Can threatfire be configured for outbound control (ask mode)

Discussion in 'other firewalls' started by sg09, Feb 2, 2011.

Thread Status:
Not open for further replies.
  1. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    I am really a noob in firewall and HIPS settings. I like Windows Firewall because it is very simple. I just read a tut by kees1958 on threatfire
    https://www.wilderssecurity.com/showthread.php?t=183020

    So I am curious if TF can be used as a complete substituent of outbound traffic control that Windows Firewall is lacking (I mean ask mode).
     
  2. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    I don't use ThreatFire currently but as far as I remember, ThreatFire can be configured to alert you of a process wanting outbound access but when you 'deny' it, the process is terminated too. IOTW, you can't deny the process from going outbound without terminating it. Someone correct me if I'm wrong.

    If you have safe surfing and downloading practices, then ThreatFire may serve as a complement to WF. However, if you don't trust all the apps/services you run to have outbound access, then ThreatFire can't serve as a direct replacement for an outbound traffic control firewall.
     
  3. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Thanks Safeguy...:)
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Safeguy,

    Just meantioned the 'problem' of ThreatFire. TF does not have a deny option, only a kill process option. TF behaves more like an Anti Virus (either allow or kill the file/process) than a Firewall (in it's basic form filters network traffic and filters which application are allowed to go out).


    SG09,

    The problem is relative to what you compare it with. When compared to a two-way firewall it is not a replacement, when you compare it with a inbound firewall only, it works great. When you use WIndows FW or a Router, all programs you install or run are allowed to go outbound. When you add TF outbound monitoring, you just allow + remember these programs for setting up an outbound network connection. After that when you have not installed TF, you should not see a pop-up. Nice feature about TF is that you can search the internet with "Learn more about this threat" option. So when you started or run a program without your knowledge which goes outbound, TF will warn you about it.

    Regards Kees
     
    Last edited: Feb 6, 2011
  5. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Thanks kees, its clear to me now...:)
     
Loading...
Thread Status:
Not open for further replies.