Comodo Firewall w/ Defense+ vs. ThreatFire [Merged Threads]

I’ve been reading alot about the two and most say that they are not the same as far as HIPS goes… but it seems that after I installed COMODO With Defense+ I am having conflicts… Threatfire sometimes crashes. is there any known conflicts between the two or should they be able to work on the same machine?

As far i know they do the same, and i dont think there is a way to avoid conflict between them…

So you have to Disable 1 af them…

Thats a bummer… I would realy like to use both programs… I’m not sure if I should disable Defense+ and use threatfire or get rid of threatfire. I’m not too sure how well each one works, I like having more control like I get with defense+ but sometimes it gets a bit annoying with all the pop-ups. I’ll never drop COMODO as a firewall tho…

From what I can see,albeit from only a brief look,defence+ should cover everything that threatfire does and more.Running both together isn’t really an option since it’d seem to be a recipe for system slowdown and conflict.If you’re happy with threatfire and the way it operates then disabling defence+ is the option. :Beer

You will fail CPILSuite leak test if defense + is disabled.
I’m also using ThreatFire and CPF v3 together. I set ThreatFire’s TFService.exe as trusted application in CPF and it works fine.

Hi All,

If I have Defense + on do I need Threat Fire?

I understand I need a layer of security, but, do these 2 programs do the same thing?

(B) (B) (B) (B) (B)



Hy i use avira premium, cfp 3 without defence+,and threat fire free.I’ve found hard to understand defence+,but if that is not a problem for you i don’t think you’ll need threat fire.

As long as you understand the pop ups of D+, you don’t need Threatfire IMHO. But it all depends on you. Comodo, unless it works with the heuristic engine, won’t tell you that something is definitely bad. It’s up to YOU to understand that the specific behaviour is bad and deny access. While Threatfire, won’t alert you in everything that D+ can, BUT, except from cases of false positives, can give you a high probability of malware alert. So with TF it is easier to become suspicious.

It all comes up to your expertese level. If you are familiar enough and UNDERSTAND the D+ popups, then IMHO, you don’t need TF, which is more CPU-hungry when browsing than Comodo by the way. On the other hand, if you don’t understand what D+ is telling you , it’s better to have TF.

A nice “trainning” to get familiar with abnormal behaviour is to launch firewall leak tests from and see what Comodo will tell you. They are harmless, but give you an idea of what you will come up in case of live malware. If you don’t understand why that behaviour is abnormal, then you 're better with TF.


I am running CFP with Safespace. I am looking for extra protection but am reluctant to add a blacklist scanner. I have combined Threatfire with CFP with no apparent conflict. However some of the folks at Wilders regard this as overkill. TF is a behaviour blocker and appears to be an ideal partner with CFP. Could anyone give an opinion on this combination?

maybe you should use CFP3 and a regular signature based AV instead.
like you said, TF is a behavioral blocker and you’ve already got CFP3 DEFENSE+ to do the job.

Thanks ganda,

I mistakenly assumed that defense+ was a classical HIPS. Does it have behavioural analysis?

yes, defense+ got A-VSMART technology (like i know what that means ;D ),if you take a look thoroughly in this forum, there are some posts mentioning that defense+ can even detect 60% of UNKNOWN MALWAREs.

Just to help Ganda.

A-VSMART (Virus, Spyware, Trojans, Rookit, keylogger, and also interprocess memory injection) Protection.


Default Allow… then try to catch the baddies…and they only catch the baddies they know (even so called heuristic is a glorified signature based default allow system)

CFP HIPS with Defense+/A-VSMART Technology:

Default Deny… your name is not in the list you are not coming in.


For me, anything that is not signature-based is behavior-based, so both Defense+ and TF are behavior-based. But the similarities end here, they are products clearly oriented to very different groups of people. I prefer TF, won´t touch Defense+.

you mean, you use CFP3 without Defense+ or you don’t use CFP3 at all ??? coz i’ve tried several leaktest apps, it’s defense+ that stop them. so i think we should keep it.

If this is the case, would it be better to stay with version 2.4 for purely a firewall? By all accounts, this always does well on its own regarding leak tests.

Vista Support/X86 Support, New Interface and Defense+ aren’t the only new things…

CFP 3 also has a completely re engineered network firewall from CFP 2, Meaning the Firewall it self is better and has that special “Sleath Mode” that CFP 2 didn’t have.

I recommend CFP with Defense+, If you don’t have Defense+… Your only getting 50% the protection, In the States in School… you would fail the exam lol :slight_smile:


I’m a failure at present then :slight_smile: But maybe I’ll give another try.

I’m using CFP 2.4 in conjunction with ThreatFire at present. Would this be as good as using CFP 3 with Defense+? The reason for using this combination is that has given a message a few times about finding a bug in the firewall and needing to close. This has been on a reasonably new installation of XP Pro SP2. I may wait for the next update before trying again. However, using 2.4 and ThreatFire seems a good combination. If it’s going to work OK, I’m wondering if an upgrade to version 3.0 is in fact advantageous? ThreatFire perhaps fills the gap left by not having Defense+.

From reading what your good self and Ganda say, it seems that 2.0 and 3.0. both have their good points. It’s Defense+ in version 3.0 that detects leaks and not the firewall side of things. It therefore seems the firewall alone isn’t as good as version 2.0 in that department. On the plus side, CFP 3 has a better engine and a stealth mode feature that makes it better in those areas. Version 2.4 doesn’t have them but does (still does?) well at leak tests without the addition of Defense+.

err, maybe we’re a little bit off topic now (:TNG)
this is my personal opinion ??? i think we better have V2 than V3 without Defense+. i didn’t try any leaktest on V2, but i’ve heard a lot that it pass the tests. i’ve tried about 10 (including Comodo’s CPIL leaktest) on V3, DEFENSE+ is a MUST HAVE. the only firewall alert created was when i tried GRC leaktest, and it’s Defense+ that blocked the other.
you can try the leaktest app here.