How to make a *certain* Threatfire rule?

Discussion in 'other anti-malware software' started by bellgamin, Dec 9, 2009.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,650
    Location:
    Hawaii
    Is there a way to define a custom rule whereby I can get Threatfire to block a specific file from loading/executing?

    For example, say I want to block wuauclt.exe from executing. Is it possible to set a custom rule whereby TF will accomplish this blockage? If so, please walk me through the setting of such a rule.
     
    Last edited: Dec 9, 2009
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    When any process

    tries to access | execute a file (only choose execute from the pop-up menu)

    named wuauclt.exe

    except when (deselect all choices)

    etc


    Save, shut down ThreatFire, wait 30 secs, enable TF

    Use explorer to double click wuauclt.exe and make the correct choices for TF to deal with

    Since wuauclt.exe is a systrem process, you may want to eneable this in the except when options to prevent lock out
     
  3. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Re: How to make a *certain* Threatfire fule?

    or from msconfig and disable the service manually:)
     
  5. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    408
    Re: How to make a *certain* Threatfire fule?

    or just move to Hawaii ;) and switch to using Linuxo_O
    (Folks, he typed -=FOR EXAMPLE=- )
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,650
    Location:
    Hawaii
    10Q Kees-san. I was hoping you would reply. :thumb:

    @jmonge - Shazam! I hadn't realized there was a service doing this. I found it & switched it from auto start to manual.

    @inka - Yeah, I said it was an example -- but I was being coy. :ninja: Sooo... INKA dinka -- DOO! :D :) ;) :D :p
     
Loading...
Thread Status:
Not open for further replies.