New ThreatFire feature ?

To quote a corny cliche, "it's not a bug, it's a feature".

TF protects its drivers from read access by external applications as part of its self-protection. That's the reason why BootBack shows 4 errors: TF refuses to allow BootBack to read its driver files.

Personally I don't see what's to fix here. The only option would be remove this read access protection and reduce TF's self-defense capabilities, just so that BootBack won't show some minor error messages. You mentioned you've found a workaround; why not use it?

 

I was using the workaround. That was no big deal.
But when it would not let EAZ-FIX start at all, TF had to come off, at least for now.
Hopefully they'll have a fix or workaround for this.
It worked fine with the version before 3.0.12.6.

 

I don't know if ThreatFire protects you.
Neither do I see it nor do I know if it is doing its job.
I don't think it will hurt even you don't use ThreatFire, IMO.
Anyone else?

 

Truly protecting one's PC from malware? No, I can't say I know for sure.

That said, is it doing anything? On that basis, I'd say yes. I have tested 3 installations by changing the HOSTS file. TF nailed the changes every time in a matter of a couple of seconds...

 

I fervently hope that TF is doing a LOT more than merely protecting HOSTS. Soooo --- HERE is a fairly recent test of TF. It impressed me at the time. U 2?

 

Yes, it did me too, although I must admit that I don't always accept magazine reviews at face value.

You're right that my little "test" isn't much of a test. But what I was after was a way to make sure the thing was running and able to do it's thing if the time came. I figured a HOSTS file test was as good as anything (and certainly safer than real malware... )

 

Today my PC is frozen after booting with the new Threatfire Version. I have to make a " hard" reboot. Be careful !

 

The TF team posted here to let us know there is a bug in this version. They specifically suggested we wait for release of a fix.

Me, I'm waiting. For those too eager to wait, I suggest you make a system drive image beforehand. I do that before installing ANY security application.

 

Apparently the bug fix is taking longer than expected as they thought they might have a new version out yesterday and it is still not out. I am sure they want to be certain it's corrected with no other major issues before releasing a new version again though, which is commendable.

 

I think it was a conflict with CBOC,because CBOC was hanging at his Startup scan. Maybe Selfdefence of one of them was the reason.
I had the new Protection level on Step4, now going back to 3 booting is no problem anymore.

 

I just tried ThreatFire. It was downloaded to both my Vista machines. The install seemed to go ok. After installation i tried to restart and both machines froze. I tried Shutdown and that didn't work so i went to Task Manager. That wouldn't even open. Had to do a hard shutdown. Restarted and uninstalled ThreatFire. Everything seems to be back to normal. I hope.

I downloaded from here http://www.threatfire.com/

 

If anyone is game to help test the "fixed" version (for the boot freeze-up), here is the info. I voluteered (don't have the new version yet...)

http://www.pctools.com/forum/showthread.php?t=49983

 

Ohh,

Not able to repeat the problem, killed a very nice ap called Sensitive Guard. I hope they can reproduce the error soon.

 

After a few days of hanging Boot and Internet Problems and no fix of the Problems I installed the old Version. Boring times with Threatfire. I hope they make better Updates in the future and no alpha-crap, At Cyberhawk-Times those things will not happen, what to devil for Problems they have with the Updates? It's not the first time that happens! Thratfire is a good Product, but this Updates are the false sign for this Produkt.

 

Hi all,

Still no update. Other remarkeable observation is that raising the protection level from 3 to 4, did not produce any pop-ups. Would be nice to know what the scope of the "most trusted" processes is. I assume TF now als has a build in white list to figure out what the most trusted processes are.

Regards K

 

Just a bit OT.... While it does not say TF does not support 64 bit, it does not say that it does. Requesting a clarification please.

 

Not to dampen spirits here for TF loyals but what else is new? CyberHawk suffered from continuous howbeit spiratic problems too.

It's easy to see why. Just check how many drivers TF needs to employ on any given system and theres your answer. And after this one's corrected? Expect others. I recognized a long time ago, as neat an app as it was that IMO it needs a complete overhaul of how it's compiled to handle behavioral interceptions. The developers can argue all they want but it's now months down the road and guess what, another hurdle to fix. My suggestion. Recompile the architecture/structure of it completely and do more driver research.

 

Not to dampen spirits here for TF loyals but what else is new? CyberHawk suffered from continuous howbeit spiratic problems too.

It's easy to see why. Just check how many drivers TF needs to employ on any given system and theres your answer. And after this one's corrected? Expect others. I recognized a long time ago, as neat an app as it was that IMO it needs a complete overhaul of how it's compiled to handle behavioral interceptions. The developers can argue all they want but it's now months down the road and guess what, another hurdle to fix. My suggestion. Recompile the architecture/structure of it completely and do more driver research.

The real solution is quite Logical you know, or at least it should be by now.

 

Unfortunately it's not that easy for me. Would you care to provide any further explanation or evidence for this claim?

I'm still waiting for proof of the FPs on explorer.exe and notepad.exe that you claimed you suffered from, by the way. Not that I expect I'll ever see them, but I live in hope.

 

I highly doubt TF could ever mark notepad.exe as malicious unless it got infected by file infector. It's actions are far from malicious in original form.

 

Beats me as well, but that's what someone claimed anyway, along with the assurance that he'd be more than happy to provide the evidence "when he has the time to".

 

I'd call that load of bollocks. It's like saying car can start up by itself, change the gear and drive away. It's a behavior that cannot happen without some extra interference from 3rd party. Same for Notepad. By itself, it cannot generate any malicious actions. Unless some 3rd party process hijacks it and generates malicious actions through notepad.exe. Thats what makes behavior detectio systems so unique compared to signatures. They cannot generate false positives on clean files unless there is something really badly wrong with engine rules.

 

For the obviously clean, yes. There are a lot of borderline cases where behavior blockers fail and throw an FP.

 

Just wanted to let you all know that we've just released v. 3.0.13.11, available for download from www.threatfire.com or by running Smart Update from within ThreatFire. We appreciated your patience while we ironed out a few issues in the earlier 3.0.13 release. As always, your feedback on this latest update would be appreciated.

Becky

 

Thank you Becky.