Jetico making me crazy.

Hello Oliv, Welcome to Wilders,

I did ask for an explanation of exactly what was blocked when "Access to Network" was denied, official reply here

I normally allow "Access to Network" with a following rule to "Block all"(for that app) with logging.
Do remember that any app that as "Access to Network" can access any IP within the "Trusted Zone" and use any unbound rules(rules within the policy that do not have an application within the rule).

 

Thanks ;-)

I had a look at the Jetico support answer to quoted in the post as well as to the problem that was originally described by sudo

This is EXACTLY what I experienced

If I do understand you, you forward theses applications to a table that accept "network access" thenyou have a rule that block any other event. Is that right? I suppose you mean "open rule" by 'unbound rules" (I am not sure about ther terminology".

The problem I forsee is that there are 4 open rules defined by default in the application table BEFORE the "ask user" table:
- accept "listening datagrams"
- accept "listening ports"
- accept "send datagrams"
- accept "receive datagrams"
this means that if I allow 'network access" for theses applications will allow the preceeding 4 events which are reched BEFORE accessing the "ask user table" where you block all other events.

I suppose I miss something here no?

 

I do not see this as a problem, more of a learning curve, Any firewall/application that intercepts internal comms is going to give the user the choice to allow or block, with the same outcome as blocking internet connections with incorrect decisions. You could of course bypass this by allowing all to "Network access" and tighten the rules. (this would then act like many other firewalls)

Yes.

These rules will simply allow any application with "Network access" to "Listen on ports" for TCP/UDP. This will allow inbound from the "Trusted Zone". The "Trusted Zone" by default will include the localhost(127.0.0.1) and your LAN(if you have one). Any other attempted inbound will cause a popup or the packet will be dropped. If you are using a localhost proxy, like Proxo, you would of course need to remove the localhost from the trusted zone, and create rules per app.

These 2 rules are for DNS lookups, as within the rules are the remote IP`s of your DNS servers (name server). You can tighten up by disabling the DNS client within windows, and placing these 2 rules within a table"DNS" and allow each program access to these rules that require this.

 

Sure. I am juste saying that this is quite surprising for an inexperienced user to have its internet access blocked just because he denied network access to touchpad driver or quick launch keys ^^ this is not straightforward. Don't you agree?
I am quite sure in this case that touchpad driver or quich launch buttons driver do not try to open any socket but rather perform a remote function call to an application that does. This is surely what they call "indirect" access and hope they will make the difference in future releases.

I had a try with Comodo and it doesn't trigger this kind of event "network access" nor does look'n'stop. The only events that are triggered are "real" communications. By "real" I mean, not an attempt to communicate but sending or receiving packets on a specific port with a specific protocol. In my humble opinion, this event ("network access") is a real burden: it does not correspond to an active transmission, just to a "possibility" of transmission

So applications I fisrt mentionned TeaTimer.exe, SSScsiSV.exe, ... will also be given right to listen on TCP/UDP ports since we give them "network access" right


Anyway, except this "network access" issue, I am quite happy with Jetico and I feel more secure than with Comodo which opens all TCP/UDP ports for its so called "known applications" (I am perhaps naive but I expected they had performed an in-depth analysis of used ports by msn and other applications to only allow theses ports ^^)

 

ive decided to give Jetico v2 a try since it supports Vista.

I think ive got it setup to my liking, but I have a question or two:

1. What is the "Allow Incoming UDP Broadcasts" rule for? Do I need it?

2. Ive created rules for my p2p and games, should they be placed above the "Block All not Processed Protocol Packets" rule or somewhere higher?

 

Hi WSFuser,

This will be for the DHCP broadcasts. If this is needed will depend on your setup.

The rules should be placed in the "Network activity" table above the "ask" rule.

 

i have an IP Table for Network, but there is no ask rule. i wanted to ask about the rule placement just to be sure.

also i am having the p2p freezes as described here, maybe my p2p rules should go above the SPI rules?

heres my setup:

Vista Business (x86)
Jetico PF 2.0.0.21
KAV 6.0.2.573 Beta
Ad Muncher 4.7
Cyberhawk 2.0.1
Shareaza and uTorrent (my p2p apps)

 

Ask user is under Network Activity not Network. It may be under "AskUser>Network Activity"
You can also right click on the the rules in the left pane and select "Flat View"

Rick

 

im not using the "Network Activity" portion; its just set to accept.

ive already allowed shareaza and utorrent as well as created the proper rules, so what could be causing the freezes?

 

If you read the rest of the thread you link to, you will find that a bug as been found within the SPI, there is a workaround posted by "Nail"(Jetico developer).
There should be a new build out in the next few days.

 

thank you, i did not notice that.

i will try the new build and see how it goes.

 

New build (22) is released. http://www.jetico.com/jpf2.htm (System hangup on incoming connections fixed.)

 

Hi, Stem or anyone who can help

how do yo deal with the svchost for windows update. I find it only use port 80 and 443, but lots of different IP. I want to make a list of ip for it and let it be a webbrowser, but seems I can never enumerate them... Same situation happens for other programs, like avs, they might have over 8 ip+port. Even I want to put them in the trusted zone, they looks too different to make one

 

Hello Ghost_ARCHER,
As you have found, windows updates uses many different IP`s, these vary from location to location and vary due to the mirror sites they use.

I personally disable the auto update, I place open rules for the updates, but only enable these when I am manually updating.

 

Hi, this is my first post here (even if I lurk this forum by more than three years ).
I've read here of different users looking for a ruleset for Skype, so, hoping to be a useful thing, I attach that one here.

