ThreatFire 4.0.0.1.0

Discussion in 'other anti-malware software' started by EASTER, Dec 20, 2008.

Thread Status:
Not open for further replies.
  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    I need help and likely Kees1958 is a knowledgable candidate to clear some issues up on this version.

    I added the rules from PCTools web topic and all works seemingly well enough but i'm at a loss to set Custom Rules on the Network Access section as it should be i think.

    After adding rules is it a recommended requirement to reboot first in order to get the rules to function properly?

    I followed the steps on allowing a single network connection and then IE refuses to load after that.

    If you or someone else could help out in this, i'm trying to let TF issue an alert to more then just 1 connection i set for it. ie" IE, but it seems to block IE altogether.

    Also, i keep getting explorer alerts and IE alerts even after i press a command issue to ALLOW, it just keeps repeating IE & Explorer may be doing malicious actions in which they really are not.

    Thanks EASTER
     
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Here you go,
     

    Attached Files:

  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    When playing with TF (Easter will problably test with real malware) be sure to take these precautions
     

    Attached Files:

  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I suspend TF, give it 30 seconds and activate again. Most of time my new rules are loaded.
     
  5. Frog01

    Frog01 Infrequent Poster

    Joined:
    Dec 20, 2008
    Posts:
    25
    Location:
    Vancouver B.C Canada
    Cool!:cool:
     
  6. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Looks like the trusted list can help cut down on FPs. :)
     
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    AWESOME.

    Thanks Kees. The screens are a clear help, and i suspected i was pressing a bit overanxious instead of allowing TF to "soak" in those rules first before suspecting something wasn't working.

    Am i missing something in the rules or if say you manually go into regedit and deliberately try to add a new string to the Local_Machine\...........run key that TF only offers besides allow to Quarantine of all things "Regedit" if you deny the alert with it's present options instead of just blocking the behavior period. I've run into this before with other versions and had to pull Regedit file back out again.
    Because if you add regedit in the Trusted List what's to stop anything from writing to Keys? I just need to set this properly i think. Trusted Processes are never quarantined so i'll play with this awhile and see where i missed it.

    EASTER
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    I guess i'm off to PCTools Forum again.

    Even placing Regedit.exe in the TRUSTED PROCESS LIST, then manually or running a script to add to the rule of protecting the RUN key, TF carries REGEDIT off to the holding box. Argggg!

    Any suggestions? Am i simply not configuring correctly? Surely TF is not meant to function in this manner.

    EASTER
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Easter,

    I always allow system and trusted processes. I have no idea why you are running in these troubles. Maye the rule below helps you out.

    cheers
     

    Attached Files:

  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    I copied the rule line for line and so we'll see if it handles better now. Thanks for the rule assist!

    EASTER
     
Thread Status:
Not open for further replies.