Jetico making me crazy.

[aigle]

Just installed Jetico today and its pop ups are making me crazy, it is constantly giving me pop ups about my Norton products and sometimes firefox also. Hundreds of time I have opted for REMEMBER this action, no benefit. Is there any way other than uninstaling it.

Also i want to ask does it has hooking techniques, I mean it can be used with PG free or antihook without overlap or not?

[starfish_001]

I've had a play witth it this wekend - awkward to config but seems light and very good. Prefer LNS and Outpost at this point


Try this link

http://www.wilderssecurity.com/archi...p/t-62970.html
or this
http://castlecops.com/t134648-Jetico...nish_page.html

[aigle]

I just uninstalled it, i hate these pop ups,I was so used to accept it that I am sure if some malware ask for permission,I would have clicked yes for it also. Why they don,t fix it, I will write to them. Really disappointing.

Any solution?

[Kerodo]

I think the key to Jetico is to look closely at each of the popups to see what's actually going on, and then try to (when necessary) create rules of a more global nature to handle some of the common situations that come up. It definitely takes more work than your average firewall. But it's also possible to tame it as well. Hopefully they will make it a little easier in upcoming versions (if and when any arrive). But Jetico is not one of the install, set and forget firewalls..

[Kaupp]

There will be a certain amount of overlap if you use jetico with either processguard or antihook but I remember someone saying here a while ago that if you create a new rule in the ask user table of jetico to allow access to network for local sockets you can cut down on the popups substantially without affecting the firewall's control over internet access.
Maybe someone with more knowledge on the subject can confirm this?

[starfish_001]

Quote:

Originally Posted by Kaupp

if you create a new rule in the ask user table of jetico to allow access to network for local sockets you can cut down on the popups substantially without affecting the firewall's control over internet access.

That would be very helpful - I like the firewall but ... creating the rules is difficult.

A template set would be very useful ?

[zapjb]

I had the same problem as op. I chucked it. Happy with GhostWall.

[khazars]

Ok, when Jetico pops up it's asking you what you want do with a process on your computer.

In the box that pops up, tick the box in the bottom left, remember my answer , then look at what Jetico is asking you!

If It's a programme you trust you obviously want to allow it access, so all example here are for allow activity. If it's a baddie then don't allow and deny!


So Jetico pops up with this!

Event: Attacker writes to application memory
Description: Suspicious process activity

click allow this activity, once you have did this once the box should remain ticked on the next popup. Then you just click ok to allow this activity, usually a windows system file like lsass or Explorer.exe or a programe.

All files asking for access are treated as hostile by Jetico and will be seen in the process attack table, these rules are made when you initailly decide what a programme is allowed to do, that is, you accept it as ok!

If Jetico pops up with

Event: access to network: configration table : Ask User

which gives you the choice of ticking these options of:

Allow activity
Block this activity
Handle As
Custom

this is where you should always choose Handle as, use the drop down menu and click Jetico's drop down menu and choose web-browser if its either IE, Mozilla or Opera, if it's a mail client like Outlook Express, Mozilla Thunderbird choose web client, make sure always to check the box in the bottom left, as having this box ticked everytime you answer will reduce the pop ups!


For all other programmes which you trust like security programmes which need access to the internet for updates etc you choose the application trusted zone. Sometimes Jetico will ask twice to confirm this but remember, some programmes have many services all asking for outbound connections or network access, hence you think Jetico is giving you a hard time.

Anti vir has 4 agents all asking for access, update, notify, avguard and scheduler so Jetico is actually alerting you to 4 seperate files within one programme asking for either network access and outbound to the internet.

So, when Jetico pops up with the Allow activity and Block Activity with the handle as, you can use this for web client and web-browser this is mainly for outbound connection to the internet and for access to the network. So you'll get a request first for access to the network and then if the programme has internet capabilities it will at some point request access to the internet once you have initiaiised it!

Jetico is basically not allowing any programme willy nilly to gain access to either the network or the internet without being probed and prompted, a far better system than most firewalls that don't aggressively challenge programmes which make requests to the network. Jetico will block and prompt even if you use the cmd prompt and many other areas where other firewalls wouldn't do anything.

Jetico even asked me did I wanted to allow myself to make a new folder in explorer!

This is why a lot of people give up, all those pop ups as Jetico is a very aggressive firewall but this is what makes it one of the best. Once it's configured, about an hours work, it's really quite quiet after that and well worth it as it can breeze past all those leak tests and its resources are mega low, last night I checked and it was at an all time low for me at 1.6 MB!

An easy way to configure Jetico is to introduce all the programmes you know will need outbound access to the internet, and all the other main programmes you will be using, and please read what Jetico is asking you and choose the appropriate rule as it will make life a lot easier for you and also keep the box ticked at bottom left as this will limit the amount of pops up you get.

Last bit, with a p2p networks you will get maybe anything up to a dozen pop ups as p2ps are using many different IPs and /or ports, no problem, just keep clicking alllow activity and choose the application trusted zome and you'll be ok!


