Jetico making me crazy.

Hi Stem,
I made a complete reinstallation of Jetico hoping this might look even more better now

 

Hi PvA,
Please check your PM

 

thx for your help!

 

I have been reading this thread for sometime and have not found what I am looking for.

I have Jetico setup and am impressed by the power of the software. Yesterday I did a cclean and reg clean and today the outgoing traffic monitor is no longer working. Any suggestions? I also have Peer Guardian and Kaspersky AV on the system...other than that everything works great.

Rich

 

Hi Rich,
Which version of KAV have you installed, as I have found some conflicts with KAV6 due to its "Proxy".
Others have reported no problems with this combination, but on my 2 setups I made with KAV6 I found that the outbound IP filter within Jetico was being bypassed by KAV6. (No outgoing packet count in the "Jetico traffic monitor")

 

The above instructions do not mention some applications, which a user with my restricted knowledge cannot easily relate to the proper category and where I would need some guidance.

So, what is the "Handle as" with respect to:

1) avast WebShield (Port 12080)
2) avast Mail Provider
3) News-Server (NNTP) Terabyteunlimited.com (Port 1198 )
4) download of music clips like
http://www.jpc.de/sound/961/9618316_01.wma
I assume that not all of those should be associated with "Trusted Zone"?


What are the consequences of a wrong choice?


Should the Jetico Firewall be before or behind the avast WebShield, which is a proxy on port 12080? What would the configuration look like?

 

you can put the first, third and fourth on your list into web-browser and the second one into mail-client!

Maybe Stem can comment, he/she knows more about this and I do!

 

Hi raffnixpert, The Webshield needs only outbound as your Browser, so you can select Browser. For Mail, just select the "Handle as" Mail (As khazars as already posted)
. I have installed avast to check, just to make sure that Jetico is still filtering through the SPI, and all appears to be O.K.

I have been to this website you mention, but I am unable to locate this "News-server". Is this "server" downloadable from this website? (I would like to install to check the ports/settings required)

Are you downloading using your browser, if so, then the Browser rules should be o.k. (Post if you are downloading using other software or are having problems with the downloads

There are very few programs that require "inbound connections", so setting a program to "Trusted" which would allow the "inbound connections" is not always the best choice. If you are unsure of a programs rules you can create a ruleset to "Allow all outbound (with logging)" and then set "Block all inbound (with logging)" so you can review the log to create a ruleset, or set an "Allow all inbound" rule to "Prompt (with logging)" (but this is not a good idea if you are using any sort of filesharing program where a lot of inbound connections are required), this then gives you an option to block or allow while the program is online (you can then review the log to creat a ruleset). Or post the program name here on the forum (a download link for the program may help), and somone, i`m sure, will help you to create a ruleset.

As I mentioned, I have just installed "Avast", after the installation, Jetico re-configured its network driver, and called for a re-boot,..so the config is performed automatically (Avast webshield is "listening" on port 12080 and all running o.k.)

 

I was induced to experiment with Jetico by this post and i want to say two things: thanks to Stem and all others who contributed,without this post it would have been much harder-as i initially found Jetico's ways as an alien line of thought (i mean from another planet) and i couldnt find any english non Jetico manual,only a couple in spanish,albeit well written-

http://www.geocities.com/ladidel_jetico/jeticoindex

and another,more like Jetico Help at

http://www.wikilearning.com/

the second thing i want to say is that Jetico install in place of Sunbelt Kerio,had the same effect as if i had doubled the RAM,making the pc in question twice as quick = i will go any length in order to learn its ways.

Now i am beginning to understand a bit, but what annoys me is that when i go online with my ltd account there's a an intial Jetico pop up warning that the Log space /or disk space is insufficient- i changed the space allocated from the standard 1000kb to 3000kb,but i still receive the alert.
Also in the limited account there's no trace of outbound logging.
Which is nearly the only available logging since it runs behind a Router.
(but it works fine in the admin account)
My question is: how can i apply the same Optimal Protection and general config to a limited account? What particular files need to be copied and,most importantly, where? (i couldnt find in C:/Program files /Jetico any differentiation btw accounts, hence i dont know where to start to)

 

Hi poirot,

You can find the admins config file: Documents and settings/your folder name/application data/jetico personal firewall/1.0/ ..... copy the optimal.bcf over to the same location in the user account/folders.

In windows create a seperate folder for the log files,... then set the permissions on that folder so that the user can modify/write to that folder (I am at work, so dont have a XP box, but to set permissions on folders in W2K, you have to right click the folder/properties/security/ select user and tick the boxes to allow modify/write...I think its the same in XP)
Then open Jetico/options/log .. and browse to and select the log folder you have created.
Do all the above while in admin, when you switch users, the user can then write/modify the jetico log folder.

Sorry the explanation is a little rushed, at work must dash.....
Post back if any problems,....

 

thanks a lot Stem,i'll do it asap!

 

Good configured Jetico pass Internet Explorer and Firefox "DNSTESTER" - leaktest!
I post my Optimal.bcf later!

