Jetico making me crazy.

Jetico fw has the potential to be outstanding, but the rules configurations nearly drove me insane. Far too tedious and far too many pop-ups for my liking.

 

I am not able to see the last post of this thread, that I saw just 5 min back, may be deleted?

 

Aigle, you should just put system files into the trusted zone and that will take care of it! Yes there are many viruses/trojans out there that try and masquerade as a legitmate file, but they will not be the same size as a legetimate file say svchost and jetico will flag it as it will know what the legitimate file is!

Part of a firewalls remit is to challenge programmes whose signature has changed, so if you update a programme, not its definitions for say a anti virus programme Jetico will notice the programme has changed and alert you to it, if you know you have just updated it then you can ok it with Jetico!


Jetico also uses Hash so it will use this for checking files if modified against the original Hash id, if ok then it's allowed if not your asked to make a decsion about it! I'll upload a screen shot for the ask user table with the hashes showing! Hash is also used in the system application table!

This is the same process as a system file changing, Jetico will know that a legitimate file has been changed or tampered with and alert you to it! If the file has changed due to a windows update such as installing the monthly cycle patches then you know it's ok!


Many system files are only listening or as in the case of svchost.exe and services.exe are using the internet to connect to DHCP for renewing a IP or sending out datagrams!

 

Ok, right but two questions,

1- why i can,t choose system files as ALLOW rather than to say as TREAT AS TRUSTED? Is there any difference between the two?

2- As i asked earlier If I want some programme to stop from internet connection, how to configue it.

 

aigle 1/pt1
System files are placed in the "system application" table,..... placing anything in "allow all" is not good practice.
Example:-

 

aigle 1/pt2

To allow application network access

 

aigle 1/pt3
To block network access/connections:

 

aigle 1/pt4
Place a rule to allow "net access" (1/pt2) and then a "block" rule (1/pt3) for the same app (in that order) will allow that app net access (loopback) but will stop all/any connections.

Any more questions, just ask.

 

cheers stem for clearing that up. as from Stem's examples, only a few system files need access to the internet mainly svchost.exe which you can make a trusted application!

 

Hi khazars,

If I can help, I will

The post I made was made just after I made an update from microsoft, my normal config for system is below. (this is a config that I use, but it is only for browser use)

 

Thanks Stem for such a nice description. If you don,t mind, pls can u send the picture of your ASK USER TABLE and PROCESS ATTACK TABLE.

I have one quary. Some times some operating system file asks for network access, and I give the option TREAT AS SYSTEM APPLICATION but jetico doesn,t accept it no matter how many times I try, and at that time I have no other option except to use the option ALLOW CONNECTION or TREAT AS TRUSTED ZONE. However later if I go to ASK USER TABLE, and manually change it to TREAT AS SYSTEM APPLICATION then it accepts it( I am just assuming that it accepts it, as there is no more new popup about that file, although i suspect it might still be treating that file as trusted/allow connection as i had opted it on first popup). I hope I was able to make my point clear.

 

aigle, 2/pt1
When an app (either a system app, or a pgm you have installed) first requests network access, you will get this popup from Jetico:
(In this example, this is my Packet analyzer requesting net access)

 

aigle 2/pt2
You can then check the rule in "ask user"

 

aigle 2/pt3
Most system apps will only require "Net access" (they like to talk a lot with each other via the loopback adapter (localhost 127.0.0.1)) The exception mainly being "Svchost" which, depending on the services running on your PC will require further rules.

Please note:-

 

aigle 2/pt4

Hope I can explain this correctly:.....
Somthing that may be confusing you, is that when you select "Handle as", this is simply placing a "Jump to" that rules-set, it is allowing whatever rules are created within the "Jumped to ruleset". If you handle as "System, there are no "Open rules" (all the rules are per-app (each rule as a named pgm that can use that rule)) so you are not actually giving your app any "net access". (when you handle as "system")
If you where to handle as "Web browser" then this would "jump" to the web browser ruleset, which is an open ruleset (any app can use these rules once they are allowed to jump there)

 

Thanks for explaining, wat I understand is that if we want to treat some application as system, we first have to craete rule in ask user table for it and then we can select TREAT AS SYSTEM FILE? Am i true? Sorry to bother u a lot but infact these sort of settings are totally new for me.

 

What you need to do, to make Jetico treat a pgm as a "system app" is:- either add the file manually as in post 55/56, OR, if you are prompted, then allow "net access", as in post 62, you then need to go to "Ask user" left click the "New rule" (keep the mouse button held down) and drag the rule over to "System Applications.
example:-

 

Stem,
nice and useful input in last the few posts, thank's

I have few question regarding DNS, DHCP, Loopback, and ICMP & IGMP. I still confuse how to make these rules. Do you have any suggestion or advice how to make one? An example will be very helpfull.

thank's

 

Fumens,
Most of the rules you mention, are already in the default setup (rule-sets) on the installation of Jetico. But as I know Jetico can be a little confusing to the new user, I will post to show,... and how to creat new rules (where needed).
For these posts I have reloaded the default rule-set (by:- open Jetico....File....Revert to factory settings) so you can see the basic setup / rule-sets

(1) (From the default setup/ruleset) You will find DHCP request/reply rules are in the "System Applications"

 

(2) (from the default setup / ruleset) DNS (UDP) and the basic ICMP rules are in the "System Internet Zone"

 

(3) loopback (127.0.0.1) is placed in the "Trusted Zone" during setup. You can check / edit this by:- Go to windows "Start"...all programs....Jetico personal firewall...and select "Configuration Wizard" (Note: all pgms with net access, use the "Trusted Zone")
(I will post more later (when time permits) on ICMP, IGMP rules creation (If you need them)

 

Thank's a lot Stem,
I know now to get there. If I may ask you again can you give an example how to create a rule set for:
1) DNS (TCP & UDP)
2) DHCP (reply & request)

Sorry if I ask to much because I read in the firewallleak test that a rule based firewall will be useless with default configuration. So I would like to configure it myself.

I'll be waiting for the ICMP & IGMP rule set

edit - any inputs on how to set a rule will be helpfull to me and for others Stem

regards,
fumens

 

Ill give you that one, after seeing the firewall tests. I decided to give it a whirl.
Call me a idiot....but I spent close to a half hour trying to figure out how to access the internet. I finally gave up and decided to try out LNS.

 

Fumens,
First of all, I believe that Jetico`s default ruleset is quite tight, (this is why some users have problems, and why there are so many "Popups" after first installation.)

Entering rules are simple, once you know the layout. Below is an example of outbound (UDP) DNS.
This is a "System IP rule" so you will find it in the "System Internet Zone" (by default)
(Is this how you want the info??)

 

Very usefull thread! I was on the point to let Jetico go but now that I found this I won't be looking for another firewall for a long time. I do have a questions for you guys. What settings should I make for handeling a DC++ client? I mean what should be allowed and what shouldn't. Thanks.

Hann