Has anybody used ThreatFire v4.5.0.17 the latest

[RejZoR]

ThreatFire shows in Security Center only if you enable it to do so in its settings.

ThreatFire shows in Security Center only if you enable it to do so in its settings.

As you'll see from the screen shot, that's not the case in Windows 7.  

Click image to enlarge

Windows 7 is still in beta and ThreatFire also doesn't officially support this OS (yet). So i see no problem. That feature works fine in XP and Vista.

it's behavior blocker

For instance... what?
Which is suspicious for it?

Um, malware? I thought you understand the concept of behavior analyzers and blockers.
Behavior blockers track what every program does and if they detect behavior that is common for malware, they prevent it, rollback the changes and alert the user. So if something tries to add itself into system folder, add system entry, starts listening to specific ports and tries contacting IRC server, behavior blocker will most probably jump on it.

The good is that behavior blockers are basically immune to packers and crypters and provide excellent 0-day protection without regular updates. The only downside is that they aren't exactly effective against Fake AV's where you just need signature detection.

[Lisandro]

Thanks RejZor.

[George Yves]

I want to "add a spoon of tar in a jar of honey".

ThreatFire sees two types of threats: unknown (not in its db) and known (already in its db). When TF detects an unknown threat its user can define - either to allow or to deny and quarantine; when it detects a known threat, it quarantines the threat immediately and only inform the user that so and so was detected and quarantined. But what should the user do if any TF's "known threat" appears to be a false positive?

For example, I have ClamWin Portable on USB that I use when on a business trip. Before every trip I update ClamWin's database and I tried to do so after I installed TF. I failed to update the database this time. ThreatFire detected freshclam.exe (the program in ClamWin that updates its db) and immediately quarantined it as a "known threat" - Worm.Win32.AutoRun.ahep.

I went to PortableApps.com forum and read there that freshclam.exe should be put on whitelist. But as I have said - "known threats" can't be allowed in TF. Then I went to PCTool's forum and tried to register there and report this FP - I was prompted that the registration letter was send to my e-mail and my account would be activated after I click on a link in it. Three days have passed and I got no confirmation letter. I tried three different e-mails with the same result - no letters. So now if I want to update ClamWin I should suspend TF.

[RejZoR]

Actually thats not the case anymore for version 4.5. This version is not using signatures anymore, except signatures for behavioral part (so they can update behavior rules on the fly).

[George Yves]

Actually thats not the case anymore for version 4.5. This version is not using signatures anymore, except signatures for behavioral part (so they can update behavior rules on the fly).

And what? Why I can't get the confirmation e-mail? Why I can't freshclam.exe and other FP on their whitelist?

[Tarq57]

I have a slightly different opinion concerning this.
In the event of a FP, most software can be configured to offer the user an option to ignore it.
Not so with the version of TF I use: the options are "quarantine", or "quarantine and notify". That's it. (No option to just "kill the process", or "ask me what to do".
Which makes the FP issue a deal breaker for a lot of would-be users. Has been talked about at length on the PCTools forum, the company appear not open in the slightest to changing the options.

[bob3160]

Actually thats not the case anymore for version 4.5. This version is not using signatures anymore, except signatures for behavioral part (so they can update behavior rules on the fly).

And what? Why I can't get the confirmation e-mail? Why I can't freshclam.exe and other FP on their whitelist?

Try again and this time check your spam folder. Their reply to you is probably in there.

[George Yves]

Try again and this time check your spam folder. Their reply to you is probably in there.

I have been checking my e-mail addresses for three days already - no letters from TF forum. I went back to the forum - all my accounts are still awaiting confirmation.

I gave them 3 addresses (one at mail.ru and two at gmail.com) and got 0 responses. Could anybody help me to get in touch with TF forum administration?

==============

Oh, at last! I gave them the fourth address and got the confirmation. But all the three previous mailboxes are still empty.

[RejZoR]

They are not exactly active on weekends...

[SpeedyPC]

Hi all,

I've decided to install threatfire onto my PC after a while when I was fixing my friend PC.

[Vladimyr]

Three days have passed and I got no confirmation letter. I tried three different e-mails with the same result - no letters.

If you're waiting on PC Tools, (rather than ex-Novatix in the US) they won't be back on deck until AM on Tuesday June 9 AEST (GMT+10) due to holiday Monday.

[polonus]

Hi SpeedyPC,

In ThreatFire you have various options: allowed, denied, quarantined. If you have something allowed and regret that you can remove that item - those items there. If something was denied, you can restore,

polonus

[silvertones]

They've dropped support for Windows 2000 which I run. Version 4.5 will not work. They refuse to do anything about it.

[SpeedyPC]

Hi SpeedyPC,

In ThreatFire you have various options: allowed, denied, quarantined. If you have something allowed and regret that you can remove that item - those items there. If something was denied, you can restore,

polonus

Thanks for the heads up polonus as I'm learning a bit more about threatfire

[SpeedyPC]

Drhayden1 on that screen shot picture as I can see you are using XP, may I ask what software addon did you used those icons layout at the top of your OS screen cause I like it looks really cool