Just installed Jetico today and its pop ups are making me crazy, it is constantly giving me pop ups about my Norton products and sometimes firefox also. Hundreds of time I have opted for REMEMBER this action, no benefit. Is there any way other than uninstaling it.

Also i want to ask does it has hooking techniques, I mean it can be used with PG free or antihook without overlap or not?

I've had a play witth it this wekend - awkward to config but seems light and very good. Prefer LNS and Outpost at this point


Try this link

http://www.wilderssecurity.com/archive/index.php/t-62970.html
or this
http://castlecops.com/t134648-Jetico_firewall_need_help_with_this_spanish_page.html

I just uninstalled it, i hate these pop ups,I was so used to accept it that I am sure if some malware ask for permission,I would have clicked yes for it also. Why they don,t fix it, I will write to them. Really disappointing.

Any solution?

I think the key to Jetico is to look closely at each of the popups to see what's actually going on, and then try to (when necessary) create rules of a more global nature to handle some of the common situations that come up. It definitely takes more work than your average firewall. But it's also possible to tame it as well. Hopefully they will make it a little easier in upcoming versions (if and when any arrive). But Jetico is not one of the install, set and forget firewalls..

There will be a certain amount of overlap if you use jetico with either processguard or antihook but I remember someone saying here a while ago that if you create a new rule in the ask user table of jetico to allow access to network for local sockets you can cut down on the popups substantially without affecting the firewall's control over internet access.
Maybe someone with more knowledge on the subject can confirm this?

{QUOTE-> if you create a new rule in the ask user table of jetico to allow access to network for local sockets you can cut down on the popups substantially without affecting the firewall's control over internet access.
<-QUOTE}

That would be very helpful - I like the firewall but ... creating the rules is difficult.

A template set would be very useful ?

I had the same problem as op. I chucked it. Happy with GhostWall.

Ok, when Jetico pops up it's asking you what you want do with a process on your computer.

In the box that pops up, tick the box in the bottom left, remember my answer , then look at what Jetico is asking you!

If It's a programme you trust you obviously want to allow it access, so all example here are for allow activity. If it's a baddie then don't allow and deny!


So Jetico pops up with this!

Event: Attacker writes to application memory
Description: Suspicious process activity

click allow this activity, once you have did this once the box should remain ticked on the next popup. Then you just click ok to allow this activity, usually a windows system file like lsass or Explorer.exe or a programe.

All files asking for access are treated as hostile by Jetico and will be seen in the process attack table, these rules are made when you initailly decide what a programme is allowed to do, that is, you accept it as ok!

If Jetico pops up with

Event: access to network: configration table : Ask User

which gives you the choice of ticking these options of:

Allow activity
Block this activity
Handle As
Custom

this is where you should always choose Handle as, use the drop down menu and click Jetico's drop down menu and choose web-browser if its either IE, Mozilla or Opera, if it's a mail client like Outlook Express, Mozilla Thunderbird choose web client, make sure always to check the box in the bottom left, as having this box ticked everytime you answer will reduce the pop ups!


For all other programmes which you trust like security programmes which need access to the internet for updates etc you choose the application trusted zone. Sometimes Jetico will ask twice to confirm this but remember, some programmes have many services all asking for outbound connections or network access, hence you think Jetico is giving you a hard time.

Anti vir has 4 agents all asking for access, update, notify, avguard and scheduler so Jetico is actually alerting you to 4 seperate files within one programme asking for either network access and outbound to the internet.

So, when Jetico pops up with the Allow activity and Block Activity with the handle as, you can use this for web client and web-browser this is mainly for outbound connection to the internet and for access to the network. So you'll get a request first for access to the network and then if the programme has internet capabilities it will at some point request access to the internet once you have initiaiised it!

Jetico is basically not allowing any programme willy nilly to gain access to either the network or the internet without being probed and prompted, a far better system than most firewalls that don't aggressively challenge programmes which make requests to the network. Jetico will block and prompt even if you use the cmd prompt and many other areas where other firewalls wouldn't do anything.

Jetico even asked me did I wanted to allow myself to make a new folder in explorer!

This is why a lot of people give up, all those pop ups as Jetico is a very aggressive firewall but this is what makes it one of the best. Once it's configured, about an hours work, it's really quite quiet after that and well worth it as it can breeze past all those leak tests and its resources are mega low, last night I checked and it was at an all time low for me at 1.6 MB!

An easy way to configure Jetico is to introduce all the programmes you know will need outbound access to the internet, and all the other main programmes you will be using, and please read what Jetico is asking you and choose the appropriate rule as it will make life a lot easier for you and also keep the box ticked at bottom left as this will limit the amount of pops up you get.

Last bit, with a p2p networks you will get maybe anything up to a dozen pop ups as p2ps are using many different IPs and /or ports, no problem, just keep clicking alllow activity and choose the application trusted zome and you'll be ok!


I hope this rather disjointed discussuion on Jetico helps.

Cheers Khaz

I'll try and upload some screenshots so you can see the main box with handle as.

Hopefully from this attachment if it works you'll see the allow, block activity, handle as which is greyed out, but once checked the drop down menu opens up and you cna choose here trusted application, web browser and web client!

hers another one!

This box is accessed from clicking options/and then general, you should tick all the boxes and click optimal protection in jetico!

Face it some of don't want to deal with an annoying prompt 10x an hour. I had the same experience with Outpost as well. Only pf I'm comfortable with are LnS, Sygate, Kerio & GhostWall. All the others I tried so far about 6 more. Were a pain & or failed leaktests.

Yip, it certainly isn't be everyone's cup of tea and it will also no doubt conflict with others systems! But, this is just to try and help those who have been trying to configure and set up Jetico and are put off by it, everyone to their own!

If you want real noise try antihook!

Thanks for the warning about antihook.

{QUOTE-> Ok, when Jetico pops up it's asking you what you want do with a process on your computer.

In the box that pops up, tick the box in the bottom left, remember my answer , then look at what Jetico is asking you!

If It's a programme you trust you obviously want to allow it access, so all example here are for allow activity. If it's a baddie then don't allow and deny!
Cheers Khaz <-QUOTE}


But what if it ask about the same prpgramme with same action 100 times in few hours, isn,t it crazy. I installed it and almost every 5 mi it is asking about symantec products, everytime same component with same action.

{QUOTE-> If you want real noise try antihook! <-QUOTE}
I like antihook, can I use it with Jetico together or it is just an overlap.

yes there is a lot of overlap, why not use procesguard free and Prevx free beta!
Antihook takes overyour system, well mine anyway and is really noisy, Jetico and processguard tend to go to sleep with antihook on as it does take over lol! I have now suspended antihook through msconfig and I now know processguard is alive and well!


prev free

http://free.prevx.com/

with Jetico , just make sure you check the box remember this answer and put symantec into the apllication trusted zones, the problem with symantec if you have it's security suite as I see this in many hijack this logs, is there are many processes for Norton's anti virus and it's other products, so I doubt it your seeing just the same Symantec file asking for access!

Either your not telling Jetico it is a trusted application, and allowing it access when it asks you if it is an attacker.

When Jetico pops asking about

Event: Attacker writes to application memory
Description: Suspicious process activity

click allow this activity,


Then if it's asking for


Event: access to network: configration table : Ask User

which gives you the choice of ticking these options of:

Allow activity
Block this activity
Handle As
Custom

this is where you should always choose Handle as, use the drop down menu and click Jetico's drop down menu and choose web-browser if its either IE, Mozilla or Opera, if it's a mail client like Outlook Express, Mozilla Thunderbird choose web client, make sure always to check the box in the bottom left, as having this box ticked everytime you answer will reduce the pop ups!

You might be better to go into Jetico's ask user table and delete all the rules for Symantec and then Jetico will ask again and follow these examples above!


I hope this helps!

{QUOTE-> with Jetico , just make sure you check the box remember this answer and put symantec into the apllication trusted zones, the problem with symantec if you have it's security suite as I see this in many hijack this logs are there are many processes for Norton's anti virus and .......might be better to go into Jetico's ask user table and delete all the rules for Symantec and then Jetico will ask again and follow these examples above!I hope this helps! <-QUOTE}

So i got it, i was giving option, allow it. Infact i used ZA pro for sometme and it was very easy,i can give options for any programme to connect to net,block, or ask user option OR kill the process.

{QUOTE-> with Jetico , just make sure you check the box remember this answer and put symantec into the apllication trusted zones <-QUOTE}

So how to put it in trusted zones, can you explain a bit.

also i am not sue how to make the first intial configuration when you start jetico first time after install. I am using dial up with proxy server and have a single PC not attached to a network. I will be thakfulif you can expalin by scrrenshots. Your previous post was very nice.Thanks a lot.
I am going to install it again.

Also i want to ask how I can take screenshots of my pc to post and how to edit these shots, sorry for an unrelated Q.

{QUOTE-> ....

I hope this helps! <-QUOTE}

THanks for the examples this is very useful - Jetico might be noisy but ... it is very good with Leak tests as good as LNS - and better than Outpost; can block almost all, but ... it is very easy to allow a component.


Jetico shows the launchng process making saying no a bit easier - for me any way.

ok here's some more images!

here's another one!

This is usually the first box you get, simply to allow or deny an application, then you usually get the previous ones for outbound to the internet or to the network!

In this example I was checking for updates for quicktime so I could get an example for you, here quicktime is lauching IEplorer to access the web and Jetico sees it as an attack until I ok-ed it!

