ThreatFire Level 5

Status
Not open for further replies.

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779
http://www.pcworld.com/article/254748/pc_tools_threatfire_free.html
 
D

Deleted member 178

Earth said:
ZOU, hang in there, we'll find you a replacement. :D :p

BB : mamutu
Anti-executables : NVT ExeRadar Pro
HIPS: comodo, OA, etc...

plenty of choices :p
 

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779
Anti-executables : NVT ExeRadar Pro

That one looks interesting.

It seems like an expert user cannot go wrong with an .exe blocker. That could be really impressive once everything that is legit is white listed.
 

malbky

Level 1
Jun 23, 2011
1,011
Then only thing that will come close to Threatfire is CIS HIPS and an anti executable.
How about throwing Winpatrol Pro in for registry changes monitoring.
Maybe ZOU will purchase PC TOOLS Is.
I still remember when Threatfire was CyberHawk 5-6 years back when I tried all i got was BSODS.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
I think TF will be used many more years, especially on an ancient OS such as Windows XP.

No reason to ditch it.

TF and HIPS are nothing like, plus ZOU runs everything in Sandboxie, correct?
 
D

Deleted member 178

except Mamutu, ExeRadar Pro is to me the closest thing to TF set at lv5, it has a some rules and whitelist.
 
P

Plexx

As per ZOU request, TF lv5 test/review will be done in order to show its potential or misfortune.

Expected: within 2 weeks (earlier if I can find a way to increase upload speed).

For those who don't know, after a series of PC issues, I started having ISP issues and they are still not fixed, thats is why I have not done any video after EAM V7 when it came out.
 

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779
It shall be interesting. Eventhough it appears official that TF is no longer supported, as of the last few weeks, I continue to get updates of all sizes; database, product, etc. All I know is that I trust this behavior blocker as much as any AV/Firewall combo that I have had or seen. Regardless, I have a sandboxed RAM and a wicked on-demand scanner if all else fails.
 

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779
I realize that no one wants to use so-called "abandonware" eventhough behavior blockers, HIPS, and HIDS do not require signature updates to be fully effective. That said, there are still scenarios where a behavior blocker, set to max security levels, can be of use (Biozfear and McLovin proved that). I am thinking that if a PC is heavily infected and you would like to keep it in normal mode while disinfecting, TF, or other behavior blockers could be handy on a USB, so you can knock out some of the unwanted malicious background processes, thus creating a less hostile environment for your signature based AM and AV applications to operate and cleanse. Add "forced breach mode" in HitMan Pro to that strategy and it might all come in pretty handy.

http://www.scanwith.com/download/ThreatFire.htm
That is the link if you are interested in trying that. Save it to the desktop and then drag the TF package into your USB window. Simple as that.
 
P

Plexx

ZOU, only reason I wouldn't use TF on LV5 is not because is abandonware. I have said in the past that even if a tool is no longer developed, if the current versions still work fine, there is no need to "panic".

Ill be truly honest here, TF at level 5 is slightly more talkative than ESET HIPS on Interactive Mode. Yet they both have the same function in a nutshell if you look at it at both angles.

Since I know how you like your computer, I believe I told you before (but my memory sometime fails me), use ESET HIPS on Policy-based Mode (after a bunch of interactive mode runs through your daily applications etc (since even launching IE or empty recycle bin will require a rule).

If while on Policy based you require to delete something or run something new or install/uninstall something, switch to Interactive mode, do what you need to do and then back to Policy-based.

Trust me, you will feel like you were running TF.
 

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779
"Since I know how you like your computer, I believe I told you before (but my memory sometime fails me), use ESET HIPS on Policy-based Mode (after a bunch of interactive mode runs through your daily applications etc (since even launching IE or empty recycle bin will require a rule)."

That is the route I will go eventually because NVT ExeRadar Pro requires you to purchase it to be able to quarantine anything. The only way I would use OA is if it was strictly a free HIPS program less the typical OA firewall. I don't want to mess with training a firewall.

FYI: I was talking about using TF as malware removal assistance via USB stick tool kit. It is an extremely fast download that does not require a reboot and might prove beneficial as a malicious process blocker than may keep MW removal software operating without crashes or hangs, and it might even make it more effective otherwise, as it might block rootkit processes that are trying to cloak malware that updated signature based on-demand anti-malware programs are searching for. Nobody wants to use it the way I have been using it anyway, and I don't blame them.
 
D

Deleted member 178

Zou, you can uninstall the firewall in OA and keep the HIPS.

9YAUY.jpg
 

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779
That is good to know Umbra. In that case I might sneak a peak at it.

Got ya Biozfear. ESET HIPS will get a thorough look from me.
 
P

Plexx

ZOU1 said:
That is good to know Umbra. In that case I might sneak a peak at it.

Got ya Biozfear. ESET HIPS will get a thorough look from me.

Hopefully this weekend I will release the follow up video I mentioned at the end of my latest ESET video. That is if schedule allows it to happen this weekend...

PS: you could still watch ESET on Policy-based Mode in action throughout the last video I did :)
 

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779
I am interested in ESET HIPS now. I saw a review that was not as thourough as reviews you do, but I see the potential. Maybe your review will seal the deal.

By the way; I was thinking that OA was Comodo, but now I see it is ESET. I don't usually get that kind of stuff mixed up.. :)

When you set "policy based mode" and test ESET HIPS, throw some really nasty stuff at it and use plenty of malicious .exe samples. That is if you don't mind. I am really interested now.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top