelist apps so very dependable and trustworthy IMO.

Many other apps leave a user with a degree of uncertainty and HIPS is a big uncertainty for any unfamilair with their system and even some who are, but take a strictly whitelist application for security and it more or less inventories ALL your apps deemed safe and then when enabled no others are allowed period, that is if AE is on guard.

With ThreatFire theres still room for uncertainty in my estimation but maybe they'll get more aggressive in that regards at some point in the future. Right now in it's present form theres some areas that don't secure my confidence as well as an AE, Deep Freeze, or FD-ISR to name a few that do although these are very different purposed methods.