I'll do more if you need them, but you need to tell me what you want?

ok, to take screen shots you simply hit the printscreen/sysreq on your keyboard. Then go to start/programmes/accessories/paint, in paint you click edit/then choose paste, the image should now appear in the Paint box, then click file and save as, make sure to select "save type as" choose jpeg, choose a location to save it to and then attache it here if you need to!

Thnks Khazars,very helpful stuff, just reinstalled ir now, no repeated popups like before but i have a new problwm, for firefox i click,handle as web browser and now firefx is not working unless i choose allow all, so wat,s wrong?

same for IE

I suspect initial configuration may be wrong.

Use the screenshots as examples, use the last screen as your first for IE and firefox, so you simply choose allow activity, then when your browsers ask for access Jetico should pop again and then you choose the first of those last 3 screen shots I posted and click "Handle as, and choose web browser, and you'll probably be asked again to confirm this action!

Also check the process attack table and right click the IE and firefox rules and change them to accept, you can also do the same for the ask user table and make sure thay are set to handle as and set to web browser!

You might be best to go into the ask user table and right click and delete all the IE and firefox rules and then try again?

From this window there are 3 options, which one I should choose, as I told my Pc is not connected to any network and I use dial up with proxy serevr. I choosed only first option.

{QUOTE-> You might be best to go into the ask user table and right click and delete all the IE and firefox rules and then try again? <-QUOTE}

How i can access process attack table and ask user table.

{QUOTE-> here's another one! <-QUOTE}

I think the choice should be handle as system file here rather than application trusted zone. Am I right?

For your screen shot you simply accept Jeticos selection for that the trusted zone and the next one for the untrusted zone! Yes you could accept it as system application but I think putting it as trusted application means the rule will be in the trusted zone!

When you double click the Jetico icon on your status bar this will open up Jetico and you can navigate to the ask user table and any other table! In my screen shot this is in ask user table, and I have opened up the options tab! Note I have two optimal protections listed with the bottom one selected, this is a Jetico ruleset I saved and imported to use after I reinstalled Windows Xp last week!

To save your Jetico rule set, click file and save as, give the ruleset a name, I choose Jetico 2006 and then save it to a safe location and back it up to floppy or cd! To import and use the ruleset, go to file, open and navigate to the c:\program files\jetico flder were you should copy your jetico rulset after a new install and then open the ruleset to import.

Then go to options and tick the bottom one of the optimal protections as you'll now have two and make sure to tick all the boxes to save it!

{QUOTE-> For your screen shot you simply accept Jeticos selection for that the trusted ........ to options and tick the bottom one of the optimal protections as you'll now have two and make sure to tick all the boxes to save it! <-QUOTE}

Infact in spite of all my efforts I am not able to use it. In optimal mode it blocks all in and out bound traffic, I am surprised, last time it was not so. Even I uninstalled and reinstalled it. It,s so strange, last time my problem was only pop ups, this time no pop ups but it will not allow ant traffic, can,t update anything and can,t browse.

I will show you my set up. This one is my trusted zone configuration, I don,t know much about these set ups, these option came by default and I Just accepted and clicked next.

Make a ruleset for yourself based on the default.
Here is my: http://rapidshare.de/files/13858841/wip.bcf.html
(don't use it, it's just an example)

I get popup when a new program tries to reach the net.

When you first install Jetico you should accept the defaults which jetico picks, as it automatically configures your Trusted and Untrusted zones!

In your screen shot from post 30 you have it set to single IP address. In post 34 you have it set to Network address. I think it should be set to single IP address.


Ok, I have checked the wizard, I think now you have not set and saved optimal protecion!?

Setting Jetico to optimal protection should not be a problem either, just make sure you have checked the optimal protection box and then make sure all the boxes are ticked to save changes automatically and apply changes automatically. See my screen shot from post 33!


If you have not saved optimal protection, when you rreboot Jetico is not set to any ruleset, so I would imagine it's just blocking all, this happened to me too when I loaded up my saved ruleset and I forgot to save it automatically and I never checked the optimal protection button!


See if this helps!

Ok,I uninstalled it, did a system restore and reinstalled. I put trusted zone with single IP address, and put for optimal protection with auto save and auto apply. Firefox is set to be trested as web browser in ASK USER TABLE and is set to accept in PROCESS ATTACK TABLE, but still it is blocking every thing on my system from accessing the intenet.

Is there any official forum also? I don,t know, first time ahen I used it, this type of problem never happened.

change it from single IP address to Network address for both the trusted and the untrusted, you had it right the first time, my mistake! Go to start/programmes/jetico/configuration wizard to reset the above and then save and try it!

In my example you can see the light bulbs in the table screen shot, so you'll know when it's working when the light bulbs are on!

So sorry to bother you again and again, I tried both ways, in either way, I fcae same problem. Even I rebooted just thinkibg that it is not able to save settings automatically( although I have already made it to save settings automatically). It is stopping all the traffic in optimal mode.

You must be doing something wrong here, because you don't want to be using either Deny all or allow all as one is as bad as the other!

the best thing to do would be to uninstall Jetico and reinstall it, but make sure you remove it all as some features may be left on!

double click jetico firewall and select allow all and save!

go to add/remove and uninstall Jetico.

If your confident editing the registry do this!

Go to start/run and type regedit in the box and hit enter!

Open the Hkey currrent User\ click software\Jetico and right click it and delete the Jetico folder!

Then go to the Hkey local Machine\software\jetico \right click and delete it!

Go to start/search/ for all files and folders/click search all files and folders/click more options from the drop down /and click the boxes for search system folders/ search subfolders/search hidden files. Now search for Jetico and delete all instances of Jetico!


Reboot your computer!


Reinstall jetico. Accept the default settings when Jetico wizard runs. When Jetico is installed, double click it from the status bar to open Jetico, go to options/general/ click the optimal box and check the boxes to save automatically, save default policy and apply settings and exit!

Now see if it works!

{QUOTE-> You must be doing something wrong here, because you don't want to be using either Deny all or allow all as one is as bad as the other...... default policy and apply settings and exit!

Now see if it works! <-QUOTE}

That,s lot of job, but I wil try it. I am not aware much about registry, so before I delete some from it, I want to make a backup of registry but I am not aware how to make a backup.

Backing up the registry!


http://support.microsoft.com/kb/322756

I did all as you advised. I ran for few minutes and then same problem was there. So I stopped all of my active security software and disabled there loading at start up along with some other utilities. Then reintroduced all programmes one by one, rebooting each time. Finally just luckily I found it was conflict with a dial up monitor software( DU Traffic) which I was using. This software is freeware but it is not well known. However I like it and it is useful for me. I did not want it to connect to internet, so I put it as Application blocked zone( as I do when I use my Norton firewall). Now as soon as I go to internet, this software is running and at the same time Jetico will block all traffic. So there were only 2 options, either I shut down this software or put it as Application Trusted zone/ allow connection etc. ( that I did and it solved the problem).

Now question is that if some programme is runing that is it the list of Application blocked zone, why Jetico is blocking all the traffic instead of blocking just that programme and letting other traffic to run smoothy?

BTW there is another interesting post made by me about this software( DU Traffic).
http://www.wilderssecurity.com/showthread.php?t=121458


And thanks for all your help so far. It was really great. Just I will ask one more unrelated question how I can cut my desktop sapshots in small size just to show the required area only.

I really don't know, just shows you what happens when two programes don't get on: War!

Glad you got it sorted out!

Jetico can monitor your activity anyway, this is probably why it conflicted.

another programme which can do this anf doesn't conflict is Packetyzer from Network chemistry!

Thanks, infact my main aim from this programme is to just monitor internet time and bill on log in basis. Willl continue more discussion on Jetico as I use it. thanks a lot.

Few questions,

1- Just my feeling that Jetico is making the system a bit slow, did you notice this?

2- Another thing if you put anything in blocked application list, Jetico blocks all the traffic, so you can,t block anything practically?

3- It does not accept even windows proceses to be treated as system process9 only accept as allow connection or treat as trusted), and if you accept windows process as trusted as you mentioned in post 24 and 23, you are loosing all you security, that means any malware in windows process can do anything and jetico will akllow( imagine any virus and explorer.exe wants to make connection to internet!).

There is some confusion to new users of Jetico....one of the main problems is the way Jetico works...To try to explain....
Firewalls such as Outpost (and many others) give you the option to block an application, you can for example place "csrss.exe" into the blocked zone, and all internet activity will continue, but the fact is that the firewall is allowing "csrss.exe" (and others) to have net access (loopback) otherwise you would simply not be able to gain internet access. Other examples of windows pgms that require net access (not connections, just access to the loopback (localhost)) are "csrss.exe", "services.exe", "lsass.exe", "winlogon.exe", "userinit.exe" and "explorer.exe". If any of these are completely blocked, then you will not gain internet access. Jetico firewall,.. when you place a pgm into the blocked zone it will completely block that app, this then may lead to no internet access at all.
Going on to the problem of "aigle"
{QUOTE-> Finally just luckily I found it was conflict with a dial up monitor software( DU Traffic) which I was using. This software is freeware but it is not well known. However I like it and it is useful for me. I did not want it to connect to internet, so I put it as Application blocked zone( as I do when I use my Norton firewall). Now as soon as I go to internet, this software is running and at the same time Jetico will block all traffic. <-QUOTE}This is more that likely due to norton firewall allowing this app "loopback". Jetico will block everything (and the app probably requires loopback for your connections). So remove this app from the blocked zone, and allow "net access" but block "connections".

