2008-04-29

ThreatFire 3.5.0.21 釋出


ThreatFire又出了新版了,版本為3.5.0.21
是ThreatFire的一個重要更新,改進了不少問題
是一套免費智能型HIPS,我們可以把ThreatFire作為我們防毒軟體的後端
如果防毒軟體失靈的時候,我們還可以靠ThreatFire的應用程式分析來擋下病毒

Some important info
1. Auto-update will not be activated for 24hrs or so.
2. If you decide to upgrade manually, and you have custom rules, pls save the General.dat file to another place. Uninstall 3.0.14.16, then install 3.5.0.21, then ... replace the General.dat file with the one you saved. When auto-updates is turned on the process will be seamless, and you will not need to take this extra step to preserve your custom rules.

1. New Security Status main GUI
a.Tabbed selection of Protection Statistics and Worldwide Detection
b.Worldwide Detection map with recent prevalent malware/adware hits.
2. Advanced Tools
a.Tabbed selection of System Activity Monitor and Advanced Rule Settings.
b.System Activity Monitor with ability to kill or look up a process
3. Enhanced Alert Dialog.
a.Provide technical information similar to Protection Log detailed view.
b.Deny option available for custom rules.
c.Custom Rules alert dialog is now blue.
d.New radio button selection.
4. User Options for default alert handling.
a.When a suspected threat is detected.
b.When adware is detected
c.When known malicious threat is detected.
5. Suspend mode, will pause scanning.
6. Better uninstall
7. AV Scanning available in free version.
8. Rules
a.Improved MBR infection detection.
b.Improved trusted program detection.
9. Improved data gathering for trusted processes
10. Improved German txt
11. VMWare and UltraVNC fixes
3.5比較重要的幾個地方,主畫面加入了世界威脅偵測情況
系統活動監控,進階規則設定,加強的提示對話框
現在提示對話框可以直截查詢惡意行為,而不用想舊版一樣只能事情結束後由Log得知
這版也改善了反安裝能力,並加入更多能夠偵測的行為,而且免費版也能夠使用引擎掃瞄病毒了!

新加入的世界威脅偵測知訊


新加入的系統活動監視


隨便運行一個樣本,這是新小浩病毒
TF 3.5在這個樣本的表現還不錯,改良過的對話框提示也比以前方便清楚了許多

按下詳細行為後會跳出這個行為視窗
舊版的TF雖然也有,但是你只能在Log中查詢,並不能在出現對話框的同時得知其行為

風險指數:非常高


惡意程式類型應該是個木馬病毒,還有一些接近廣告軟體的行為

沒有留言:

張貼留言