Any way to disable Threatfire net module?

Discussion in 'other anti-malware software' started by Fuzzfas, Nov 15, 2007.

Thread Status:
Not open for further replies.
  1. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Hi, i love TF and i am dying to use it, but i can't stand the high CPU spikes when loading a new page with Firefox. I also have the impression it causes a browsing lag.

    I had managed to disable the net module from the control-panel-system-non Plug and play drivers. There were 3 belonging to TF i think. The system was much faster, just like i wanted. But on reboot, the driver was enabled again.

    Does anyone know of any way to disable TF's net module? I would be terribly grateful.

    Thank you in advance.
     
  2. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    The self-renabling drivers are part of TF's self-protection.

    TF is extremely aggressive in this aspect, and takes all sorts of measures to protect its drivers against tampering. This is a necessary measure, as it can only detect malware after they execute, and as of such must ensure the malware doesn't terminate it. Unfortunately, this also seems to cause a wide variety of compatibility problems; I haven't experienced any, but I've seen plenty reported.

    I suggest you post your question on the official support forum. The Novatix team seems to have a dedicated employee monitoring user concerns posted there, and he usually responds promptly.
     
  3. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Possibly try a lighter-alternative to FF, just for the process of elimination, not bashing.
     
  4. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Thanks Solcroft. I was afraid you would say so... I doubt you can stop it , since it is designed exactly in a way to be unstoppable. :D I would register in TF forum, but the idea of new registration just for an improbable question makes me feel already tired :)

    Thanks Monty,that's an idea too.
     
  5. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Your welcome. I didn't drop foxie because I wanted to...
     
  6. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    I just mentioned in the other firewall forum that I also felt ThreatFire slows ones browser speed down a bit, or is this just my imagination?
     
  7. feniks

    feniks Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    130
    Wordward you can check it here:

    http://tools.pingdom.com/fpt/

    just try the same sites with Threatfire on and off.
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I had a similar problem when I tried to use McAfee Enterprise 8.5i along with IE7. Got some heavy cpu usage for McAfee on page loads and browsing in IE7 which gave the impression of browser slowdowns. Had to dump McAfee as a result. If changing browsers doesn't help, you may need to try something other than TF.
     
  9. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    I feel you. TF is very light and reacts very well to leak tests. I also love the fact that you don't need to click on everything "allow" , just like in a classical HIPS. But, i can't stand the idea of having the CPU going over 20% in dual core AMD every time i load a browser page. From time to time i try a new TF version, hoping that they have fixed it. But nope. Just open the task manager ,point to the TF process, then load pages with FF and see the CPU spiking untill the page is loaded. Then it goes back to 0%. The funny thing is that when i disabled temporarily the net module from the non-plug and play drivers, TF was PERFECT! No cpu spikes, browsing was feeling normal. I couldn't ask for more. But on reboot, the net driver was active again. Damn it! Some people don't notice easily performace hit by applications. Unfortunately i am very sensible to these things. And i also hate the idea of useless CPU spikes just because i load a new web page. It's too much CPU use in a dual core for a simple "intelligent HIPS".

    I agree with you that this also happens often with antivirus HTTP scanners. Usually they don't eat up so much RAM, but you can "feel" that there is a lag before a web page loads. Wasted time if you ask me. I would take a classical HIPS over an HTTP scanner any day.

    Thank you all gentlemen.
     
  10. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    Thanks for the website feniks. I tried it and it seems there's a slight delay with ZA AS off and TF on board. Must be the spikes people are talking about in here. I like TF and I also like fast browser speed, so I may go back to Webroot Firewall with DSA and give it a shot. I didn't feel any delays with WDF running, but we'll see. Thanks.
     
  11. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Maybe your situation is unique, maybe mine is, I don't know. I opened task mgr and clicked around the forum and seen momentary spikes of no more than 7%, usually 2-3%. The spikes I noticed were through Opera though, none through TF. Just my observation...
     
  12. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks:

    CPU spiking, a serious problem ? or just a technical concern/topic ? What are the consequences if this issue occurs ? an irreversible damage to system ? or a temp appearance on task manager's chart ? And perhaps this phenomenon could be varied from machine to machine (or processor to processor ?). Like to know more. Thanks.
     