Yes Manzz, and also make sure Svchost.exe is allowed as this will definetly block internet access! Best to put the system applications into either the trusted zone, or make Jetico allow activity!

Blocked zone I think should only be used for blocking Trojans by port and TCP/IP. I have taken basic rules for Kerio 2.1.5 and adapted them and put them into the blocked zone!

{QUOTE-> So remove this app from the blocked zone, and allow "net access" but block "connections". <-QUOTE}

So how I can make my settings for this, can u please explain more. Will be happy if u can post it with picture.

{QUOTE-> Yes Manzz, and also make sure Svchost.exe is allowed as this will definetly block internet access! Best to put the system applications into either the trusted zone, or make Jetico allow activity! <-QUOTE}

Another problem with Jetico is that it does not accept even windows proceses to be treated as system process, it only accepts as allow connection or treat as trusted), and if i accept windows process as trusted as mentioned in post 24 and 23, I suspect I am loosing my security, that means any malware in windows process can do anything and jetico will allow( imagine any virus comes to your system and explorer.exe wants to make connection to internet that it does not do normally but as u put it in trusted zone, so Jetico will allow it).

I will be happy if anybody can post his rules for Jetico that can be used for any beginner like me.

Jetico fw has the potential to be outstanding, but the rules configurations nearly drove me insane. Far too tedious and far too many pop-ups for my liking.

I am not able to see the last post of this thread, that I saw just 5 min back, may be deleted?

Aigle, you should just put system files into the trusted zone and that will take care of it! Yes there are many viruses/trojans out there that try and masquerade as a legitmate file, but they will not be the same size as a legetimate file say svchost and jetico will flag it as it will know what the legitimate file is!

Part of a firewalls remit is to challenge programmes whose signature has changed, so if you update a programme, not its definitions for say a anti virus programme Jetico will notice the programme has changed and alert you to it, if you know you have just updated it then you can ok it with Jetico!


Jetico also uses Hash so it will use this for checking files if modified against the original Hash id, if ok then it's allowed if not your asked to make a decsion about it! I'll upload a screen shot for the ask user table with the hashes showing! Hash is also used in the system application table!

This is the same process as a system file changing, Jetico will know that a legitimate file has been changed or tampered with and alert you to it! If the file has changed due to a windows update such as installing the monthly cycle patches then you know it's ok!


Many system files are only listening or as in the case of svchost.exe and services.exe are using the internet to connect to DHCP for renewing a IP or sending out datagrams!

Ok, right but two questions,

1- why i can,t choose system files as ALLOW rather than to say as TREAT AS TRUSTED? Is there any difference between the two?

2- As i asked earlier If I want some programme to stop from internet connection, how to configue it.

aigle 1/pt1
System files are placed in the "system application" table,..... placing anything in "allow all" is not good practice.
Example:-

aigle 1/pt2

To allow application network access

aigle 1/pt3
To block network access/connections:

aigle 1/pt4
Place a rule to allow "net access" (1/pt2) and then a "block" rule (1/pt3) for the same app (in that order) will allow that app net access (loopback) but will stop all/any connections.

Any more questions, just ask.

cheers stem for clearing that up. as from Stem's examples, only a few system files need access to the internet mainly svchost.exe which you can make a trusted application!

Hi khazars,
{QUOTE-> cheers stem for clearing that up <-QUOTE}If I can help, I will
{QUOTE-> as from Stem's examples, only a few system files need access to the internet <-QUOTE}The post I made was made just after I made an update from microsoft, my normal config for system is below. (this is a config that I use, but it is only for browser use)

Thanks Stem for such a nice description. If you don,t mind, pls can u send the picture of your ASK USER TABLE and PROCESS ATTACK TABLE.

I have one quary. Some times some operating system file asks for network access, and I give the option TREAT AS SYSTEM APPLICATION but jetico doesn,t accept it no matter how many times I try, and at that time I have no other option except to use the option ALLOW CONNECTION or TREAT AS TRUSTED ZONE. However later if I go to ASK USER TABLE, and manually change it to TREAT AS SYSTEM APPLICATION then it accepts it( I am just assuming that it accepts it, as there is no more new popup about that file, although i suspect it might still be treating that file as trusted/allow connection as i had opted it on first popup). I hope I was able to make my point clear.

aigle, 2/pt1
When an app (either a system app, or a pgm you have installed) first requests network access, you will get this popup from Jetico:
(In this example, this is my Packet analyzer requesting net access)

aigle 2/pt2
You can then check the rule in "ask user"

aigle 2/pt3
Most system apps will only require "Net access" (they like to talk a lot with each other via the loopback adapter (localhost 127.0.0.1)) The exception mainly being "Svchost" which, depending on the services running on your PC will require further rules.

Please note:-

aigle 2/pt4

Hope I can explain this correctly:.....
Somthing that may be confusing you, is that when you select "Handle as", this is simply placing a "Jump to" that rules-set, it is allowing whatever rules are created within the "Jumped to ruleset". If you handle as "System, there are no "Open rules" (all the rules are per-app (each rule as a named pgm that can use that rule)) so you are not actually giving your app any "net access". (when you handle as "system")
If you where to handle as "Web browser" then this would "jump" to the web browser ruleset, which is an open ruleset (any app can use these rules once they are allowed to jump there)

Thanks for explaining, wat I understand is that if we want to treat some application as system, we first have to craete rule in ask user table for it and then we can select TREAT AS SYSTEM FILE? Am i true? Sorry to bother u a lot but infact these sort of settings are totally new for me.

What you need to do, to make Jetico treat a pgm as a "system app" is:- either add the file manually as in post 55/56, OR, if you are prompted, then allow "net access", as in post 62, you then need to go to "Ask user" left click the "New rule" (keep the mouse button held down) and drag the rule over to "System Applications.
example:-

Stem,
nice and useful input in last the few posts, thank's

I have few question regarding DNS, DHCP, Loopback, and ICMP & IGMP. I still confuse how to make these rules. Do you have any suggestion or advice how to make one? An example will be very helpfull.

thank's

Fumens,
Most of the rules you mention, are already in the default setup (rule-sets) on the installation of Jetico. But as I know Jetico can be a little confusing to the new user, I will post to show,... and how to creat new rules (where needed).
For these posts I have reloaded the default rule-set (by:- open Jetico....File....Revert to factory settings) so you can see the basic setup / rule-sets

(1) (From the default setup/ruleset) You will find DHCP request/reply rules are in the "System Applications"

(2) (from the default setup / ruleset) DNS (UDP) and the basic ICMP rules are in the "System Internet Zone"

(3) loopback (127.0.0.1) is placed in the "Trusted Zone" during setup. You can check / edit this by:- Go to windows "Start"...all programs....Jetico personal firewall...and select "Configuration Wizard" (Note: all pgms with net access, use the "Trusted Zone")
(I will post more later (when time permits) on ICMP, IGMP rules creation (If you need them)

Thank's a lot Stem,
I know now to get there. If I may ask you again can you give an example how to create a rule set for:
1) DNS (TCP & UDP)
2) DHCP (reply & request)

Sorry if I ask to much because I read in the firewallleak test that a rule based firewall will be useless with default configuration. So I would like to configure it myself.

I'll be waiting for the ICMP & IGMP rule set

edit - any inputs on how to set a rule will be helpfull to me and for others Stem

regards,
fumens

{QUOTE-> Jetico fw has the potential to be outstanding, but the rules configurations nearly drove me insane. Far too tedious and far too many pop-ups for my liking. <-QUOTE}

Ill give you that one, after seeing the firewall tests. I decided to give it a whirl.
Call me a idiot....but I spent close to a half hour trying to figure out how to access the internet. I finally gave up and decided to try out LNS.

Fumens,
First of all, I believe that Jetico`s default ruleset is quite tight, (this is why some users have problems, and why there are so many "Popups" after first installation.)

Entering rules are simple, once you know the layout. Below is an example of outbound (UDP) DNS.
This is a "System IP rule" so you will find it in the "System Internet Zone" (by default)
(Is this how you want the info??)

Very usefull thread! I was on the point to let Jetico go but now that I found this I won't be looking for another firewall for a long time. I do have a questions for you guys. What settings should I make for handeling a DC++ client? I mean what should be allowed and what shouldn't. Thanks.

Hann

I have never used a Dcc client but I would set them up in the handle as application trusted zone and only allow what needs to be allowed!


I think you would need to make some rules in the system internet zone table in Jetico, one for TCP, and one for UDP? I'm sure Stem will be able to help with this? See these links below!


See this guide here on dcc as it may help with setting it up and with a firewall!

http://www.dc-resources.com/guide.htm



The outpost thread has more info on setting up ports and TCP and UDP and using a router/firewall with a link to dslreports!


http://www.outpostfirewall.com/forum/showthread.php?t=7900

http://www.dslreports.com/faq/6518

Stem,
exactly what I meant, but I confused where I have to put DNS server and do I still to put my IP address?

