threatFire 4.0.0.6 just released

Discussion in 'other anti-malware software' started by hany3, Oct 20, 2008.

Thread Status:
Not open for further replies.
  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Paid version of MAMUTU of course.

    I welcome TF 4 now since it has been improved but am just a tad skeptical of it's performance ATM. I'm still testing it though and expect bugs to be addressed as development moves forward with it.

    EASTER
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    ok i see
     
  3. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Yes new FREE version has a standard custom rule to deal with outbound connections, see my setup https://www.wilderssecurity.com/showthread.php?t=224047

    Because you have DefenseWall on board you would not need to use SURUN. Have a look at this thread (also on CstleCops) for configuration tips https://www.wilderssecurity.com/showthread.php?t=183020

    When an intrusion occurs threatfire checks it antivirus data base (also in the free version), so you have the best of both worlds without the performance loss of an traditional AV.

    Play with TF using custom rules, you will be impressed.

    Regards Newby
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Is there any way to add all thos excellent converages at one time without having to add them one at a time?

    TF 4 is gone heads and tails well beyond in this latest of their newest security innovations.

    EASTER
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    ok thanks:thumb:
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Dear Easter, NOPPES, NADA, NIENTE, the only thing you can do is copy the general.dat file from Documents and Settings of all user to a backup location to save your rules. TF still has not (like EQS) an easy import/export of rule sets.

    I am afraid you have to enter them manually. TF's file protection knows the wildcard *, unfortunately its regsitry protection does not have wildcards (remember a key is HIVE\KEY\ and a value is HIVE\KEY\VALUE without the \ at the end).

    Regards Kees
     
    Last edited: Oct 31, 2008
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Thanks Kees.

    A small price to pay as a trade off for all the very efficient abilities i'm realizing more and more everyday with this newest version of TF 4.

    And get this. I'm actually running BOTH TF4 with MAMUTU with positive results and no conflicts.

    For examination purposes only right now, but so far so good.

    EASTER
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Is it neccessary for a reboot like some applications (IE: EQS) after making or changing rules before they actually take effect? Because after adding rules in Custom Rules nothing works as expected on-the-fly.

    I'll reboot and re-examine if the rules, specifically registry rules (Keys) actually are alerted on or not.

    TF4 DEFINITELY needs to make it an outstanding BB a Browse feature instead of relying on old Cyberhawk's manually adding line by line rule paths to alert on IMHO.

    Regards EASTER
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Reboot is Required! CONFIRMED BY ME! After changing TF 4 rules (latest version)

    PROBLEM!

    Pls verify this for all the community if you will when making registry rules in TF 4.

    I simply set the rules to be alerted whenever a file/action is made (manually in my case) to add to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key.

    ThreatFire alerts alright but since there is no DENY rule and TF identifies Regedit.exe is the culprit, guess what? When you choose Deny & Quarantine there goes your registry editor app.

    IOW, it refuses to DENY the creation of the key (dirty) by not denying the action but QUARANTINING the system's Regedit System Program itself and not blocking the behavior as MAMUTU does.
    A very bad idea!!!
     

    Attached Files:

    • e.jpg
      e.jpg
      File size:
      37.1 KB
      Views:
      1,159
  10. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    When Symantec stepped in, I stepped out. I switched to Mamutu. Very satisfied.

    Haven't used TF in a few months but I have nothing against it. TF is a very good behavior blocker.
     
  11. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336

    That to me was the biggest irritation when I tried TF 3.5,the way things such as nlite would suddenly disappear without warning because something was deemed malicious.Mamutu offers a much better option of blocking specific behaviours if necessary without killing the whole program.Plus nothing occurs without your approval.Looks like this situation hasn't changed in version 4.
     
  12. R3XNebular

    R3XNebular Registered Member

    Joined:
    Sep 15, 2008
    Posts:
    58
    Installed TF4, Froze at the end of the installation, I have realtime protection running that includes NIS 2009, MBAM, Win Patrol, SandBoxie.

    Had to boot into safe mode to Uninstall. Not happy, should I sacrifice winpatrol and MBAM for TF4o_O
     
  13. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    dont cause malware bites is very handy,it is a must have tool:thumb:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.