Threatfire has conflict with Icesword. Icesword will use 99% of CPU and will not show its UI. Adding Iceswork to trusted processes list does not work.
If suspend TF, cannot cancel the suspended mode.
Users cannot stop the service of TF, as Cyberhawk. It is inconvenient in some cases.
I try to install a malware baidubar, and TF alerts me. I allow it but not remember rules. When I uninstall baidubar and reinstall it, TF does not show any alerts!
The information of alerts is so simple and worthless as Cyberhawk.
If TF can record acitivities of suspicious process (even if it is allowed), it will be highly appreciated. :)

Best regards,

Hi Tordis,

Thanks for the feedback. We'll investigate the issue with ThreatFire and Icesword and will get back to you on this. This has been added to the reported issues sticky thread (http://www.pctools.com/forum/showthread.php?t=48616) and will be updated regularly when there is any new updates.

1. About IceSword, we use it quite a lot, and this occurs so I've heard rarely, but it has to do with it sometime triggering the device driver rule, because it loads a kernel level driver. Did you see a dialog pop up from TF?

2. Suspending TF and un-suspending? Could you explain more for me, because I don't see this at all.

3. Stopping the TFService, was made to be hard, to stop malware from killing the service. It is not impossible to stop the service however.

4. Baidubar. I will check on this now. TF should always warn you in this case.

5. Alert dialogs. The yellow alert dialogs are generic, because we do not know the malware running. The red alert dialogs will give you a name etc... However if you quarantine the malware, you should get information as to what files TF cleaned up in connection to the malware.
Apart from that, we are working on making more information available to the user.

6. I will add you suggestion to the request list. ;-)

I have 2 problems and have to uninstall ThreatFire to get them to work agian. I just did a clean install of Windows XP Pro fully updated. I have a Netgear USB Wireless Adapter model WG111 v.2 that works for a day then when I restart after shutdown it logs onto the wirless then immediatly gets disconnected. Also another software package CompuPic Pro a media manager that needs access to the file system gets blocked. Both cases there is no warning and there is nothing in the log. They just simply get blocked and then I have to uninstall ThreatFire, CompuPic and the Wireless Drvers; reboot then reinstall CompuPic and the Wireless Drivers. This has happened on two different computers, my notebook and desktop.

Why I think it might have something to do with this discussion on IceFire is that the last time I tried to get ThreatFire running, shortly after I installed ThreatFire I received a driver warning that said I needed to reboot. After the reboot the wireless went down and CompuPic failed to run. CompuPic does install an aspi driver to burn photo cd's and of course, the wireless is installing a driver also; both drivers are system level.

I tried adding both to the trused list and they still did not run. I tried to setup a rule and cannot figure out how to tell ThreatFire to leave these two things completly alone. Is there anyway to tell ThreatFire to leave something alone?

I love the concept of behavior detection, but cannot run ThreatFire do to blocking of two very important things I use on a daily basis. This problem appears to be more than just an isolated program. It appears to me that any software that hooks into the system via a driver of some kind can get blocked as a rootkit without warning.

Uncle Buck :eek:

For CompuPic, I cannot re-create this. I have the latest version installed, and it runs without a problem on an XP SP2 system 1.6G 256RAM.

The wireless issue will be a bit of a challenge, since we don't have this setup in our office.