I believe that for DNS (UDP) there is no need to set the direction, correct me if I'm wrong. And if I able to set the rule allow DNS resolve, do have to make one to block unnecessary DNS (UDP/TCP) traffic?

thank's before

Fumens,
The rule I showed you in post #74 is for outbound DNS, the first rule having a destination of "Name server". The "Name server" is the stored addresses of your "DNS" servers that are issued via DHCP by your ISP, (or if you use a fixed IP then this is from the info you have entered yourself) Note that this is NOT your IP, but that of your ISP DNS servers. (If you are connected to the internet directly (and not via a router or proxy), you can call up this info by:- Go to windows "Start".....Run,...and type "CMD".... click o.k. This brings up a dos window, at the Dos prompt type... IPCONFIG /ALL ...(leave a gap between the G and /) and press enter/return key. This will bring up a list including your DNS server IPs (The info shown in this list is what Jetico uses)

{QUOTE-> I believe that for DNS (UDP) there is no need to set the direction, correct me if I'm wrong. <-QUOTE}With most fiewalls, this is correct, as UDP is connectionless, but Jetico uses SPI (Pseudo state (a timeout for the reply to be made from the outbound packet)) for UDP so a direction is required (the inbound (DNS) is not required, unless there is a late reply from your servers, if a late reply is made, then the packets will be dropped, so the inbound is there by default to allow for this.)

{QUOTE-> do have to make one to block unnecessary DNS (UDP/TCP) traffic? <-QUOTE}All packets are processed untill an "allow", "block" or "Ask" rule is found. The last rule in Jetico is to "block all non-processed packets" (so if you have not set an "allow" or "ask" rule for a packet, then the packet will be dropped.

Hann, khazars,...
I do not use DC++,... I have set up rules for this (for other users) in other firewalls, but cannot find my notes on this. I know that certain rules will depend on the users settings within DC++ for UDP and TCP. I have been to http://dcplusplus.sourceforge.net/ to find info on any other ports required, but as you will find from the link, the website is down for maintenance.
When I have time,(later tonight I think), I will see what info I can find (as once I can confirm all udp/tcp ports used, a ruleset will be easy to create)

Hann (1/pt1)

I have created 4 rules for DC++ (info taken from the DC++ help files)
To enter these rules, open Jetico....configuration tab....select "ask user" then right click the blank area and select new_application rule (see pic) Do this to enter the 4 rules (see pic on next post for the 4 rules)_
I have not created a new table etc. for these rules (to save confusion) just ensue that you place the application into the rule so only that App can use the rule.
I did install DC++ to test the rules, and all o.k., but after logging on to an "Hub" I was informed I did not have enough file to share (well,.. I didnt set up any files to share) and I was disconnected.
If you get any popups while using DC++ let me know (take a note of the connection request) and also check the log to see if any packets are lost.

Hann (1/pt2)
Here are the 4 rules for DC++ (if you are behind a router, then you must forward the ports 1025-32000)
These rules are created for the default setup of DC++, if you enter ports yourself outside this range of 1025-32000 then the rules will need adjustment

Hann (1/pt3)
An edit on the rules (one to add). Have connected up to do full test on the rules, and outbound datagrams pops up now and again, so I am adding this rule. If anything else shows up,.... I will post the revision
(I have connected for uploads/downloads to see if anything else is needed)

Could someone take a moment to just explain the logical flow of the configuration menu? I mean I don't grasp it at all. For example there are three main entries; "Optimal protection", "Allow all", and "Block all." Would it be possible to add another main entry? Maybe "Block all but Log events?"

Thanks!

{QUOTE-> Could someone take a moment to just explain the logical flow of the configuration menu? I mean I don't grasp it at all. <-QUOTE}Take time to read the Jetico help files, which explain this.

{QUOTE-> there are three main entries; "Optimal protection", "Allow all", and "Block all." Would it be possible to add another main entry? Maybe "Block all but Log events?" <-QUOTE}This is in the help file, but not explained very well.
As you want to add a "block all with logging", you should re-load the block policy, and then add a rule (within the new poicy) to block applications with logging (and then re-name the policy)

Ok, I admit that there is a lot in the help file when you fully expand all the hierarchy, but it isn't very readable to me. For example in the "Optimal protection" setup I see no need for the four trusted / blocked zone tables. Instead of simply issuing a decision they have these four tables which each contain only one unconditional entry -- accept or reject. Why bother??? Also why end these tables with a continue?

3/19 11am -- I did finally get a "blocked with IP logging" mode working -- but so far that is the only thing I have working.

3/19 1pm -- I had a hard crash occur and had to uninstall and then reinstall Jetico. A few more crashes like that one and Jetico will be history.

3/20 9am -- After cleaning Jetico out of the registry and then reinstalling it seems to be working, but attempts to get event logging have yielded erratic results in the log.

I am on the road alot with my laptop, so am using the motel router-cable modems. The thing I do noy like is when I have to use their unsecured wireless connections.

My question is will Jetico drive me nuts with pop-ups everytime I switch motels?


thankyou


con

Thank you all for help. I was away for a few days but I'll setup the new rules tonight and let you know how's going.

{QUOTE->
My question is will Jetico drive me nuts with pop-ups everytime I switch motels?
<-QUOTE}

So far my impression of Jetico is that it has two problems. #1 is that it seems to cause my pc to crash occasionally, or not shutdown or boot up cleanly. #2 is that it would be annoying to use if you want to manually grant permission to programs because of the multiple popups. For example if you want to manually approve your anti-virus each time it wanted to download an update. I also had to install Jetico twice before it issued its popups properly without a delay. For use on the road at hotels/motels I can't think why Jetico would be too different.

The old Jetico that's available now has some quirks I think. I recently installed it to have another look after a long time and found that it sometimes gets stuck in infinite loops on the popups. At first I thought it was just asking a lot like it usually does, but after about the 12th time I realized it was just looping on one of the 'attacker' popups and the only way to exit was to shut down everything and reboot. Then it was ok, but I just can't live with that kind of nuisance stuff going on. It might be the best on leak tests, but it is also without a doubt the most annoying of them all. Still needs some work, hopefully version 2 upcoming will resolve some of the old standing problems.

hi all.
i just installed jetico and just wanted to say i love it to bits :o :o :o :o

much better than my old zonealarm :lurking: :lurking:

very easy to use and make rules very good software A++++++++++++++++++

:thumb: :thumb:

installed this firewall.i must say very good one indeed.this thread and the help file will help anyone to configure jetico properly.lightweight and rule based.looking forward to version2.this one is a keeper:thumb: thanks everyone who contributed to this thread..

Was about to install Jetico over Kerio 2.1.5, but I guess I will be waiting for v2.

{QUOTE-> Firewalls such as Outpost (and many others) give you the option to block an application, you can for example place "csrss.exe" into the blocked zone, and all internet activity will continue, but the fact is that the firewall is allowing "csrss.exe" (and others) to have net access (loopback) otherwise you would simply not be able to gain internet access. <-QUOTE}Just to go a little OT, this is not the case with Outpost - if a program is made a Blocked Application, it is not permitted access to loopback at all (unless a global rule is set with the High Priority/IgnoreCC option, see Outpost Rules Processing Order (http://www.outpostfirewall.com/forum/showthread.php?t=8394) for more details).{QUOTE-> Other examples of windows pgms that require net access (not connections, just access to the loopback (localhost)) are "csrss.exe", "services.exe", "lsass.exe", "winlogon.exe", "userinit.exe" and "explorer.exe". If any of these are completely blocked, then you will not gain internet access. <-QUOTE}My experience has been that the only Windows programs that require network access are services.exe (for Windows 2000) and svchost.exe (for Windows XP). If you are using Windows' Internet Connection Sharing then alg.exe will need access also.

Only if your PC is part of an Active Domain (this only applies to business users running Windows Server) should lsass.exe, etc need access as per Microsoft's Service overview and network port requirements for the Windows Server system (http://support.microsoft.com/default.aspx?scid=kb;en-us;832017) guide - they can (and should) be blocked otherwise.

I think just to clear up any possible confusion, when Jetico blocks an App, it blocks that App completely from the network and local sockets (this is possibly where it appears a number of O.S. Apps require net access, when they only need the ability to access local sockets) I have attached an image of a log from Jetico, (all system was on logging). I simply started up Firefox to a blank page. Now if any of these O.S. Apps where blocked in Jetico, then no access would be allowed to Firefox.

If I block all O.S. Apps from access, then try to connect, (I attempted connection to here at Wilders), then the attached image shows the result. (csrss is the first O.S. app that is blocked, which as a knock on effect, and stops firefox from being allowed access.)

Use application trusted zone more for programs you know are safe and you won't get nearly as many pop-ups.

{QUOTE-> If I block all O.S. Apps from access, then try to connect, (I attempted connection to here at Wilders), then the attached image shows the result. (csrss is the first O.S. app that is blocked, which as a knock on effect, and stops firefox from being allowed access.) <-QUOTE}The error reported is consistent with a failed DNS lookup - DNS lookups are performed by svchost in Windows XP if you have the DNS Client Service running (disabling this should result in firefox itself makng the DNS request).

As for the Client-Server Runtime Subsystem (csrss.exe) being reported as being blocked, this is Windows' process and thread manager so Jetico may be preventing it from accessing svchost (or any other connected process) resulting in this failure. Csrss.exe itself does not need network access and should never send or receive network traffic.

{QUOTE-> The error reported is consistent with a failed DNS lookup - DNS lookups are performed by svchost in Windows XP if you have the DNS Client Service running (disabling this should result in firefox itself makng the DNS request). <-QUOTE}DNS client is disabled (always as been, due to using large hosts file).

{QUOTE-> As for the Client-Server Runtime Subsystem (csrss.exe) being reported as being blocked, this is Windows' process and thread manager so Jetico may be preventing it from accessing svchost (or any other connected process) resulting in this failure. Csrss.exe itself does not need network access and should never send or receive network traffic. <-QUOTE}The O.S. Apps where blocked from net access only. I do not use Jetico process attack filter, as I use PG.

