ThreatFire custom rules why use?

Totally understand and like the product straight out of the box.

 

Kees can u post some screen shots of TF popups on trigger of custom rules?
I tried flle protection rules in past and popups were just too vague and useless, then I never bothered.

 

You pretty much got it spot-on. TF is currently virtually helpless against malicious VBS/BAT scripts, only partially effective against file infectors/overwriters, and some rogue apps which may or may not fall into the definition of malware. I don't count time bombs as a weakness because TF will quarantine them when they trigger anyway, and lastly, TF is amazingly effective against worms, thanks to an anti-self-copy rule.

 

Aigle,

It only displays the description/explain you entered yourself when making the rule, see post https://www.wilderssecurity.com/showpost.php?p=1059748&postcount=13

They are not informative, but in the example below, the custom rule warns when a test program tries to import the advapi32.dll. Advapi32 is the DLL containing the LsaRemoveAccountRights API

So have to make it informative yourself (basically the warning says
RISK = HIGH
A program which handles the accessfunctions of your PC is started. Choose Quarantine

Syntax
When any process
tries to write or delete or create or execute|TriggerAccessFlags a file
named advapi32.dll|TriggerFiles
in C:\WINDOWS\system32|TriggerFolders

Regards Kees

 

Thanks guys