I hope this rather disjointed discussuion on Jetico helps.

Cheers Khaz

[khazars]

I'll try and upload some screenshots so you can see the main box with handle as.

Hopefully from this attachment if it works you'll see the allow, block activity, handle as which is greyed out, but once checked the drop down menu opens up and you cna choose here trusted application, web browser and web client!

[khazars]

hers another one!

[khazars]

This box is accessed from clicking options/and then general, you should tick all the boxes and click optimal protection in jetico!

[zapjb]

Face it some of don't want to deal with an annoying prompt 10x an hour. I had the same experience with Outpost as well. Only pf I'm comfortable with are LnS, Sygate, Kerio & GhostWall. All the others I tried so far about 6 more. Were a pain & or failed leaktests.

[khazars]

Yip, it certainly isn't be everyone's cup of tea and it will also no doubt conflict with others systems! But, this is just to try and help those who have been trying to configure and set up Jetico and are put off by it, everyone to their own!

[khazars]

If you want real noise try antihook!

[zapjb]

Thanks for the warning about antihook.

[aigle]

Quote:

Originally Posted by khazars

Ok, when Jetico pops up it's asking you what you want do with a process on your computer.

In the box that pops up, tick the box in the bottom left, remember my answer , then look at what Jetico is asking you!

If It's a programme you trust you obviously want to allow it access, so all example here are for allow activity. If it's a baddie then don't allow and deny!
Cheers Khaz

But what if it ask about the same prpgramme with same action 100 times in few hours, isn,t it crazy. I installed it and almost every 5 mi it is asking about symantec products, everytime same component with same action.

[aigle]

Quote:

Originally Posted by khazars

If you want real noise try antihook!

I like antihook, can I use it with Jetico together or it is just an overlap.

[khazars]

yes there is a lot of overlap, why not use procesguard free and Prevx free beta!
Antihook takes overyour system, well mine anyway and is really noisy, Jetico and processguard tend to go to sleep with antihook on as it does take over lol! I have now suspended antihook through msconfig and I now know processguard is alive and well!


prev free

http://free.prevx.com/

[khazars]

with Jetico , just make sure you check the box remember this answer and put symantec into the apllication trusted zones, the problem with symantec if you have it's security suite as I see this in many hijack this logs, is there are many processes for Norton's anti virus and it's other products, so I doubt it your seeing just the same Symantec file asking for access!

Either your not telling Jetico it is a trusted application, and allowing it access when it asks you if it is an attacker.

When Jetico pops asking about

Event: Attacker writes to application memory
Description: Suspicious process activity

click allow this activity,


Then if it's asking for


Event: access to network: configration table : Ask User

which gives you the choice of ticking these options of:

Allow activity
Block this activity
Handle As
Custom

this is where you should always choose Handle as, use the drop down menu and click Jetico's drop down menu and choose web-browser if its either IE, Mozilla or Opera, if it's a mail client like Outlook Express, Mozilla Thunderbird choose web client, make sure always to check the box in the bottom left, as having this box ticked everytime you answer will reduce the pop ups!

You might be better to go into Jetico's ask user table and delete all the rules for Symantec and then Jetico will ask again and follow these examples above!


I hope this helps!

[aigle]

Quote:

Originally Posted by khazars

with Jetico , just make sure you check the box remember this answer and put symantec into the apllication trusted zones, the problem with symantec if you have it's security suite as I see this in many hijack this logs are there are many processes for Norton's anti virus and .......might be better to go into Jetico's ask user table and delete all the rules for Symantec and then Jetico will ask again and follow these examples above!I hope this helps!

So i got it, i was giving option, allow it. Infact i used ZA pro for sometme and it was very easy,i can give options for any programme to connect to net,block, or ask user option OR kill the process.

[aigle]

Quote:

Originally Posted by khazars

with Jetico , just make sure you check the box remember this answer and put symantec into the apllication trusted zones

So how to put it in trusted zones, can you explain a bit.

also i am not sue how to make the first intial configuration when you start jetico first time after install. I am using dial up with proxy server and have a single PC not attached to a network. I will be thakfulif you can expalin by scrrenshots. Your previous post was very nice.Thanks a lot.
I am going to install it again.

Also i want to ask how I can take screenshots of my pc to post and how to edit these shots, sorry for an unrelated Q.

[starfish_001]

Quote:

Originally Posted by khazars

....

I hope this helps!

THanks for the examples this is very useful - Jetico might be noisy but ... it is very good with Leak tests as good as LNS - and better than Outpost; can block almost all, but ... it is very easy to allow a component.


Jetico shows the launchng process making saying no a bit easier - for me any way.

[khazars]

ok here's some more images!

[khazars]

here's another one!

[khazars]

This is usually the first box you get, simply to allow or deny an application, then you usually get the previous ones for outbound to the internet or to the network!

In this example I was checking for updates for quicktime so I could get an example for you, here quicktime is lauching IEplorer to access the web and Jetico sees it as an attack until I ok-ed it!