Hi Stem,
I have some questions regarding Jetico ruleset. I tried to make a ruleset for bittorrent client and it works, feel great. But I don't know how to make a ruleset for Yahoo Messenger and MSN, tried to make one but everytime I start the application another pop up window. It seems I have to allow it everytime or put it in the application trusted zone. Is it save enough to do so?

Another question is I can't find a way to make an IP range in the ruleset box. Does Jetico has this feature?


Thank's before

Hi Fumens,
This is more of an experiment to see if I can upload a config file for jetico, (and then it can be downloaded and used).

I have created a ruleset for Yahoo messenger (not tested, as I do not use Yahoo), but if you want to try it, then please post back info on any blocked packets. (there is a rule to block all non-processed packets at the end of the ruleset, which will log).

Download the attached yahoo.bcf.txt file, and place this in the Jetico / config directory. You will then need to remove the .txt extension. (you may need to go in explorer / tools / folder options / view .... and untick "hide extentions for known file types")


More instructions to follow:-....

Fumens,
Once you have removed the .txt extension, open jetico...select file (top left) / open ... and browse to the Jetico / config folder and select the "Yahoo" config file. This will then load another "optimal protection". now see attached image:-

When you have completed this, go to the yahoo app (the one you say you have selected as trusted) and change this from "trusted" (in the drop down menu) to Yahoo

Hi Fumens,
I have attached a policy containing the yahoo, and now the MSN messenger ruleset. (MSN ruleset should be o.k. for both msmsgs.exe and msnmsgr.exe). Once again, follow the previous instructions to delete the txt extention, load into Jetico, and move(drag) the rules over to your "Optimal protection" policy.

If you, or anyone want to use these rules within Jetico have any problems with dropped packets from the rules, please post (with log (all rules will have a "block all" at the end of the ruleset, to produce a log for dropped packets)).

Have added a ruleset for "Download Manager" and for "BitTornado"(bittorrent). The inbound rule for bittornado will have to be edited to suit your setup (currently set at "allow inbound localport 10000"


EDIT
Rulesets attached to post 106

Hi Stem,
I don't encounter any problems with Yahoo ruleset you attached in post #100. It works great, I don't even see any ads in YM.

I don't know about the rule of webcam if it works coz I don't use one. I assume the new rule set for MSN will work.

I'll try out the bittorrent rule set for BitTornado, especially I heard that BitTornado is rather difficult. I'll post the result and if there is some probs.

Thank's Stem

{QUOTE-> I don't encounter any problems with Yahoo ruleset you attached in post #100. It works great, I don't even see any ads in YM. <-QUOTE}Good to hear,
{QUOTE-> I don't know about the rule of webcam if it works coz I don't use one. <-QUOTE}Just untick the rules you dont need, or delete them. (I just wanted to post a full ruleset)
{QUOTE-> I assume the new rule set for MSN will work. <-QUOTE}They should do, these are rules I have used in other firewalls. But post if any problems.
{QUOTE-> I'll try out the bittorrent rule set for BitTornado, especially I heard that BitTornado is rather difficult <-QUOTE}Its the only bittorrent client I had on hand,.... the ruleset worked o.k.
{QUOTE-> Thank's Stem <-QUOTE}Your welcome.

Regards
Stem

I have been asked for a Jetico ruleset for Emule. The ruleset I have made is for the default installation (inbound tcp.udp ports) So if you change the inbound ports within Emule, then you will need to edit the rules to suit (see pic).

I did test the rules,...... there are a number of blocked packets, (mainly due to packets to incorrect ports, so I have disabled logging on the block rule) but no problem getting high ID. (New rulesets attached to next post)

Attached are the rulesets for:-
Bit tornado: (user to edit tcp inbound rule, to suit own setup)
DC++ (the two inbound rules (tcp,udp) are set for the default installation (DC++ uses random ports between 1024-32000 (so edit these if you change the settings within DC++))
Download Manager
Emule See last post for instructions
MSN Messenger
Yahoo Messenger

EDIT
Note: see posts 100/101 for instructions on how to load/transfer the rules to your rulesets.

Ruleset on post 307

What rules require for Home network.

Client => Server (with Jetico) => Internet

{QUOTE-> What rules require for Home network.

Client => Server (with Jetico) => Internet <-QUOTE}I am not sure by the setup you mention,.... Server? (post info)

(Do you mean ICS (Internet connection sharing) Client => Host =>Internet ?)

yup I meant ICS

{QUOTE-> yup I meant ICS <-QUOTE}Jetico cannot "see" the Client IP, so it is not possible to create rules for the client.
When the client attempts a connection, jetico sees this as a connection attempt from the host (the shared IP), and as there is no App associated with the connection, the packet is dropped (blocked).

I made and saved my rules with Jetico under admin account so far seems ok but have another problem when i use my xp under limited account Jetico asks same rules which i already made under admin account.

According to my experince, if you use your xp with different accounts that means you have to make same rules for every single account.

Is there a way to import same rules to different accounts?

{QUOTE-> I made and saved my rules with Jetico under admin account so far seems ok but have another problem when i use my xp under limited account Jetico asks same rules which i already made under admin account.

According to my experince, if you use your xp with different accounts that means you have to make same rules for every single account.

Is there a way to import same rules to different accounts? <-QUOTE}

Every user has his set of rules that you can find under C:\Documents and Settings\UserName\Application Data\Jetico Personal Firewall\1.0 and then you can copy and paste Optimal.bcf to the other user

Hi DarkX,
Just to confirm, (I have just checked), the policies can be imported to the user (see attached image, easier than to explain.... just remember where you saved them.)

Hi MaB69, nice to see another Jetico user..

Thanks for replies MaB69 and Stem :thumb:

Had some problems with KAV6 and Kerio 4.2.3, so i figured i'll give Jetico a try...
I must admit, i was sure i'll get enough of it really soon (having read all the horror stories regarding the hundreds of pop-ups, weird configuration etc.).
However, i must admit that once you get a hang of it, it's really fairly easy to configure :)
So, although the topic of this thread is "Jetico making me crazy." - i'm satisfied with it ;D

* EDIT *
OK, one problem...
Currently i'm connected to the net via another computer (some sort of ICS software), so my i.p. address is 192.168.0.2 and the address of the network card i'm connected to in the other computer is 192.168.0.1.
Now, i want to make the other computer trusted so i enter it's full adress (ip address/mask) in the configuration wizard.
However, when i'm running the wizard again, i see the Jetico insist on adding the entire network (192.168.0.0) to the trusted zone, in addition to the address i've entered manually, which is of course something i would not like.
It says "192.168.0.0/24 Local network (added by default)".
Ideas anyone?
Thanks in advance, Adam.

Hi Adam,
Due to seeing your edited post (and your other thread on ICS), I re-checked and realised that the settings for the network with jetico are taken from the windows config. So if you do want to restrict your network to just the 2 IP addresses, then you will need to go into the windows settings,.. Start / control panel / network connections....(see pic)
Entering a subnet mask of 255.255.255.252 will restrict the network to the 2 IP range you require.
Then use the Jetico "config wizard" to remove the network range of 192.168.0.0/24 if it hasnt already. The new config should of been picked up by Jetico from windows (192.168.0.0/255.255.255.252 = 192.168.0.0/30)

First of all, thanks again, Stem.
As for your suggestion - could you please explain to me, why changing the subnet mask will allow me to restrict the network to just the 2 IP's i need?
Needless to say, the network really does contain only 2 computers, and the reason i wanted to seperate the server IP from the general network is, i'm used to do it from other FW's.

Hi Adam,
Network masks:-

Netmask .................... Netmask (binary) ..................... CIDR

255.255.255.255 11111111.11111111.11111111.11111111 /32 Host (single address)

255.255.255.254 11111111.11111111.11111111.11111110 /31 Unuseable
255.255.255.252 11111111.11111111.11111111.11111100 /30 2 useable
255.255.255.248 11111111.11111111.11111111.11111000 /29 6 useable
255.255.255.240 11111111.11111111.11111111.11110000 /28 14 useable
255.255.255.224 11111111.11111111.11111111.11100000 /27 30 useable
255.255.255.192 11111111.11111111.11111111.11000000 /26 62 useable
255.255.255.128 11111111.11111111.11111111.10000000 /25 126 useable

255.255.255.0 11111111.11111111.11111111.00000000 /24 "Class C" 254 useable

I am hoping the chart will explain how the mask works. The mask 255.255.255.254 cannot be applied to a network, as this would only give you one possible address (and you need min 2 PCs for a network)

If you do not understand binary, take a read http://en.wikipedia.org/wiki/Binary_numeral_system to see if it helps.
You may also need to do a google for "Bits" and "Bytes"

You're the best, Stem :thumb:

Hi,

I'm having some troubles getting my VPN client to connect properly to my office VPN. What rules do I need to set in Jetico's System IP Table to have this work? Right now, it seems to timeout.

The VPN Client I'm using is the default one that Microsoft ships with WinXP. All the settings are left at default when I configured this client.

I noticed in the log that there's a warning created for Block All non Process IP packets. I tried two things:
- set the rule to accept instead of the default reject. Connection still hangs & times out
- deleted the rule altogether. Connection still hangs and times out.

So this tells me that there must be some kind of explicit rule I need to create to allow a VPN request, and a VPN reply but the ports are a mystery to me.

