Please have a look at this post http://www.wilderssecurity.com/showthread.php?t=183020

It will inform on how to set up your free version of ThreatFire.


On our PC's (behind a firewall) we run an AV + behavioral Blocker + Sandbox. I tried different setups (e.g. A2 + DefenseWall and CyberHawk Pro + GesWall Pro), but I am definitely going to change on botch PC's to:
- DefenseWall
- ThreatFire Pro

The concept of Pro is great (when an anomoly occures, check the Anti Virus for a known threat, if so repais, when not provide awarning). This is such an improvement on user freindliness and performance (ordinary AV's scan your threat gates, scan when files are read and written, they have to check so much because they don't have a behavioral blocker).

Thanks PC Tools

>Gong!< as suggested in Wilders ;-)

Thanks for you effort Kees1958.

Something on our todo list is to make a quick guide for creating rules. We actually thought of using the forum for specifically this, so that people can share their rule creations. And later on, hopefully we can get it so people can share their rules via file transfer without overwriting their own custom rules.

Again, thanks.

Kees,

Have you tested your own guide to see if it works? Apparently TH custom rules don't seem to support wildcards atm.

Only file wildcards are accepted *.exe, no registry wildcards.

For sharing you need to be able to export and import rules.

Please please please:D

Yeah, that would be a nice feature, and that is in the wish list :)

Explains itself:

The except should be your OS + Browser temporary file locations, when you use P2P or download managers, inlcude the default download directories also

My hope is that when time is alloted, the Custom rules will be worked on, making it more user friendly.

Kees, definitely an excellent guide with regards to making advance rules with TF. very much appreciated.

questions though for TF developers with regards to the examples mentioned in the tutorial (system file protection, startup registry protection and noninteractive application initiating outgoing traffic):
Being a smart HIPS that I try to believe it is, isn't it that TF already has out-of-the-box settings with the above protection rules?
If ever, will TF suffer performance slowdowns with supposed duplication of advance rules with TF's internal rules?
I believe TF's advance rule is more geared towards controlling specific applications', even valid ones, behavior the same way a classical HIPS does...

btw, using TF for several days now, i'd say it's pretty stable. excellent job for the TF team and PC Tools!