Seeking old Threatfire version

OK

I installed v30.12 TF and it is perfectly clear from my ProcessGuard application that TF uses a practice that i simply detest and is akin to how malware overtakes running processes.

PG is alerted in a constant rotation of unending alerts that TFservice.exe is and i quote, "blocked from modifying" ALL the system's running processes. That tells me in TF's design that it needs to modify virtual memory of these processes in order to carry out it's detections. To me that's completely unacceptable and gives rise to the reason why both CH & TF is experienced so many FP issues in the past.

I'm going to test it's Custom Settings to see if TF alerts to the rules i set for whatever file/folder since PG is effectively blocked any attempts to Modify these processes, including explorer.exe.

I'm glad for this topic because this now confirms my long held suspicions that this type of coding of CH (Later Versions) & TF is what's sparked so many complaints before and now.

Pls feel free to dispute or add your own opinions on this finding because early versions of Cyberhawk absolutely DO NOT use this approach, yet is a reasonable (even if limited) Superior Behavioral Blocker that performs admirable without injecting itself into the end user's running processes.

Thanks: EASTER

 

any links that can download cyberhawk?

 

So Easter, are you using PG ? That is Process Guard I assume. I have that from times ago, and did like it, but because of some of it's shortcoming, like the registry issue, I have not used it in a long time.

I am fine with using TF on peeps rigs who don't know much, as they don't seem to mind the whole quarantine thing. They are trained to use quarantine because of the AV popups. They don't know what they did, but it is easy enough to help them un-quarantine it. True, an Allow, Deny, Kill and Quarantine would be much better. For that matter, putting CH (early) on their rigs is also a treat to them, as it is usually quiet.

I have used TF on my machines (coding and gaming) and do not like it's interferrence. For me there are pauses and lags in both cases. Switching to CH 1113 is an improvement in that respect, but still suffers a small amount of same behaviour. Esp in games. BTW, I DO NOT wish to 'suspend' anything. PG never had to, and no performance issue. CH slightly.

EDIT: Of note, that CH and TF every minute look at certain reg keys and files/directories for routine saftey inspections I assume. And every 5 minutes a more in-depth inspection is performed. TF verifies existence/integrity of it's AV files/Blacklist file as well. Using filemon or the new ProcessMonitor v2.01 shows the average time to be a pretty quick, until it reaches one area. Then it takes about 5 seconds to inspect a .dat file I think. It is my opinion this is where the 'lag' comes into play. In TG deleting the AV/Blacklist files shrinks the inspection down a bit, but not enough.

So I resign to an approach that uses Avira and CH 1113. Coupled with knowledgable services/tweaks to harden the OS in general. And newly using hash or path rules in SRP under the 'Basic User' account, for internet facing apps.

But, I wonder, would not PG be effective still? Considering that my exposure is limited because of either Sandboxie or vmWare, especially when surfing general sites.

Would anyone suppose that using for instance Avira & PG, along with StartupMonitor be enough for say a LAN borne bug? This is to assume that all internet facing opportunities are taken care of via the Sandbox/Basic User SRP scenario, leaving only other LAN machines or untrusted software to intrude.

Or what is peoples opinions of older or newer CH/TF and this lag/stutter/pause when operations such as compilation or gaming are concerned.

BTW, I seen a thread where someone was looking for CH v ? ? ? 39. It was stated it was the last CH free to also use the custom rules. I can say that I did locate that, along with about every other version I could find, and NONE of the CH free work for that. Only the v2 (pro) uses that.

So does this also mean that CH has no network filter drivers? TF is a hit or miss per machine as to whether or not it inteferes with the network at all.

Sul.

 

google up "cyberhawk 1.1.1.3" and you will find ample supply.

For other versions, I ended up using and ftp search for 'cyberhawk'. google up ftp search and the top 3 or 4 returns should get it started.

Sul.

 

Hi all,

So how is this old 3.0.12, 3.0.14 Threatfire?

Does it do what it is suppose to do, even though it is out-of-date?

If it does, I might consider adding to KIS 2009.

Thanks!

 

ThreatFire 4.0.0.6 released:

Changelog:
http://www.pctools.com/forum/showpost.php?...mp;postcount=12
Download:
http://www.threatfire.com/download/
"Smart Update" worked for me.

Well not exactly an old version

 

a good place to look for software - current and previous versions
www.filehippo.com