JPF v2 beta progress.

This Jetico's driver is kernel level API hooking. This may conflict with alerts, etc. of third party security programs like HIPS.

You can run Icesword and have a look at section SSDT.

 

This is what I used to check my findings.
I have re-installed PG on top of Jetico, to look for direct conflict, but O.K. up to now.

 

Stem, did you send an e-mail to Nail? This API Hooking is a very important point, rearding installing Jetico while an other HIPS soft is running or installed.

 

No, not yet,.....I am looking for my API monitor/debugger to verify.

 

@Nail
...nice step this 2.0.0.9. I was come back to 2.0.0.6 from nex 2 step(0.7\0.8 ), for a lot of bug but this is a really good new version

...some suggest for view option.
-I think in Groups and Applications windows need an Expand All function( U could add voice or create new in right click menu on free windows). It's insane every time open manually all voices clicking on +

-Flat view and Expand(right click menu on roots window), could be trasform in Flated Root and Expanded Root so if I select one other is auto-deselected and viceversa. More easy and clean.

...some problems on translate text file(I'll doing italian version...don't worry my italian is better of my english ).
I can't find:
-Attacker is (from Process Attack's body rules)
-Hash is (from Process Attack's body rules)
-Application is (from all body rules use it)
-Remote address is (from all body rules use it)
-ICMP type/code is (from IP Table's body rules)
-Packet is (from IP Table's body rules)
-TCP flags are (from IP Table's body rules)
-Stateful inspection is enabled (from IP Table's body rules)
-The rule will match to any IP packet (from IP Table's body rules)

...for now this.

Edit
-a problem again. When try to open a game Jetico freeze black screen for minutes then I can see only mouse cursor. I've see when a game start jetico try to ask for Ex. indirect connection or access or hook but rule window dont appears, it stay under screen. So is not possible back to desktop(only whay is random and lucky found OK button with cursor), and need reboot.

 

This is true with many games where programmers are not expecting that a third party software can block their programs execution on various situations. I remember times when a firewall that blocked simple outgoing network packets caused software to hang up with timeouts
Nowadays programmers know, that firewall (or other programs) can block their programs outgoing flow and try to handle this kind of situations kindly. Jetico (like some process guards) is presenting new and deeper ways to interfere with system and programs, so many and most programs behave strangely, when they are interrupted from doing some basic operations (like network access). Almost all games crash or behave abnormally when started first time and JPF is working and don't have rules for that game.

 

Yep I see, this is a problem I've meet from 2.0.0.7 to now. On 2.0.0.6 all ok, when a window rule appear game come back to desk and all ok. I dont know if right job of Jetico is that or this but now ther's a problem I think.

 

News from Nail/Jetico:

Report was as in this thread mentioned:

Answer from Nail:

 

Here on my WinXP PRO SP2 system, I can change the file name and save it without a request for global-hook. But if I change the file name and also then try to change the location under Save In... drop down box then I get the global-hook popup and the hanging. From the logs it appears the Attacker application is: Explorer.EXE. They should be including this info in the popup too.

 

There are still some bugs but this build is rather stable. The most annoying bug is that when a program ask for a "direct access memory", Windows hangs up, and I have to reboot.

 

Hi darksroker, Welcome to wilders

Could you please post details of the applications (and locations) that are requesting "direct memory access"

 

For the moment, the applications requesting "direct memory access" are some games (like rFactor), VLC, Opera (when I open a streaming window in Opera), Java and rundll32.exe.

 

Thanks for the info,

 

Hello Nail,

Found JPF2 2.0.0.9 and decided to try.

1. Uninstalled 2.0.0.7 first and rebooted. (2.0.0.7 was on system but running in "allow all" mode since both VNC and VPN connections do not function in "optimal" mode for me).

2. Installed 2.0.0.9 and elected "no" to "reboot now" at the end of install process. Found this entry in system event log:
--------------------------------------
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 9/16/2006
Time: 9:45:46 AM
User: N/A
Description:
The bcftdi service failed to start due to the following error:
Insufficient system resources exist to complete the requested service.
--------------------------------------
3. Rebooted system now.

