One new thing about ThreatFire 4.0.0.8!

At least I think this is different. If you disable Community Protection you lose the auto updating capability. I'd not enabled that feature since I never, ever, ever get any malware. I know, so why even bother with TF? Peace of mind I guess. So now I have to decide if I want to just update manually, keep Com Pro enabled or reinstall .6 if it's still available.

 

Been that way for quite a while; not really new...

 

is any there any thing new in this version?

 

Better ask the vendor; they don't make anything beyond this information available.

 

thanks for the info,it looks alitle more to it,but not sure,
anyway thanks again

 

They fixed the virus definitions updates?

 

I think what you're looking for is this specifical updates-thread: http://www.pctools.com/forum/showthread.php?p=194489#post194489

The link leads to the last post there about this small update, but it doesn't provide much more information apart from fixing bugs related to database updates...

 

I'm intensively conducting an in-depth benchmark on the newest Upgrade of TF 4 PRO. I am very encouraged overall in spite of i like to see a DENY & TERMINATE feature as opposed to the program's QUARANTINE function, but that alone by no means is reason to express nothing but a positive satisfaction in what this version offers.

The Custom Rules Finally! have taken shape in just the way it should always been long ago. But better late then never.

Some of you who over the course of my testings have followed my unorthodox piling on of similar apps as i done in HIPS before, and this is no exception. I'm running BOTH TF4 & MAMUTU for examination sake and theres no loss of energy in eithers response working together.

I won't keep it that way, but it's always been my practice in research to run two of the same type of apps like this in order to observe any conflicts that might arise or not. None are evident i'm pleased to report.

 

By the way. After a full scan you can't see the complete line path of the files it records as suspicious becuase theres no way to expand the program GUI box to extend as it should. That should be corrected. Anyone else agree?

And one more item of concern. Where on earth does TF keep the reports/Logs it makes on what it finds. I looked everyplace but no Log File i could find to do a review of what was detected.

Many Thanks And More

EASTER

 

thanks buddy

 

Anyone try setting the threat sense level to 5 and tick the custom rules settings for appp control and network? On my box my programs fail to launch they just hang.

 

Reboot is Required after changing TF 4 rules (latest version) i discovered, but something very disturbing is come to light while testing Custom Rules for registry protection rules.

CHECK THIS OUT!

PROBLEM!

Perhaps others can verify this for all the community if you will when making registry rules in TF 4.

Simply set your rule to be alerted whenever a file/action is made (manually in my case) to add to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key.

ThreatFire alerts alright but since there is no DENY rule to prevent writing to this key, TF 4 identifies Regedit.exe as the culprit, and guess what? You would normally choose to Deny (if that were available) but since the only alternative is Deny & Quarantine there goes folks your registry editor app straight to the QUARANTINE bin.

IOW, without a DENY option the creation of the key can't block the action but only QUARANTINE the system's Regedit System Program itself instead of blocking the behavior as MAMUTU does.
A very bad limitation!!!

See for yourself!

 

That sounds very exciting indeed

So where is Symantec heading with this project? I'm assuming that if they are putting all this energy in improving the product, it will eventually either be integrated in one of their security suites, or replaced by a paid version - or both.

Thoughts?

 

It is sorely in need of a DENY option before they even think of going forward with it. Please see my experience with it tonight and serious limitation because it doesn't offer a DENY option but only QUARANTINE.

EASTER

 

Good luck with that; they've refused to implement it for ages... Here and here... With completely bogus claims such as "critical system processes will never be quarantined".

 

Well then if that be the case then they might as well pack up shop and find a new candy stand because even old CyberHawk features that very useful option. So IMHO mamutu has the corner on a pure user friendly Behavioral Blocker that doesn't let it's customers lose control but rather places the destiny of their good machine squarely where it belongs, the owner.

TF4 is ignorant for ommitting such a simple useful feature as i just experienced. Suppose a program attempts to make changes to the registry but TF is blind to the original source executable making the attempt, well since TF is blind it turns to the only file they can blame for the attempt to manipulate forcing an autostart file in the RUN key and your only alternative is allow it or let TF quarantine Regedit.

I thought it had completely deleted it at first untill it turned up under TF's Quarantine display, and even then it took several seconds for it to even show up in it's list.

That's PCTools for you, or Symantec, always going only far enough but never really completing the task expected.

MAMUTU is best hands down in comparision and thats where i'll stay.

 

EASTER, bring both of those threads (doktornotor listed) back to life by posting the example of your registry editor.

Maybe they should implement a feature whereby default 'normal' user, the current options are shown, but if set to 'expert' user, then the deny feature will be listed. Their firewall, for example, has the options to choose 'normal' or 'expert' user, where if the latter is selected, more information/options are given in the alerts.

 

Wow... that argument sounds so retarded I can't believe I'm reading it.

We're explaining briefly over again why the feature is needed. I've to allow threats to perform their actions to be able to use things for god sake! (See my third post in this topic to see what I mean: http://www.pctools.com/forum/showthread.php?t=53179) And yeah, I'm really frustrated about this - frustrated over that another time, another company is bringing up arguments which is lacking point. They're talking about making "TF as user friendly and helpful as possible." Well if the software is gonna prompt the user about making a choice, then what's most "user friendly" is to give the user a choice! Cause what it's now, is that it's LACKING a choice! They didn't think about that "maybe users want to still be able to use certain software, but simply deny what's not good"? The previous time that I'm talking about, the arguments wasn't even about the topic in question! They just didn't say that "this will simply not go through" instead...

 

You need the paid version if you want to turn of Community Protection and you still want to keep the auto updating capability.

 

I agree 100% Mamutu is head and shoulders better when it comes to functionality.

 

ATM that statement is true, but i harbor no reservations against TF 4 because they are monitoring Mamutu and theres no doubt they will eventually rise to the challenge set before them in this constructive competition with them. It will come, that i have no doubts because it's obvious they are very hot on the heels of Mamutu IMHO and proceeding with haste.

Expect a nice surprise from TF 4 soon because from all indications i seen resulting so far show a definite forward race to finally catch up in this great competition and they are not backing away from the equality they are working on to stay on the same level as MAMUTU, and maybe even surpass them at some point in the near future.

Behavior Blockers are yet another wave of the future and they are proving a very useful security innovation unlike any others before them including HIPS if i might go out on a limb and say so myself.

This specialized field is every bit as demanding as any AV/AS, and HIPS AFAIK.

EASTER