The way to load is the same Stem explained in first posts of this thread
(Jetico: File -> Open
delete .txt extension and leave skype.bfc
drag & drop Skype table in your ruleset, etc.)

This ruleset can be also more refined (to be more restricted), shrinking the port range of outbound connections.

For inbound connection I left the default port ( 56858 ) used by my Skype version.
Everyone can change it in Jetico rule (accept inbound connection through skype's default port) according to his default port (see in Skype -> tools -> options -> connection).

Surfing on the web I've also find a site with a sheet containing configuration Jetico rules for many applications, so, not having seen that link mentioned here before, I add it:
http://mintcream88.netfirms.com/jetico/
(some words are in Chinese, but the main are in english)

 

Hello JeffBuck, Welcome to Wilders.

Just a note, the file extension for Jetico rulesets should be bcf, so you will need to change this when removing the txt extension.

The ruleset is quite open, but skype is a program that likes to use very random ports.

 

The problem with Jetico and with Comodo also, is that it is impossible to work out what the hell it is asking you.

When Zone Alarm pops up the thing it is asking me is obvious.

If I want to change that program's access I just open the control panel and right click or whatever.

On every other firewall I've tried once you've (for example) said No to something ... there is no way back.

This is absolute crap ...

I don't care if people say Jetico is fantastic - it isn't - it's practically unusable.

Sort out the interface and then people can decide whether it's any good.

As it is it's unusable.

 

Whoa, strong words my friend. I remember sitting at work thinking about my Jetico rules. Decided I might have become a little too obsessed with this FW. Dumped it, but I still think it is a great FW ( I know, it doesn't make sense).. Props to Stem for trying to make sense of Jetico for a solid novice.

 

Jetico allows you to make changes, you can either delete the rule or edit it to allow or reject.

 

Hey there SMALLDRAGON.

Well, I am not very familiar with Comodo prompts, but what exactly is the problem with Jetico here? I don't quite follow you. It is very configurable on the prompt and afterwards. Yes it requires some maintenance, it's not set-and-forget type of app, but I am using v1 and I certainly don't find it 'unusable'... Please elaborate this.
Maybe you should read a help file, it's very helpful.

Cheers.

 

At the beginning, "Jetico makes me crazy" means we have trouble to make it work. Now, it means we have trouble when it works

I am satisfied with Jetico PF 1 for quite some time. It gives me a sense of control, as some other said. However, after it pops up again and again for anything, I am getting lazy to know what the program wants to do. I simply click accept, if the message keeps popping, I will either make it in trust zone or reject zone, not really care what it is.

When I look back at the rules, the main trouble comes from the hash check -- it gives me safety in some sense -- a modified program might be infected, however, I am doubt if all the infected programs have different hash check, say, if a browser has some toolbar plugin, will the hash check change?

Once you have programs updated, hash check starts get real annoying. The rule set doesn't have the sorting function to let me found and delete the old rule (maybe for programming, it is hard to say a program is updated when their path, file name, and some main regisitry key are similiar or same?).

I believe a long ask user rule table will affect the performance, especially the old rule is obsoleted but never removed. That means the firewall has to go through some obsoleted rules to reach the useful ones. I think several things might be useful to organize the rule set.

1. Sorting by column, to find out all the rules about same program.
2. Add time column, to know which is newer.
3. If the hash check changed while the program path and name are same, ask user if it is an update to determine if to replace the old rule or warn unexpected modification on the program.
4. Add a column to count the frequency (times) the program is use, the rule should be sorted by the frequency.

After all, what is type of Jetico 2, freeware? The beta 2.0.0.23 would not work on my Vista -- installation error, yet the jfsev is running at back ground, and unable to uninstall.

 

Jetico v1 is frozen (not being upgraded anymore).
To slow down pop ups try this thread.
I used Jetico v1 for a long time it is a very good, light Firewall.
Jetico 2 will be shareware (not free).
There is a new build out for Vista you may want to try, version 2.0.0.30
build 23 is several months old.

 

I did

That is why they would not update v1, and why I would not try v2 any more

Yet thanks for your reply, kr4ey! Do you have suggestion on rule for something like siteadvisor or avs. Siteadvisor is the number 1 trouble maker. I've spent time to make rules to let them automatic update, a mess, after their update, popups again, for different hash check. At last, I added the siteadvisor to the block zone, everything is calmed down. Yet can I do the same for antivirus?

I 've looked at the thread again, question mark here.

Is kr4ey Stem? The two never appears same time, one pick up the other's question seamlessly
Do we have a quick way to delete the old rule, or just disable the hash check? The screenshot of your PF is quite neat, mine is like over 10 customized rules, over a hundred of entries in the tables. The programs installed on the machine might be more than that number The larger it is, the more likely it will get larger.
Is there a third party program to process the .bcf file, merge the overlap, delete the old? Say, the JPF 1 plugin?

 

You can set siteadvisor and avs as a web browser in your rules. You will have to through your rules and delete your old rules.
If the program is uninstalled from your computer there will be no icon in front of the rule and safe to delete.
To delete a rule right click the rule and select delete.
I don't think there is any third party programs that will do this for .bcf files.
And kr4ey is not Stem.

 

For SiteAdvisor:
If you need full control over which IP/ports are contacted you can create a new tab and name it "SiteAdvisor", then move the SiteAdvisor rules to it. Remove any obsolete rule and also the ones with the same IP and ports as the others. Now edit the rules and erase the application path, to convert the rules into open ones. When you receive a popup about SiteAdvisor select "Handle as SiteAdvisor".
Else select "Handle As Web Browser" as kr4ey suggested.