JPF v2 beta progress.

Discussion in 'other firewalls' started by Nail, Aug 2, 2006.

Thread Status:
Not open for further replies.
  1. Nail

    Nail Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    28
    It looks a bit strange. "Shutdown firewall" resets all filters. It is almost equivalent to uninstall. In other hand this situation looks like conflict with another network or security related program.
    You can more information if you'll make create logging rules. You can insert them at the top of root tables. Do not forget to set action to "continue".
     
  2. Alffa

    Alffa Registered Member

    Joined:
    Aug 5, 2006
    Posts:
    12
    Any progress with this problem ?

    PS. Nice to see new development (with many changes that were asked for :) )
    Hoping to get this new version to action asap :)
     
  3. areyousure

    areyousure Registered Member

    Joined:
    Aug 5, 2006
    Posts:
    13
    can jpf v2 pass pcflankleaktest? any comment on jpf V1's failure in passing the test? any improvement in this regard?
     
  4. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    I have the same problem. I am running together with other user and Jetico a Debug Version of the server to solve the problem. It seam a very special problem on some machines/configurations, as only a view persons have this problem.
     
    Last edited: Aug 5, 2006
  5. appyface

    appyface Registered Member

    Joined:
    Jul 30, 2006
    Posts:
    9
    Thanks for response, I should have thought to log everything :oops: I enabled logging for all firewall rules that are set to 'reject'.

    I cannot reach network resources, when I try the log fills up with rejected outgoing 'block all not processed protocol packets' for protocol PPTP to the VPN server.

    I re-verified, I do have 'enable VPN protocols' selected. Shouldn't this enable tunneling automatically? Or am I misunderstanding what this selection intends, and I need to define these rules myself?

    Thanks for help,
    ---appyface

    P.S. I think early uninstall failure problems may have tweaked Windows, because after last uninstall of JPF2 Windows still behaved erratically. I did format c: and fresh install of Windows and of latest JPF2, then did the above test. I do not have any other security products or anti-virus products running, and Windows firewall is off. JPF2 is the only 'protection' on the system. Thx.
     
  6. appyface

    appyface Registered Member

    Joined:
    Jul 30, 2006
    Posts:
    9
    Hello Nail,

    As mentioned in email reply to you, am still having VNC inbound connection problems.

    If 'optimal security' is the current security policy, PC locks up upon inbound VNC connection attempt. If 'allow all' is the current security policy, VNC inbound works as it should.

    The system event log has this message logged at the time of inbound connection attempt causing the lockup:

    "The vnccom service depends on the vncdrv service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."

    This message is not logged when JPF2 is set to 'allow all' or firewall is shutdown, and VNC works normally.

    Hope you can take a look at this one soon, thanks and regards,
    ---appyface
     
  7. Nail

    Nail Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    28
    Fresh bugs from user emails:
    1. If you delete all application groups, you won't be able to invoke context menu and create new groups. IP address groups have protected automatic entries, so this bug will not appear for IP address groups.
    2. Log->Context menu->Select log file leads to hangup.

    "CoCreateInstance" is still alive. Unfortunately, I'm still unable to reproduce it.
    I can give temporary solution - run jpfsrv.exe as ordinary application:
    1. run jpfsrv.exe /unregserver (uninstall service)
    2. run jpfsrv.exe /regserver (register as COM server)
    3. run jpf.exe

    v1 and v2 use the same attack detection mechanism. In my tests JPF v2 detected pcflanktest (reported indirect access to network). Anyway, clean testing required.



    to install jpfsrv.exe as service run jpfsrv.exe /service
     
  8. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Hm, generall question.
    Why do you folks insist to run the whole thing as a service. This only brings problems and in some cases OS vulnerability.
     
  9. Nail

    Nail Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    28
    Another bug found:
    Create hash checking rule with "C:\Windows\*" application field -> BSOD. The reason is found. We'll fix it soon.
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I have just tested on Jetioc2, I was given 2 popups, one from the test to say that my firewall was "leaky", and a popup from Jetico to tell me that the leaktest was attempting access (attached pic). I blocked this access. I then followed the link to leaktest site and was informed
    There was no info about my IP or the text I entered, and as my IP is/was the same the leaktest failed to bypass Jetico.