 

Ok, I have tested and retested, on 2 machine, work!
This my configuration block "dnstester.exe" tested in all mode.
Can someone test him, to confirm!
You need to enter your ISP name server IP in "DNS" send & receive datagrams (svchost).
If you install KAV6 (free of Webantivirus,this make conflict with Jetico Outgoing monitor)
and with enabled Proactive Defense (Enble Application Activity Analyzer, Application Integrity Control and Enable Registry Guard) Yuo be able stop "jumper.exe" leaktest too.
"Breakout-en.exe" leaktest KAv recognises like a "Trojan program Trojan-Clicker.Win32.Small.ip", so I think real Trojan with similar function like
a "Breakout.exe" not pass.With Jetico and KAV you are 27/27 Outgoing protected.
Have Fun..

 

I am a bit late with this post but I think I will follow up my post #181 and Stem's answers given in #183 before I study the excelent but voluminous stuff in poirot's Spanish links.

My original question in #181 was:
So, what is the "Handle as" with respect to:
1) avast WebShield (Port 12080)
2) avast Mail Provider
3) News-Server (NNTP) Terabyteunlimited.com (Port 1198 )
4) download of music clips like http://www.jpc.de/sound/961/9618316_01.wma

Concerning the cooperation of avast WebShield and Jetico:

Does that mean you installed avast for test purposes on your system with Jetico being already present and that the sequence of installing matters? (I started with avast and subsequentially added Jetico).

Concerning "News-Server (NNTP) Terabyteunlimited.com (Port 1198 )":

For subscription to the Terabyte Newsgroup see the attached Thunderbird account.

Concerning download of music clips from http://www.jpc.de:
Once on their website choose a music title, click on "Hörproben" and select a track number. The clips offered are wma files. My setting under Firefox Downloads is "Open with Windows Media Player".

 

Hi raffnixpert,

I did install Avast while Jetico was already installed (just for testing), but this should not change the fact I found no conflict, as Jetico would/should install correctly. If you are having any problems/doubts, I will re-install "Avast first" to re-check.

Are you currently using the "Mail Client" ruleset for Thunderbird? as you should simply be able to add a rule for this port. (I can post back with full instructions on how to do this, if needed, later tonight)

For the downloading of your music using "Firefox=> Media player", there will need to be rules set up for "Media Player" (and an attack rule to allow firefox=>Media player),.... I will set up tonight to check which ports/rules are required, and post them. (Sorry,.. but dont have much time to check this now, but will find time tonight)

 

Hi raffnixpert,

I have setup "Firefox" for WMA files to "Open with Windows Media Player". (this is the dynamic plugin) At the moment when I follow your instructions

the WMA file is played without the need for any further rules (default Jetico browser rules)

As I mentioned in my last post, if you are using the "Mail client" rules for Thunderbird, then add a rule to the mail client ruleset to allow outbound to port 1198 (example attached)

 

Thank you Stem for taking such efforts to help newbies with Jetico. Your explanations are clear and precise. I think these screenshots with red arrows are of particular importance for beginners to become acquainted and familiar with configuring Jetico. I remember having seen such red arrows elsewhere in this thread and I think I will study these as well.

 

Hi,
I used this blocked list and try to set a rule for firefox so that it doesn't access to the blocked IPs. However, seems that jetico doesn't work with the System blocked Zone. Any idea??
TIA

 

Hi sharkking,
The "blocked zone" will over-ride (block) any Jetico "Allow" rules to those IP`s. If you want to access one or more of the IP addresses that are within the "Blocked zone" then you should edit (remove) these by going into Jetico "configuration wizard".
If you want only to remove one IP, but do not know the IP of the site, then go to a "whois" site, such as Samspade where you can enter the site name and this will give you the IP info.
If you want to remove all the blocked IP`s, then run the "configuration wizard", and in the "Blocked zone", select "remove all".

 

Hi Stem,
Thanks for your quick reply. However, the problem is that I used the setting.xml that you attached in one of your posts and have all of the needed block IP in setting.xml configured properly (by checking again with jetico configure). Tested it with firefox with one IP in the block list and firefox could still access to that page. Can you re-check and confirm that.
Ciao

 

Well, please disregard this as I found out I'm behind a proxy and the blocked list doesn't work with proxy server.
Ciao

 

Hi, there are some issues with Jetico and installed proxy servers. At times, this is not a good combination.

 

With all the noise about Jetico at the moment I decided to give it another go having not had any success with it in the past. I had a rule set d/l in case of trouble. This time however it installed ok and ran without much problem.

Although it uses less memory than Kerio 4, I do not find that there is any increase in speed either browsing on in normal use.

I am getting plagued with a plethora of pop ups for the same program all the time. Also I cannot find any way of restricting a program once it is in the application table. Right clicking on the application does not give an option to alter it.

 

I want to ask you something different

Is Jetico recognazed by security center in Windows XP?

Sorry for my bad English

 

Hi Green Dragon,

No, it is not. (you would need to disable the security center alert)