App Review Christmas Special Test of ThreatFire 4.7 (6 years old behavior blocker!)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
RejZoR

RejZoR

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2016
699


Born as CyberHawk, risen as ThreatFire (PCTools) and was crucified by Symantec (Norton). And yet it's still so effective even after all these years of not being maintained or updated at all.

I know it missed many recent samples, but it was still detecting plenty. And what shocked me the most was the last part of the test with ransomware. I'm pretty sure it'll shock you as well! :D

This is why I love behavior blockers and why they fascinate me so much.
 
  • Like
Reactions: Solarquest, Behold Eck, Adz. and 19 others
5

509322

Antimalware18 said:
This is why someone, somewhere needs to develop a free True behavior blocker that works and is not bundled with something else (firewall, ect)

Please, I'm begging, and have been for years :D
Click to expand...

Emsisoft used to have Mamutu. There were other standalone behavior blockers, but I suspect sales were not enough to support continued development or the products were purchased. I know they were not widely popular back then and there is no reason to suspect today would be any different.
 
  • Like
Reactions: Behold Eck, Deleted member 2913, aragornnnn and 4 others
D

Deleted member 178

Mamutu was the best BB ever made. Emsisoft was a geek vendor "all hail Online Armor ! "; best AV, best BB, Best FW/HIPS (the only FW that surpassed Comodo), and they decided to take the simplistic road with a suite to get more "average Joe" users... sadly for me , good for their finances :D
 
  • Like
Reactions: Solarquest, Behold Eck, Handsome Recluse and 12 others
Antimalware18

Antimalware18

Level 10
Verified
Well-known
Jan 17, 2014
487
Jeff_T - Testing Group said:
Emsisoft used to have Mamutu. There were other standalone behavior blockers, but I suspect sales were not enough to support continued development or the products were purchased. I know they were not widely popular back then and there is no reason to suspect today would be any different.
Click to expand...

I really wish they would. Pipe dream most likely but one can hope!

@RejZoR

I acctualy Lol'd when it caught the first few ransomwares

oh and "Holy poop" that one made me LOL as well :D

+1 from me all day long.
 
  • Like
Reactions: Behold Eck, Deleted member 2913, aragornnnn and 2 others
Av Gurus

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
I got one version and it didn't work on x64, now i find new one and it work in Win 10 x64 :)

Clipboard01.jpg
 
  • Like
Reactions: Deleted member 2913, HarborFront, SHvFl and 1 other person
H

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,033
Hi

That was great video. Thanks

I wonder if someone can gather a few anti-ransomware software (like BD, RansomFree, MWB v3, ZAL, SBGuard etc) and do a thorough test on a broad range of ransomware with ThreatFire as an anti-ransomware. HMPA & Kaspersky would not be suitable as they only target the cryptomalware family of ransomware.

That will be great as well.

Thanks
 
  • Like
Reactions: Behold Eck and Deleted member 2913
Nightwalker

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Umbra said:
Mamutu was the best BB ever made. Emsisoft was a geek vendor "all hail Online Armor ! "; best AV, best BB, Best FW/HIPS (the only FW that surpassed Comodo), and they decided to take the simplistic road with a suite to get more "average Joe" users... sadly for me , good for their finances :D
Click to expand...

It was a necessary and a very important long time choice, if Emsisoft didnt do that they would join others vendors like TallEmu Online Armor, Ghost Security, System Safety Monitor, Geswall and finally Malware Defender.

Unfortunately BBs, third party firewalls and classical HIPS are "toys" for geeks and security enthusiasts; the majority of windows users dont care and dont want to care about those.
 
conceptualclarity

conceptualclarity

Level 21
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 23, 2013
1,072
RejZoR said:


Born as CyberHawk, risen as ThreatFire (PCTools) and was crucified by Symantec (Norton). And yet it's still so effective even after all these years of not being maintained or updated at all.

I know it missed many recent samples, but it was still detecting plenty. And what shocked me the most was the last part of the test with ransomware. I'm pretty sure it'll shock you as well! :D

This is why I love behavior blockers and why they fascinate me so much.
Click to expand...


I have the setup file for the last ThreatFire. I'm thinking of running it on my next system.

How resource-intensive is it?

Antimalware18 said:
This is why someone, somewhere needs to develop a free True behavior blocker that works and is not bundled with something else (firewall, ect)
Click to expand...

Seems like I remember a couple of years ago McAfee put out a freeware freestanding behavior blocker, but I haven't heard about it since then. Maybe it was just beta.
 
RejZoR

RejZoR

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2016
699
Oh man, seeing this rules creator reminded me how easy it would be for avast! to create ransomware protection which they have never done...

IF application tries to WRITE access any *.jpg file (or any other file affected by ransomware) and APPLICATION X is NOT on TRUSTED LIST (which would be harnessed from their Hardened mode whitelist), BLOCK request and WARN the user.

Granted, you can hijack other processes and use them, but surely they could track if UNTRUSTED app tried to use TRUSTED app to do a specific task.

I also realized the problem here is that this trusted list isn't being updated anymore for ThreatFire which is probably the reason why its protection isn't as good as it should be.
 
  • Like
Reactions: Solarquest and Av Gurus
Behold Eck

Behold Eck

Level 15
Verified
Top Poster
Well-known
Jun 22, 2014
717
RejZoR said:
Everything was left at default settings.
Click to expand...

If I remember correctly the advanced settings let you add protection for hosts,registry etc ? Plus letting it run on your system for a while before testing might give an even better result ?

Still good results from an old codger on default settings,imo.

That was a Christmas treat, thanks.;)

Regards Eck:)
 
  • Like
Reactions: Solarquest
Windows_Security

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
  • Like
Reactions: Solarquest, Av Gurus, Evjl's Rain and 2 others

Similar threads

upnorth
    • Like
    • Thanks
  • Locked
DeepGuard - How F-Secure Behavior Blocker works
Replies
15
Views
7,976
F-Secure
Andrezj
Andrezj
In2an3_PpG
    • Like
The Coming Battle For Your Web Browser
Replies
0
Views
1,101
News Archive
In2an3_PpG
In2an3_PpG
SKG2016
    • Like
Self-made ransomware VS antivirus products
Replies
48
Views
10,044
News Archive
tim one
T

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top