Unfortunately, there's no popup when I try to connect so I can't go the easy route and accept it.

Can anyone help?

Thanks

I have not used the windows VPN connection, but I will help if I can.

As the IP that you would of set up (using the connection wizard for VPN within windows) is that of your employer/works, then this is an IP that you trust. So rather than trying to sort out the windows Apps that are required, and the specific rules (the protocols are PPTP and GRE for windows VPN), you can simply set a rule to allow all outbound to your works IP (Jetico SPI will sort out the inbound replies...If inbound connections are required, then we will have to add rules).

First, you must replace the "Block all not processed packets" rule that you removed, as we can get info from this for any blocked packets, which can help in resolving any connection problems.

Next add a "System IP" rule to allow all outbound to your works IP, this is the IP that you have entered in the VPN setup within windows (see pic)

Now I see Jetico Firewall seriously rocks and fun to play exactly my type of tea.

I will try it but will still need a pro like Stem to guide out :p

if I am right the ruleset you made for
{QUOTE->
Attached are the rulesets for:-
Bit tornado: (user to edit tcp inbound rule, to suit own setup)
DC++ (the two inbound rules (tcp,udp) are set for the default installation (DC++ uses random ports between 1024-32000 (so edit these if you change the settings within DC++))
Download Manager
Emule See last post for instructions
MSN Messenger
Yahoo Messenger <-QUOTE}

Could be used under Utorrent , limewire using direct ports for outbounds and inbounds right ???

{QUOTE-> Could be used under Utorrent , limewire using direct ports for outbounds and inbounds right ??? <-QUOTE}You can use the Bit tornado rules for "Utorrent" (have just tested). Dont forget to change the "allow inbound rule" local port number to suit your setting.
Have just downloaded "limewire" to test, will post details later .................................
EDIT
Have installed and had a quick look at limewire, this pgm only requires the one inbound port, so you should be able to use the bit tornado ruleset (I would advise that you disable the UPnP within limewire,... even if you are using a UPnP router, you should manually port forward)

I tried playing LNS but it takes quite slow for the connection to reach turbo charge which is Limewire " sharing frequency to tell how how good is their server currently online and which level of connection you are in " Normally the best is turbo charge since it increases the search rate.

I think Limewire requires a outbound too to communicate with the server to tell it how ready it is and to send search out much faster.

{QUOTE-> I think Limewire requires a outbound too to communicate with the server to tell it how ready it is and to send search out much faster. <-QUOTE}There are outbound connections allowed within the bit tornado ruleset,....

Hi Stem,

Thanks so much for trying to help. I did as you suggested but I'm still getting the same kind of error:

datetime reject Block All not Processed IP Packets 44 TCP incoming packet <IP of my VPN server> 192.168.1.100 1723 3065

I wonder if there's something about the source/destination ports 1723 and 3065 that I must somehow set a rule for? (I tried connecting again but the destination port changed this time)


{QUOTE-> I have not used the windows VPN connection, but I will help if I can.

As the IP that you would of set up (using the connection wizard for VPN within windows) is that of your employer/works, then this is an IP that you trust. So rather than trying to sort out the windows Apps that are required, and the specific rules (the protocols are PPTP and GRE for windows VPN), you can simply set a rule to allow all outbound to your works IP (Jetico SPI will sort out the inbound replies...If inbound connections are required, then we will have to add rules).

First, you must replace the "Block all not processed packets" rule that you removed, as we can get info from this for any blocked packets, which can help in resolving any connection problems.

Next add a "System IP" rule to allow all outbound to your works IP, this is the IP that you have entered in the VPN setup within windows (see pic) <-QUOTE}

Hi mpeg,
This is due to inbound connections being required, you can for now, change the IP rule Event from "outgoing packet" to "any", this will allow the inbound, and as this is from a trusted source, it should be o.k.
Check this new rule, and if all o.k. we can always tighten up by adding a set of rules for the inbound needed (if you want to)

@Jetico users,
I have been testing Jetico using a large "block" file to block the IP`s from known spyware. I did this due to the possiblity of the "HOSTS" file being bypassed using an IP rather than the site url. I have been running this for a few days with no slow down or problems, so I thought I would upload the file for any who wish to use this. The current file contains an updated list of spyware IP`s (717,438 sites), the original list is from http://www.bluetack.co.uk which I have converted, so Jetico can use it.
First you should run the Jetico "configuration wizard" and note the "trusted zone" IP`s (which you may need to re-enter)........ download the attached file, remove the .txt extention, and copy to the Jetico / config folder (save the old one first, if needed). Then re-run the "configuration wizard" and re-enter the IP`s in the "trusted zone" if needed

Safe surfing,...

Oh, I forgot, if you want to view the above file, using your browser, before putting it in your Jetico/config folder.....you will need to take a copy of the settings.xsl (stylesheet) from the jetico/config folder and place it in the same folder as the settings.xml

Hi Stem,

I have been trying your block ip list and no probs, no slow down so far everything was ok :thumb:

Hi DarkX,

Good to hear,...thanks for the feedback.

Hi, Stem

There is an ip address should be in the whitelist, which is 67.15.192.17, Happy Baytes's Weblog.

Stem,
I don't know what to say about the block list just created for Jetico. I thought that I lost blockpost plugin when switch to Jetico but you found the solution.

I also installed BlockList Manager but don't know which format I have to convert to after finished downloading the source file. Can you explain it?

thank's before

http://phoenixlabs.org/pg2/

I have used jetico on and off for some time, mostly resorting in the end out of lazyness to firewalls like outpost that "do it all for you" But now having at last managed to spend enough time with jetico to learn how it works and fully configer it for my system, giving jetico the time and respect it deserves, i can see that all my previous gripes with jetico were just down to my lazyness and bad practice having got used to firewalls like outpost etc. Now i can say how pleased i am with jetico, it runs so light and so secure and once configerd to my own system it runs quiet with very little pop ups. Anyone that uses jetico should be warned that this firewall requires a little time and patience from the first time user but that effot will be rewarded with 1 of the best if not the best software firewall thier is and did i mention its also free lol ;D

This post has been very helpful to me. I'm trying to learn how to configure jetico.

I installed it on a computer with a Tyan motherboard. There is software to monitor the motherboard. When you launch the software it requires you to login locally or remotely. Of course, I just click the login button and I gain access to the software.

When I run the firewall, it interferes with the software during its launch. The software insists on asking for a username and password. Not being able to configure it to work while the firewall is running, I start the software first, then the firewall.

I have enclosed an abbreviated screen-shot of the application (there are really 2) which the firewall sees as it was started before the firewall.

Can someone help me configure this?

TIA

larzeb,
First of all I see you have the nVidia <networkAccessManager/apache.exe> running on your system. I have in the past found some problems with this, when I ran this with the nVidia "anti-hacker" and Jetico, but do not know if this is causing problems in this case.
I would suggest first that you check to see if there are any "blocked" packets in your jetico log that may relate to this. If not, then there may be a conflict. To check this, set Jetico policy to "allow all" and then try to connect to the web interface, if this is still not possible, then you will know that there is a conflict.

{QUOTE-> I also installed BlockList Manager but don't know which format I have to convert to after finished downloading the source file. Can you explain it? <-QUOTE}Hi Fumens,
There is no quick way to perform the conversion, as the blocklist manager will not convert to a format that can be used directly by Jetico. What you need to do is to output your blocklist (from blocklist manager) into the CIDR format and save as a text file, you then need to use a text editor that has the function to `replace` at the beginning/end of all lines with
"<value>" at the front of each line and
"</value>" at the end of each line

Once done to can copy and paste this into the source code of the Jetico "settings.xml" file, under the <var id="Blocked Zone"> heading.

I have loaded Jetico onto one of my hard drives and got it going. It did take a while to configure it.

The GUI interface is awkward to use compared to TPF but Jetico does have many positive features.

Under TPF I always get PORT 137, 138 hits.

I configured Jetico to reject and log PORT 137, 138 hits- but I don't see any hits.

Maybe I am doing something wrong- Just wondering how to configure Jetico to reject and log PORT 137, 138 hits.

Hi Stem,
thank's for the explanation. I just did it and made a new blocklist. So far Jetico runs smooth. I don't know how big Jetico can handle "big" blocklist, just for the info I added around 5000 lines.

regard

Hi Fumens,{QUOTE-> thank's for the explanation. <-QUOTE}No problem,
{QUOTE-> I don't know how big Jetico can handle "big" blocklist, <-QUOTE}I have not yet tested to see if Jetico as a limit on this, I will give it a test later.

Regards,
Stem

{QUOTE-> Maybe I am doing something wrong- Just wondering how to configure Jetico to reject and log PORT 137, 138 hits. <-QUOTE}Jetico, by default ruleset should be blocking and logging any packets to these ports, as netbios is not allowed by default...
Go to "Shieldsup" https://www.grc.com/x/ne.dll?bh0bkyd2 and perform a "All service ports" scan, and you should see the packets being blocked in the log as "Block all not processed packets"(as long as you are not behind a router??).
If no log is being produced, open Jetico / options / log... and change the directory for the saved logs,... then try again.
Please, post back your findings

Stem,
I set the protection to allow all and the problem application was no longer an issue. So I guess the nvidia app was not a contributing factor. Any other suggestions?

