Threatfire Questions

Discussion in 'other anti-malware software' started by TheKid7, Jun 3, 2009.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I just installed Threatfire on my Windows 7 RC PC. I have never used Threatfire before.

    Without exposing the PC to real Malware, how would I test the basic functionality of Threatfire? I just downloaded a couple of the Eicar Test Files and Avira Antivir Free caught both of them. There was no repsonse from Threatfire on the Eicar Test Files.

    From your experience, what are the recommended changes from the Defaults? I prefer as close to "silent" (no popups) as possible without having any software on the PC "crippled" by a False Positive.

    Thank you.
     
  2. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    The eicar test is based on a signature. Threatfire is a behavior blocker so it doesn't use signatures. And since eicar does nothing in terms of action, threatfire will not prompt.

    As far as testing, why not uninstall one of your on-demand security apps, and then reinstall with TF activated. You will get promted and see it in action. It's a very powerful app IMO.
     
  3. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    To add to Toby's great response :))), I would keep it at its default settings - Kees can probably show you his custom-rules if you want, but then it might be things you don't think is important and can obviously not be run silently. I don't expect serious FPs, but as explained in another topic, then it would be new and rare, for example, security software, or some weird file like the Spotify Upgrader - which I didn't know even existed, don't expect any updates there really. :D OSSS is an example for a rare and new security product - I notify them when I see an FP and it's as said not common or serious as it doesn't care how old or new something is - all it cares about is what the things you're running are doing right now. Something suspicious? It will check against its lists (white and black).

    Running in its default settings, which I think is balanced, I would like to think you can set it to quarantine automatically on suspicious items atleast - your decision what to do with PUAs (Possibly Unwanted Apps.), as Hotbar is considered as it too. FPs being rare, it's one of their top-priorities when it comes to improving the product, and any known threats are automatically quarantined with an informational pop-up shown to you by default (you can make this go silent as well).
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    In the next release a couple of extra custom rules will be provided. DJames told me that have also included some of the registry extras I had suggested, but in a much more intelligent way. It turned out that the development team does not like single attack responses. Under the pressure of customer custom rules they have included some of these in their (multiple intrusion) behaviour patterns.

    So I would keep TF "as is" (maybe only adding outbound when you do not have a firewall which includes outbound protection, host file protection and screen saver downloads (these are existing custom rules).

    Cheers
     
  5. bollity

    bollity Registered Member

    Joined:
    May 9, 2009
    Posts:
    179
    take an exe file and add it to archive zip or rar then make SFX make default extraction to C:\WINDOWS , now open this file ,a theatfire message will appear that a file tries to make exe in windows directory
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    hi,meaning?
     
  7. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    For some reason I notice a negative energy coming from bollity. :D
     
Thread Status:
Not open for further replies.