    @Nail, I was not asked for indirect access.
     

    Attached Files:

  11. Ciaba

    Ciaba Registered Member

    Joined:
    May 29, 2006
    Posts:
    22
    I've a quest:
    Es. I try to start first ones a browser, a windows pop-up from "Access to Network" is showed. From this popwindow I can select(in template voice), "Web Browser" table...ok(I think), speedly way!!, but after I click OK another popup from "Network Activity", ask me about inbound, outbound, port etc etc...So, what is utility of My first chois to use a table in "Access to Network" if that is not see??
     
  12. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Ciaba,
    A solution is to add your browser to the "Group Applications~ browsers" Then go to "network Activity" and enable the rule "->Web Browser / application Web browsers". See pic.

    Then when propted for "access to Network" Allow, and you should then have connection for the browser.
     

    Attached Files:

  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Nail,

    I do not think the splitting of the "ask user" was a good idea, there will now be more popups, a need for a minimal 2 rules ("Access to network" and a rule for "Network activity") If the "application checksum" is enabled this increases to 4 rules (on default, application checksum is for "access to network" and for "network communication" and 2 entries needed/made)
    At least in V1, the user could simply select "Handle as" and only the 1 rule was required. I can see this is going to cause much confusion, and possibly put many users off.

    Is there some reason for this?
     
    Last edited: Aug 9, 2006
  14. Ciaba

    Ciaba Registered Member

    Joined:
    May 29, 2006
    Posts:
    22
    ...The "problem" is not in Network Activity but in Access to Network table. If I edit a rule in that table I've chois to select in Action a custom ruletable(so, browser, mail, access, ICQ, etc etc...that I've created), but table read only access to network rule and ignore all other(specific port and address rules). Is a no sense for me...If I see a door in a room I hope back there's not a wall but another room. So the question is: why I cant use tables in Access to Network if i can chois it in edit rule??
     
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    For some reason, Jetico have split the tables, so now you must first allow "access to network" (in access to network table), then allow in the network activity table for needed connections.
    Please try the solution I posted #37
     
  16. Ciaba

    Ciaba Registered Member

    Joined:
    May 29, 2006
    Posts:
    22
    I think Ask User is be splitting 'cause number of rules in a short time become really long(in 1.x), and working in it is caotic...So split Access to Network and Network activity for me is ok(in theory...see problem up),...now rules editing is focalized in Network Activity but with few rules, and in definitive number of popup is same like in 1.x: one for access to network and one(or more), for event.
    About hash control instead I think same of U...better in 1.x version, so continue control and no popup...easy and effective.

    p.s. tnx for #37 solution Stem, but is not that I ask.
     
    Last edited: Aug 9, 2006
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    So can you see you need first a rule to "allow access to network",.. then you need to place the "jump"(handle as) into the "network activity"? (or create groups, with a group rule)
     
  18. shaunwang

    shaunwang Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    94
    what's the differences between the paid of jetico and freewall edition of jetico on this v2 o_O

    Please list out as some which will not exist in freeware
     
  19. smb

    smb Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    17
    Hi Stem,

    the reason given by Nail was:
    but I totally agree with you Stem, for me it will double the number of rules since I propaply will not disable hash checking for anything. So maybe Nail and the others at Jetico might reconsider this step since it is the only thing that got worse in v2 compared to v1. At least in my oppinion ;) .
     
  20. Ciaba

    Ciaba Registered Member

    Joined:
    May 29, 2006
    Posts:
    22
    … on purpose of hash, I have tried in “Application checksum” to eliminate the hash control on some rules but this remains… removes dulls it, selects ok but it remains qualified….where mistake? o_O

    EDIT:
    ...ok Olap said me how to do: in order to remove the control hash I must remove the sign of dulls when the rule comes created, otherwise after nn is more possible to make it...so there's a bug in edit here.
     
    Last edited: Aug 11, 2006
  21. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi smb,
    I would not mind if the splitting of this was useful, I know there is a need by some (such as gameplayers) who need to be able to drop the checksum for certain apps, but the checksum option still cannot be disabled "per app", you have to disable all or nothing on this.
    There are the options in "application checksums":
    *Event
    *Application
    *Hash
    So I thought that the user could "untick" the Hash option, then the application would be checked only by location, but the hash option just re-enables itself.