{QUOTE-> Stem,
I set the protection to allow all and the problem application was no longer an issue. So I guess the nvidia app was not a contributing factor. Any other suggestions? <-QUOTE}While you are in "optimal protection" you say you cannot connect to the interface,....Have you checked the log for blocked packets??(ref post#137)

{QUOTE-> Jetico, by default ruleset should be blocking and logging any packets to these ports, as netbios is not allowed by default...
Go to "Shieldsup" https://www.grc.com/x/ne.dll?bh0bkyd2 and perform a "All service ports" scan, and you should see the packets being blocked in the log as "Block all not processed packets"(as long as you are not behind a router??).
If no log is being produced, open Jetico / options / log... and change the directory for the saved logs,... then try again.
Please, post back your findings <-QUOTE}

Hello Stem,
How can I see a log for port 137, 138 events?

{QUOTE-> Hello Stem,
How can I see a log for port 137, 138 events? <-QUOTE}As I have mentioned, these ports are blocked by default, have you performed a "shieldsup" scan as I suggested, and then checked your log??.
I have attached a pic showing part of my log after completing a "shieldsup" scan on a PC connected directly to the internet (No router-firewall / tcp/ip hardware filter)

{QUOTE-> As I have mentioned, these ports are blocked by default, have you performed a "shieldsup" scan as I suggested, and then checked your log??.
I have attached a pic showing part of my log after completing a "shieldsup" scan on a PC connected directly to the internet (No router-firewall / tcp/ip hardware filter) <-QUOTE}

Yea and Jetico passed with full stealth. I was just wondering if there was a way to see the "hits".

Jetico could improve on their interface by showing all hits in the log by default and making a feature where "right clicking" on an undesirable hit you can change the rule.

TPF has this feature although it won't show the hits by default.

Thankyou

{QUOTE-> Yea and Jetico passed with full stealth. I was just wondering if there was a way to see the "hits". <-QUOTE}All blocked packets are shown in the log

Stem,
I think I didn't respond to your original question about the log because there was nothing much in it. I went to both executables in the config tab and set their logging from disabled to error.

Then I launched the application, and it worked. I must not be watching carefully enough. Anyway, it's OK.

What logging levels do you leave set for your apps? If you leave them disabled then you will not see the dropped packets? Why are some entries blue and others red?

Thanks again for your help, Lars

Hi larzeb,
Showing in your log is "go to another table", this, I have found, is generated by the use of a local-host proxy, in your case <networkAccessManager/apache.exe> (this is part of the problem I mentioned in my earlier post), Jetico does not process the packets correctly, I did not make a lot of tests on this, but found that the IP filter was bypassed. (so this is not the best of combinations) {QUOTE-> .What logging levels do you leave set for your apps?....If you leave them disabled then you will not see the dropped packets? <-QUOTE}I dont log allowed connections within Jetico,..... I place a block-all rule at the end of the App-ruleset and have logging on this.
{QUOTE-> Why are some entries blue and others red? <-QUOTE}The color of the entry depends on the logging level you have selected "info / notice / warning" etc for that app/rule

{QUOTE-> Thanks again for your help, Lars <-QUOTE}No problem,...... is the interface now connecting correctly while Jetico is active?

THANKS for this thread explaining lots of rules in Jetico!!!

I have been reading all more than once and I am getting along with most of it. A few days ago I switched to Jetico and I will stay for sure. For a common user it´s hard but if you take your time, success will follow. Rule #1=rtfm ;D

So did I and I´m convinced about the philosophy of Jetico so far. I´ll come back for fine tuning questions maybe at the weekend.

Good work!!! :thumb: :thumb: :thumb:
8)

Stem,
Do you mind posting your application ruleset so I can see how you did the logging? Newbie!

I have to find out more about the nvida/apache stuff. It must be associated with the motherboard I'm using, but I'll hash it out.

Just now I started the machine and tried to log onto my app, but problem reappeared. Very flakey. Once I find out more about it I'll post.

Lars

{QUOTE-> Do you mind posting your application ruleset so I can see how you did the logging? Newbie! <-QUOTE}Take a look @ post#106,.. there are some rules I have posted, most of these have a "block all with logging" rule at the end of the ruleset (instructions on loading these @ post #100/101

{QUOTE-> Just now I started the machine and tried to log onto my app, but problem reappeared. Very flakey. <-QUOTE}I would suggest (for testing) that you load a new "optimal policy" into Jetico (open Jetico / file / open .. browse to the Jetico/ config folder, and select "optimal.bcf", this will load a new "optimal policy" (your old policy will still remain) right click the new loaded policy and select "apply policy"), once this is loaded and active, attempt to log on to your interface, Jetico will prompt you for any outbound rules required.....if you are blocked from logging on, you then need to check the log for any blocked packets (if you are not prompted for rules, they will pass through to the "block all" at the end of the default ruleset, which is set to log). Once you have logged on succesfully, you will be able to make a ruleset. Once a ruleset is created, you can edit your old policy to suit.

Hello,

I got a question for a torrent client like Bittorrent. Well, I know there has been a rule uploaded in here but the question is, how you gonna insert the rule in Jetico.
I made my own rule for my client and it´s nearly the same like the one which is uploaded.
When I start the client, Jetico keeps asking for outbound connections even when the rule is defined in "Ask user/Bittorrent client".
In the Ask user tree I defined one rule for it. "Handle as Bittorrent client" (blue arrow straight to the right) with the permission to access the network on any protocol, nothing else. That should be enough to jump into the "Bittorrent client" tree below and use there the proper rules.
Fact is, it doesn´t work that way. It keeps asking me for the first outbounds, which already are defined. I have to set "Handle as Bittorrent client" with all set to any in the "Ask user" tree. I doubt that is correct.
Another question is, which rule Jetico performs in the "Ask user" tree, when there is a special rule one step below for it. Is it just a "jump to" or already a rule.
I know pictures can tell more but I wasn´t able to get space for it right now. On the other hand, maybe I should take a closer look at my rules...:blink:
Maybe I still didn´t get the clue about outbound/inbound, recieve datas/send datas and so on and when it is necessary to define the local address/remote address/local port/remote port when using an application with a protocol and a special event. Guess thats what most of the ppl in here are thinking about...:lurking:
Ok, I will keep trying and hope you can help a bit.
Links are also appreciated.

Stem,
I did as you said, loaded the optimal temporarily, launched my app, it worked, so I copied that rule to my main optimal. Everything is OK.

I also removed that Nvidia Network Access Manager junk. This system was made for me. I didn't load the operating system. I should know better than that.

In looking at your articles at 101, 102 and 106, I was particulary interested in your wip.bcf, which I believe expands to 'My Rules' once loaded. Now what I'm about to ask will really show my ignorance, but I'd like to understand clearly.

When I look at the Applicaiton Table, you've got a bunch of right, blue arrows, e.g. Windows, DHCP, DNS, etc. Does Jetico go to down the Application Table, first to the Windows table to each of its entries, then to the DHCP table and to each of its entries, until it hits an accept or reject rule?

Somehow I thought there was something special that Jetico knew about Windows (in the Application Table).

Well, I re-read the manual. I think I understand the order of rules. Straight sequential until accept or reject.

Thanks for your patience. Lars

I need to setup a rule for uTorrent which I don't know how to do. Among others, it needs an inbound UDP connection to a specific port of my setting. However, I cannot find a UDP protocol under packet parameters.

Which protocol should I use instead?

Thanks, Lars

{QUOTE-> I need to setup a rule for uTorrent which I don't know how to do. Among others, it needs an inbound UDP connection to a specific port of my setting. However, I cannot find a UDP protocol under packet parameters.

Which protocol should I use instead?

Thanks, Lars <-QUOTE}Hi Lars,
I thought uTorrent only used tcp (the same as bit tornado), as I have used the bit-tornado rules for utorrent to test, and all o.k. (unless this is a different uTorrent).
For UDP, in application rules, the format for outbound:- Protocol: TCP/IP Event: send datagrams
For inbound UDP: there must be a rule to "listening datagrams" (this by default is already in place in the application Table), you then set your application rule protocol TCP/IP event receive datagrams with port/range

Take a look at the "emule" rules I uploaded, which have/show rules for UDP and may help you.

I am just putting together instruction for PvA on the download/install/use of the Bit tornado rules, which may also help you (which I will be posting a little later)

(By the way, what is "wip.bcf" you mention in your post #155)

The reason I asked about UDP and uTorrent is that on the machine I'm currently using, Agnitum is running and shows UDP connections, a lot of them, all going to the inbound port specified in uTorrent. So I wanted to be prepared before switching that machine's firewall to Jetico.

As for wip.bcf, I thought that was your file. When I load it into the fw, its title is 'My Rules', containing a Root table. Its Application Table contains Ask, DHCP, DNS, Messenger, P2P, Programs and Windows tables. In the Application Table there are right-facing, blue-green arrows pointing to each of the tables subordinate to the Application Table.

Sorry for the confusion.

Lars

@PvA
Part 1
I have used the Bit tornado ruleset on Bittornado and utorrent with no problems

@PvA
Part 2

{QUOTE-> As for wip.bcf, I thought that was your file. .... <-QUOTE}No,..not mine,...I only post "rulesets" not complete policies (changing the flow of the policy can cause some problems, all my uploaded rules are application based only, and will not compromise the system)

Stem,

I have a few questions about your posting #160. You said that once you copy over the loaded ruleset for BitTorrent from you, change the inbound port number and delete all torrent rules. Which ones, the ones we just changed, or do you mean to unload the one from you? Why would we delete what we just entered?