  13. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    On an old Athlon64 3900 TreatFire (with custom rules) does not uses more that 3% CPU. Setup: Hardware firewall (NAT/SPI), TF Pro and DefenseWall (Paid). No other security software

    regards
     
  14. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Thank you for your replies. Now, i think it is Firefox related. Running 2.0.0.9.

    I installed the latest Threatfire. Comunity protection and auto updates OFF. This is the only setting i changed.

    The heavier the webpage, the higher the spike. Here what happens when loading a bbc news article:

    http://img520.imageshack.us/img520/985/38556075zg6.png

    Here is what happens loading an online bookstore home page, which is much heavier:

    http://img520.imageshack.us/img520/9200/62023135gj2.png

    Too much for my taste for a CPU like this:

    http://img520.imageshack.us/img520/8061/62758766uu6.png

    One could also say "Hey, you run too many startup processes and this makes TF go crazy". No...

    http://img525.imageshack.us/img525/6410/67297385ac6.png

    And 2 of the above mentioned processes are the 3rd party task manager and the screenshot program.

    AVG Free without mail scanner installed and Ashampoo firewall free. Currently i have SSM free installed too in learning mode currently, but it's not a conflict with TF. I don't uninstall SSM, simply because i have tried this so many times that i know it would be wasted time to uninstall SSM and make rules back from the start.

    Using IE6, the spike goes down to max 8%.

    So it seems Firefox is the problem. Unfortunately, i am Firefox-addicted.

    For some the CPU exists to use all its cycles anyway. But not for me. Not for programs running all the time in backfground. I am very sensitive on CPU heating, consumption and "lag" in system response. Some people don't understand the difference of system lag between AVG and McAfee. I do and i don't like it :)
     
  15. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Heh, i just broke my own record. 32% CPU when loading download.com with Firefox.

    Time for me to uninstall once again.

    Thank you all anyway.
     
  16. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I was a foxie-diehard, but issues drove to another browser. Hold on to her while you can, Firefox 3 is behind schedule and won't fix many of the known blocks (bugs) but they are addressing it's mem-drain probs. So it looks like foxie will be mine some time after the new year...
     
  17. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Cpu usage is one thing I don't like to tolerate myself. Mostly because it usually shows up as some kind of system slowdown or sluggishness. In the case of browsing, it usually means sluggish browsing or delays, which I don't like at all. I don't mind using more ram for an app, but excess cpu usage is no good for me... So I have to agree with you...
     
  18. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    OK. I am typing from Opera right now. I like it quite a bit. I used to have some stability issues with past versions of Opera.

    Threatfire usage is now ridiculously low. Most sites show a 1-3% CPU spike. Some even 0%.

    I think i will uninstall SSM and finally breathe freely with no "allow" every time i try a new program.

    Now if i could only find a program that allows me to download flv. videos from websites... Firefox was great in this. One extension and you were fine.

    Thank you all. I am a happy TF user now. Goodbye Firefox! :'( Hello Opera! :D
     
  19. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Opera has built-in BitTorrent if your dLo's have a torrent-link...
     
  20. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Thanks, i noticed that. But i mean videos like in youtube. With FF i had a nice extension, click and you download the video on your desktop... I think i will keep Firefox as secondary browser just for this purpose.

    Another weird thing with Opera is that when a page has many photos, it waits untill it loads all of them and only then you see it. I find this a little irritating. Firefox used to start rendering the page and loading the photos one by one, so you didn't have to wait for all of them to load before viewing the page.
     
  21. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    For specific Opera questions, you should start a thread for help with add-ons as there are a few members that know a lot of Opera customizations and optimizations. Possibly the Opera forum or even here using built-in Search function.
     
  22. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Thanks Monty, once more. :D
     
  23. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
  24. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Thanks a bunch, Monty! Some great Opera links in there!
     
  25. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Opera is superior to Firefox and Threatfire works very well with it. I also resolved all my problems and your links, Monty, were very helpfull. Sone nifty widgets there. I also resolved my problem with flv videos using the Clip Nabber site.

    My only minor problem is RAM that rises to over 100MB, but if you minimize the window it is unloaded, so it's ok.

    Also doesn't work with some sites that use activeX for live video streaming, but Firefox couldn't handle those either.

    So, i m sold for Opera + Threatfire combination. It is a great relief to be able to install new programs without clicking "allow" all the time. Classical HIPS are nice, but if you are a careful surfer, Threatfire is definitely the way to go.

    Thanks again Monty for all the help. :thumb:
     
Thread Status:
Not open for further replies.