Well, I noticed something that might be a way for malware to bypass when using, for example, excessive overwriting or replacing. I was installing a Mod for GTA San Andreas. In the Mod's late installing process it would replace files of the original archives through CMD (in some way). To my surprise, because of the situation, ThreatFire didn't even react a single time. No blocking, not even a question - nothing. In this case it was obviously good, but you would think that this could happen in a situation where the change is dangerous, for example exchanging or overwriting System Files and the like to make your system installation corrupt.

Hi
ThreatFire will be more watchful of system files. Most installation programs write/copy lots of files/registry values so that is not a generic malware behaviour and will therefore not fire off rules until an installer plays with something important.
Hope that helps

Hi
ThreatFire will be more watchful of system files. Most installation programs write/copy lots of files/registry values so that is not a generic malware behaviour and will therefore not fire off rules until an installer plays with something important.
Hope that helps
Not really.

TF, for example, will not squeak when a malware decides to empty your entire system32 folder, among others.

File infectors and worms that write to files rapidly are TF's weak point ATM, as the inbuilt rules don't guard against this behavior.