ThreatFire 3.0.13.11 released

Discussion in 'other anti-malware software' started by tsilo, Dec 21, 2007.

Thread Status:
Not open for further replies.
  1. tsilo

    tsilo Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    376
    Maybe they fixed last issu with boot up ?
     
    Last edited: Dec 21, 2007
  2. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    Re: ThreatFire 3.0.13.11 relased

    I'm waiting with the update till I get "green Light" here from other users.
     
  3. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Re: ThreatFire 3.0.13.11 relased

    Working perfectly so far. Protection level 4 provides greatly increased defense against downloaders; I'm still trying to figure out why isn't it the recommended level.
     
  4. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Re: ThreatFire 3.0.13.11 relased

    My guess is that it may be based on knowledge level. Many users need good protection but not too many questions.

    FWIW, 3.0.13.11 is on my PC and it is running fine. No freeze-ups or anything. (I have rebooted several times to test it. :) )
     
  5. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Re: ThreatFire 3.0.13.11 relased

    That's the thing; there haven't been any FPs on my test machine yet on level 4.

    My poking around continues...
     
  6. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    Attempting to download this new version of Threatfire (directly from threatfire site) triggers an alert from Avast that the file contains a trojan. I am sure this is a false alarm but wondered if anyone else is having their AV alert on it as well?
     
  7. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Someone else had this happen with Avast. NOD32 Version 3 is ok with it...
     
  8. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    Thanks Han, I was "sure" it was a false positive. SAS and AVGAS both showed it to be clean. It has been submitted to AVAST so hopefully they will get the FP sorted out.
     
  9. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    I have 2 FP's with the new Version setting Protection Level on Step 4.
    The first is this Programm :http://www.pbus-167.com/
    Threatfire give me a blank Banner before it loads at each new Boot.
    The second:http://bfilter.sourceforge.net/
    Thraetfire tell me that my proxy is calling out in an unexepted manner.
    Going now back to Step 3.
     
  10. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    I got the slider all the way up to 5 running nicely along side with Comodo pro Defense+. When I get prompt on legitimate programs all I need do is this and problem solved.
     

    Attached Files:

  11. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    After rebooting with Protection Level on Step 3 the FP's are gone. I think Threatfire has on Step 4 a little Problem with temp.xxx drivers and processes from third Party Software with is not listed as trusted System Process or on a white List.
    The bigger Problem is that Threatfire give me a "blank"
    banner and can't show the name of the process or driver, so you can't make a custom Rule for this. The "blank" banner was not listed in the Threat Control, too.
    A little buggy, but it works :)
     
  12. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    @ #10

    i have try it, it dosen't work, because Threatfire dosen't find the name of the thing and so can't remember the setting.
     
  13. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    Try the highest setting 5 it might work.
     

    Attached Files:

  14. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    AVAST signatures have updated and the new version of Threatfire is no longer being flagged as having a trojan.
     
  15. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    @ yankin

    Thank you for testing Notebook Hardware Control.
    I go to Step 5 and tomorrow after boot I will let you know how it works.
    But I'm not Fan of to much Popups.
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Too bad that they did not include an option to simply DENY rather than Quarantine or Allow only.
     
  17. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    IMO the option to deny an action is useful only with advanced rules. When it comes to the default settings, the flagged process is either real malware, or an FP, and in these situations the Allow and Quarantine options are enough.
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Quarantine is bad in case of false positive as in my personal experience an executable, once quaratines, sometimes can,t be restored fully via TF and needs a repair/ reinstall. This is very important issue.
     
  19. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Just out of curiosity, what are these programs?
     
  20. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    After I go to Protection Level Step 5 I have no blank Popup from Notebook Hardware Control any more.
    The Point is why I have no Popup at the higher Level and a blank Popup at the lower Level?
    I think in this Version of Threatfire they have not configured the Step's internal Rules out to the last point, maybe here's a little work in the future.
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Not too many.

    I don,t remember exactly but it was few months back ehrn while testing I think I executed some malware via UltraExplorer and TF quaratined UltraExplorer via pop up alert( I opted for Quaratine by mistake). Restoration of UE was unsuccessful andd i had to reinstall it. Not sure that I can reproduce it or not.

    Since that day I am suggesting this feature to them.
     
  22. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    The problem with such a scenario is that using a Deny option (if there was one) instead of Quarantine will stop that one particular action that finally pushed ThreatFire over the edge and caused it to pop an alert, but will not clean up any file/registry traces the malware has created. This is obviously both undesirable and a security risk. That was what used to be Cyberhawk's fatal flaw; unless you paid for the Pro version, these malware traces remain on your computer.

    Personally, I think improving ThreatFire's ability to recognize benign parent processes is a better solution that implementing a Deny option, but that's just me.
     
  23. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    If you allowed NHC.EXE earlier you may need to delete rule in Threat Control under the Allowed tab and look for entries associated with this program. Then try retesting at level 5 you should get prompts. I think I asked wrong ?(s)
    Did you get any prompts at all at level 5?
     
  24. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Does threatfire still have a problem with DeepFreeze? (it did when it was cyberhawk, but I haven't tried it since)
     
  25. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    @ yankin

    No, I dosen't get any prompts at level 5 with NHC.
    I have cleaned up my Thread Control before I'm going to the higher level and restart.
    It's a little bit curios that behavior between level 4 and 5 with NHC.

    But from other apps and outgoing traffic I have some alerts.
     
    Last edited: Dec 22, 2007
Loading...
Thread Status:
Not open for further replies.