    The splitting of "access to network" / "network activity", this just seems more work for the user, and more rules for Jetico to process.
    I know there is the "group" option, but how many will want to start setting this up?
     
  22. Nail

    Nail Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    28
    We splitted "Ask user" to three tables to gather applications with "indirect access", "direct access" and "network communications" into three groups. Now it's easy to find applications that require only "indirect access" and so on.
    In other hand you can create your own configuration if default one does not fit your needs.
    Sorry, I haven't enough time now. I shall review remaining posts tomorrow.
     
  23. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    It was not my needs I was thinking of. I can easily add rules/groups, or change the flow of the roots, it will be other users who will have the problems/confusion.
    It is the same with the "checksums". I have no need to allow these to change (unless I update software/browser), but users (example) who play games will have to leave this disabled completely (as it stands now).
     
  24. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Ok, after a brutal cleaning of my registry i was able to install v2 and got the service to work, but what must i see.
    Here happens they same as with a lot of other software. Instead of improving a nearly perfect v1, Jetico made some good stuff mor confusing perhaps worse.
    Splitting tables, for that more popus (first ascess to Net, second rule for net activity), a FW which is absolutly not understandable for beginners and i think also a lot of advanced users. Even i had to look 10 times to the same stuff to understand the logic (?) of v2. The hash function...hmm

    But there are also some good new functions like the Groups. I love it and makes managing rules more easy. I am trying to write a parcer for importing the famous 'block list' into a group.

    What is the difference between 'Inderict access to network' and 'Acess to network'. Is it for internal comms?
    Also i am a little bit concerned about storing the configuration in a XML file, not the safest way, a SQLite database would have been better and faster from a certain volume on. But is has also its advantage :)

    So far i found no bugs more as the ones mentioned in the thread.

    Edit: Now after getting v2 running with most aplications i enabled HASH. Jetico wants again to clicks, one for Network access and on other for Network activity. Surley that means more security for the user, but i think in this case one click should be enough.

    Resuming:
    This Jetico v2 is 100% only for advanced users and proffesionals, but i like it so far and looking forward to the next improved Beta. Til than playing arround with v2.
     
    Last edited: Aug 10, 2006
  25. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Shutting Down Problem:
    Nail, i am running Jetico2 on a Vaio Laptop. My specifications i sent you some days ago by email.
    Problem is that am not able to shutdown/reboot my Laptop when Jetico was running. It hangs (not freezing). Shutting down Jetico first via Systray, allows than a clean reboot or shutdown of my Laptop.

    Again it seams that now the service is _not_ unloaded correctly which results in a hanging during reboot/shutdown.

    Resume of bugs:
    1. Shuting down/reboot problem
    2. 'View' options are not saved between two sessions
    3. System HASH is asked each time the Laptop starts up (0000000000000000000000000000000000000000) (not confirmed last Restart of my PC)
    4. Jetico is nearly the last aplications which starts on a Startup of the PC, should be reverse :)
    5. Sometimes Jetico askes two times for the same in some cases, results in double entries in Jetico which are absolutly identic and for the same pourpes.
    6. Expand in Groups by Mouse Right-Click not working
    7. (New)
    Situation:
    New aplication is started, all rules are set, moving these rules than to a new createt aplication table and modificating them (while allowing all traffic in Jetico) and restarting the aplication with 'optimal protection' in Jetico:
    Result:
    Jetico is _not_ poping up and asking for new rules to set. There are defenetly no old rules for this aplication in Jetico, they are all in a new table which is not active (no Jump rule set). Seams eliminating rules in the GUI does not result also in a deleting in the xml file.
    Closing the aplication and Jetico, restarting jetico and the aplication results as it shoud be in the nececarry popus.


    Improvements which would be nice:
    1. Posibility to sort entries by clicking on the colums.
    2. Menue View ->Option 'Expand all'. Helpfull in other tabs like 'Aplications' and 'Groups'.
     
    Last edited: Aug 10, 2006
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.