Assuming that we have the ruleset copied to our configuration with the changed inbound port number, I notice that you did not place the application name in any of the rules - they were blank. Will this address be placed in the rules when we point to this ruleset when asked what to do with BitTorrent from a pop-up message?

Confused

{QUOTE-> I have a few questions about your posting #160. You said that once you copy over the loaded ruleset for BitTorrent from you, change the inbound port number and delete all torrent rules. Which ones, the ones we just changed, or do you mean to unload the one from you? Why would we delete what we just entered? <-QUOTE}Sorry, was pushed for time, should of worded that better. ...Delete any other rules you have create yourself in the application rules or the ask user rules for your torrent client. The rules you have loaded from my ruleset will still be seperate (not yet within the root policy), so leave that where it is.

{QUOTE-> Assuming that we have the ruleset copied to our configuration with the changed inbound port number, I notice that you did not place the application name in any of the rules - they were blank. Will this address be placed in the rules when we point to this ruleset when asked what to do with BitTorrent from a pop-up message? <-QUOTE}This is a ruleset, there is no need to enter an application name within the ruleset itself, when you get the pop-up from Jetico for your torrent client, you select the bittornado ruleset and a jump will be created for that application to the ruleset, and the ruleset will be imported to the root policy.

Hope this explains a little better,
Regards

Thx Stem,
The explanation in post 159, 160 works perfect. Jetico doesn´t keep asking now anything. I assume the rule in the "Ask user tree" is just a "jump to" and nothing more, I hope.
It´s kinda confusing, because the "handle as rule" in the ask user tree (right blue arrow) has preferences ---> protocol=any and event=any, which made me thinking. I tested it by blocking all applications in the new tree of the bittorrent client and ok, the client stopped downloading or uploading! So that´s very fine.
After that, funny thing is, I checked only one rule (access to network), the first one on top and the application started running ??? Does this have something to do with my router? The port for the application is forwarded in the router... Is this ok?

{QUOTE-> The explanation in post 159, 160 works perfect. Jetico doesn´t keep asking now anything. I assume the rule in the "Ask user tree" is just a "jump to" and nothing more, I hope. <-QUOTE}Yes, make sure you have just the one rule for your torrent client, ((the rule is that, a jump will be made to <ruleset> for that <named application> when <any protocol> and/or <any event> is processed for that <named application>)...A bit confussing to start with, but stick with it......I hope the attached pic may explain better)

{QUOTE-> After that, funny thing is, I checked only one rule (access to network), the first one on top and the application started running Does this have something to do with my router? <-QUOTE}If you only have the "access network" rule checked within the ruleset (all others unchecked), then the application will run, but all connections will either be blocked, or you will be prompted for rules.

{QUOTE-> The port for the application is forwarded in the router... Is this ok? <-QUOTE}Yes, you will need to portforward the same port as in your rules

{QUOTE-> If you only have the "access network" rule checked within the ruleset (all others unchecked), then the application will run, but all connections will either be blocked, or you will be prompted for rules. <-QUOTE}

Well, I checked only "access network" and the application is running well connecting to the www uploading and downloading. To make sure Jetico does have the rules active I checked "apply policy" in optimal protection on top left. I even did a complete restart windows to make sure.
I ´ll have a look somewhere to upload pics, so you can see...

I found out, I just have to upload pics 8) Well here it comes

pic removed*

if you want more, just go ahead

pic removed*

Hi PvA,
You must have another rule that is over-riding, or your policy is corrupt. I see that you have a lot of activity in Ask user/system applications.......why is there a system applications in Ask user? You also have a lot of packets going through the trusted zone

If you are sure there are no other rules that are intercepting the packets for your torrent client, you may need to re-start - load a new "optimal policy"...and start again.

edit
You could upload your policy if you would like me to take a look.

Ok, have a look. I hope it´s better now. :-\

Hi PvA,
I see that you have removed a lot of rules from your policy before uploading, but you still have a lot of "allow inbound connections" within your policy.
Your policy, is, well, a little messed up, I really think you should take the time to create a new policy, taking into account that the only pgms that require inbound connections are server programs.(apart from the inbound loopback-which in the default policy, is covered by the trusted zone in the setup wizard)

Stem,

Another newb question. Does "access to network" mean access to the LAN or to the internet?

In your posts #55 and #60, you have different permissions for apps in System Applications. You mentioned that one of them was used for MS updates. Does this mean you have different configs floating around, and that you load them under different circumstances?

Thanks for all your help.

Hi lars
{QUOTE-> Another newb question. Does "access to network" mean access to the LAN or to the internet? <-QUOTE}This gives access to the trusted zone (set up in the "config wizard", which is basically allowing loopback and access to pre-defined open rules (eg: listen ports) to the Lan (or IP`s entered at config).

{QUOTE-> In your posts #55 and #60, you have different permissions for apps in System Applications. You mentioned that one of them was used for MS updates. Does this mean you have different configs floating around, and that you load them under different circumstances? <-QUOTE}Yes, the ruleset in post #60 is my setup while general browsing (like when I visit this forum), and policies for others, such as updating from microshaft. (it keeps a tight hold on comms)

{QUOTE-> Thanks for all your help. <-QUOTE}No problem,

Now I've got a new issue. I reverted the fw back to factory defaults to make sure everything was OK to start.

I'm working within Dreamweaver 8. I'm in their Extension Manager, where I can choose to go to Extension Exchange, a page on the internet.

Immediately when I click on that icon, I get the pop-up message which I've attached, to which I respond, allow. However, after that response, the web browser cannot see that site. Not only that site, but any other.

I also placed the resulting entry in the Process Attack Table.

What am I missing here?

Image removed. Please resize images to an acceptable size before posting - Ron

Hi larzeb,
Your attachement as been removed,.....but before you resize/repost....there are some known problems with Dreamweaver 8/Extension Exchange/Manager, have you been to Adobe to check for updates?

Hi Stem,
I made a complete reinstallation of Jetico hoping this might look even more better now :dry:

Hi PvA,
Please check your PM

thx for your help! :thumb:

I have been reading this thread for sometime and have not found what I am looking for.

I have Jetico setup and am impressed by the power of the software. Yesterday I did a cclean and reg clean and today the outgoing traffic monitor is no longer working. Any suggestions? I also have Peer Guardian and Kaspersky AV on the system...other than that everything works great.

Rich

{QUOTE-> ..... and Kaspersky AV on the system... <-QUOTE}Hi Rich,
Which version of KAV have you installed, as I have found some conflicts with KAV6 due to its "Proxy".
Others have reported no problems with this combination, but on my 2 setups I made with KAV6 I found that the outbound IP filter within Jetico was being bypassed by KAV6. (No outgoing packet count in the "Jetico traffic monitor")

{QUOTE->
... you should always choose Handle as, use the drop down menu and click Jetico's drop down menu and choose web-browser if its either IE, Mozilla or Opera, if it's a mail client like Outlook Express, Mozilla Thunderbird choose web client, ...

For all other programmes which you trust like security programmes which need access to the internet for updates etc you choose the application trusted zone.
Cheers Khaz <-QUOTE}

The above instructions do not mention some applications, which a user with my restricted knowledge cannot easily relate to the proper category and where I would need some guidance.

So, what is the "Handle as" with respect to:

1) avast WebShield (Port 12080)
2) avast Mail Provider
3) News-Server (NNTP) Terabyteunlimited.com (Port 1198 )
4) download of music clips like
http://www.jpc.de/sound/961/9618316_01.wma
I assume that not all of those should be associated with "Trusted Zone"?


What are the consequences of a wrong choice?


Should the Jetico Firewall be before or behind the avast WebShield, which is a proxy on port 12080? What would the configuration look like?

you can put the first, third and fourth on your list into web-browser and the second one into mail-client!

Maybe Stem can comment, he/she knows more about this and I do!

{QUOTE->
So, what is the "Handle as" with respect to:

1) avast WebShield (Port 12080)
2) avast Mail Provider <-QUOTE}Hi raffnixpert, The Webshield needs only outbound as your Browser, so you can select Browser. For Mail, just select the "Handle as" Mail (As khazars as already posted)
. I have installed avast to check, just to make sure that Jetico is still filtering through the SPI, and all appears to be O.K.
{QUOTE-> 3) News-Server (NNTP) Terabyteunlimited.com (Port 1198 ) <-QUOTE}I have been to this website you mention, but I am unable to locate this "News-server". Is this "server" downloadable from this website? (I would like to install to check the ports/settings required)
{QUOTE-> 4) download of music clips <-QUOTE}Are you downloading using your browser, if so, then the Browser rules should be o.k. (Post if you are downloading using other software or are having problems with the downloads


{QUOTE-> What are the consequences of a wrong choice? <-QUOTE}There are very few programs that require "inbound connections", so setting a program to "Trusted" which would allow the "inbound connections" is not always the best choice. If you are unsure of a programs rules you can create a ruleset to "Allow all outbound (with logging)" and then set "Block all inbound (with logging)" so you can review the log to create a ruleset, or set an "Allow all inbound" rule to "Prompt (with logging)" (but this is not a good idea if you are using any sort of filesharing program where a lot of inbound connections are required), this then gives you an option to block or allow while the program is online (you can then review the log to creat a ruleset). Or post the program name here on the forum (a download link for the program may help), and somone, i`m sure, will help you to create a ruleset.


{QUOTE-> Should the Jetico Firewall be before or behind the avast WebShield, which is a proxy on port 12080