4. System will not come up fully. Full Desktop appears and system tray icons reach a certain point (looks like the point where JPF icon would appear) and system will not finish coming up from there.

System is not exactly 'hang'... I can use ctrl-alt-delete to bring up choice to get task manager or shutdown options, but neither will work. Can click right or left on desktop icons or systray icons but no response.

5. I used hardware reset switch to reboot system and then boot into Safe Mode, uninstalled 2.0.0.9.

6. System reboots fully in normal mode again.

---appyface

 

Did you tried to wait 3min. for all icons to appear in tray? It seems that delay is exactly 3min. After that you should manualy create rules for application requesting indirect access to network during system start up.

Look here for some info about delay https://www.wilderssecurity.com/showthread.php?t=141626&page=8#193

 

I tried install again and this time waited. It was much longer than 3 minutes (maybe 45?) and the remainder of services and icons to load were cancelled. Finally JPF2 gave message box "could not contact callback server" (I didn't write it down, that is not exact). Then the system was up, but still not functional, I could click on various things but no response. Still had to boot into safe mode and remove JPF2 to get a usable system again.

There were several more errors generated in the event logs this time.
---------------------------------
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
Date: 9/16/2006
Time: 9:58:45 AM
Description:
The Windows Time service hung on starting.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 9/16/2006
Time: 10:33:39 AM
Description:
The server {1433B808-723C-11D4-AC79-0060B0C18929} did not register with DCOM within the required timeout.

and same error repeated again at
Date: 9/16/2006
Time: 10:34:09 AM

then:

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 9/16/2006
Time: 10:34:39 AM
Description:
The server {1433B808-723C-11D4-AC79-0060B0C18929} did not register with DCOM within the required timeout.

and this one repeated again at
Date: 9/16/2006
Time: 10:35:09 AM

then finally
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 9/16/2006
Time: 12:31:33 PM
Description:
The Jetico Personal Firewall server service terminated unexpectedly. It has done this 1 time(s).

then there are messages related to my restarting the system in Safe Mode in order to remove JPF2.

---appyface

 

I have DHCP/DNS clients disabled on this test PC with JeticoV2 (Use fixed IP). So I decided to enable the DNS client so I could grab some screen shots of the alerts and rules needed etc for DNS to show djg05,... but, it appears it is not possible to enable the DNS client on W2Ksp4 while Jetico is installed,.. I tried numerous times, with Jetico enabled/ Allow all/ disabled(exit from tray), but each attemp ended (after a long wait) with services.exe at %100 cpu. Putting the DNS client into auto, then a re-boot, ended with a very long boot up, with Jetico "unable to connect" error.

I will have to uninstall Jetico to enable DNS

 

Hi Stem,

...your DNS issue... could it be you're using big hosts file?... Just a tought... it would have same/very similar symptoms as you mentioned.

 

Hi,

Good thought/call,.. I will have to check the Image later. (I forget wants on half of these images I have). I have re-stored from another image (as I am playing with another beta, and keep swapping about).

____
Stem

 

You're doing very well, my friend (I can't but qualify you as such ).

 

I have split off some post concerning Jetico V2 setup to here

 

I apoligize if this is considered a "thread highjack",but I really don't know where else to post.I had installed Jetico beta's 7 and 8 with no problem and also the v1.In the last week it doesn't want to install at all-keep getting "Jetico error 0x8008005-could not connect to firewall server".I see this mentioned in this thread,but I don't see a workaround.(maybe because there is none!!)My question then is there a workaround or fix for the above error or do I have to wait until its corrected in next builds?I'm using a HP PAv-Winxp,plenty of memory etc.I have Nod32 running,Spywareblaster,SpywareGuardAny software conflicts known?Any insight would be appreciated-really like the JFW but I can't install the damn thing!!Thanks

 

First try to set the Jetico Service to 'Manual' and restart your PC. This helped in various cases.

 

I set the Jetico service to manual,but it still won't start and I'm receiving the same error notification.

 

Yes. I was having same problems. Also slow bootup. But was fixed after setting jetico firewall server in services to manual and a reboot.

Rick