Jetico making me crazy.

Discussion in 'other firewalls' started by aigle, Feb 19, 2006.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Just installed Jetico today and its pop ups are making me crazy, it is constantly giving me pop ups about my Norton products and sometimes firefox also. Hundreds of time I have opted for REMEMBER this action, no benefit. Is there any way other than uninstaling it.

    Also i want to ask does it has hooking techniques, I mean it can be used with PG free or antihook without overlap or not?
     
  2. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,046
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    I just uninstalled it, i hate these pop ups,I was so used to accept it that I am sure if some malware ask for permission,I would have clicked yes for it also. Why they don,t fix it, I will write to them. Really disappointing.

    Any solution?
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I think the key to Jetico is to look closely at each of the popups to see what's actually going on, and then try to (when necessary) create rules of a more global nature to handle some of the common situations that come up. It definitely takes more work than your average firewall. But it's also possible to tame it as well. Hopefully they will make it a little easier in upcoming versions (if and when any arrive). But Jetico is not one of the install, set and forget firewalls..
     
  5. Kaupp

    Kaupp Registered Member

    Joined:
    May 17, 2005
    Posts:
    59
    There will be a certain amount of overlap if you use jetico with either processguard or antihook but I remember someone saying here a while ago that if you create a new rule in the ask user table of jetico to allow access to network for local sockets you can cut down on the popups substantially without affecting the firewall's control over internet access.
    Maybe someone with more knowledge on the subject can confirm this?
     
  6. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,046
    That would be very helpful - I like the firewall but ... creating the rules is difficult.

    A template set would be very useful ?
     
  7. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,554
    Location:
    USA still the best. But barely.
    I had the same problem as op. I chucked it. Happy with GhostWall.
     
  8. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    Ok, when Jetico pops up it's asking you what you want do with a process on your computer.

    In the box that pops up, tick the box in the bottom left, remember my answer , then look at what Jetico is asking you!

    If It's a programme you trust you obviously want to allow it access, so all example here are for allow activity. If it's a baddie then don't allow and deny!


    So Jetico pops up with this!

    Event: Attacker writes to application memory
    Description: Suspicious process activity

    click allow this activity, once you have did this once the box should remain ticked on the next popup. Then you just click ok to allow this activity, usually a windows system file like lsass or Explorer.exe or a programe.

    All files asking for access are treated as hostile by Jetico and will be seen in the process attack table, these rules are made when you initailly decide what a programme is allowed to do, that is, you accept it as ok!

    If Jetico pops up with

    Event: access to network: configration table : Ask User

    which gives you the choice of ticking these options of:

    Allow activity
    Block this activity
    Handle As
    Custom

    this is where you should always choose Handle as, use the drop down menu and click Jetico's drop down menu and choose web-browser if its either IE, Mozilla or Opera, if it's a mail client like Outlook Express, Mozilla Thunderbird choose web client, make sure always to check the box in the bottom left, as having this box ticked everytime you answer will reduce the pop ups!


    For all other programmes which you trust like security programmes which need access to the internet for updates etc you choose the application trusted zone. Sometimes Jetico will ask twice to confirm this but remember, some programmes have many services all asking for outbound connections or network access, hence you think Jetico is giving you a hard time.

    Anti vir has 4 agents all asking for access, update, notify, avguard and scheduler so Jetico is actually alerting you to 4 seperate files within one programme asking for either network access and outbound to the internet.

    So, when Jetico pops up with the Allow activity and Block Activity with the handle as, you can use this for web client and web-browser this is mainly for outbound connection to the internet and for access to the network. So you'll get a request first for access to the network and then if the programme has internet capabilities it will at some point request access to the internet once you have initiaiised it!

    Jetico is basically not allowing any programme willy nilly to gain access to either the network or the internet without being probed and prompted, a far better system than most firewalls that don't aggressively challenge programmes which make requests to the network. Jetico will block and prompt even if you use the cmd prompt and many other areas where other firewalls wouldn't do anything.

    Jetico even asked me did I wanted to allow myself to make a new folder in explorer!

    This is why a lot of people give up, all those pop ups as Jetico is a very aggressive firewall but this is what makes it one of the best. Once it's configured, about an hours work, it's really quite quiet after that and well worth it as it can breeze past all those leak tests and its resources are mega low, last night I checked and it was at an all time low for me at 1.6 MB!

    An easy way to configure Jetico is to introduce all the programmes you know will need outbound access to the internet, and all the other main programmes you will be using, and please read what Jetico is asking you and choose the appropriate rule as it will make life a lot easier for you and also keep the box ticked at bottom left as this will limit the amount of pops up you get.

    Last bit, with a p2p networks you will get maybe anything up to a dozen pop ups as p2ps are using many different IPs and /or ports, no problem, just keep clicking alllow activity and choose the application trusted zome and you'll be ok!


    I hope this rather disjointed discussuion on Jetico helps.

    Cheers Khaz
     
    Last edited: Feb 20, 2006
  9. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    I'll try and upload some screenshots so you can see the main box with handle as.

    Hopefully from this attachment if it works you'll see the allow, block activity, handle as which is greyed out, but once checked the drop down menu opens up and you cna choose here trusted application, web browser and web client!
     

    Attached Files:

    Last edited by a moderator: Feb 22, 2006
  10. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    hers another one!
     

    Attached Files:

  11. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    This box is accessed from clicking options/and then general, you should tick all the boxes and click optimal protection in jetico!
     

    Attached Files:

  12. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,554
    Location:
    USA still the best. But barely.
    Face it some of don't want to deal with an annoying prompt 10x an hour. I had the same experience with Outpost as well. Only pf I'm comfortable with are LnS, Sygate, Kerio & GhostWall. All the others I tried so far about 6 more. Were a pain & or failed leaktests.
     
  13. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    Yip, it certainly isn't be everyone's cup of tea and it will also no doubt conflict with others systems! But, this is just to try and help those who have been trying to configure and set up Jetico and are put off by it, everyone to their own!
     
  14. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    If you want real noise try antihook!
     
  15. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,554
    Location:
    USA still the best. But barely.
    Thanks for the warning about antihook.
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan

    But what if it ask about the same prpgramme with same action 100 times in few hours, isn,t it crazy. I installed it and almost every 5 mi it is asking about symantec products, everytime same component with same action.
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    I like antihook, can I use it with Jetico together or it is just an overlap.
     
  18. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    yes there is a lot of overlap, why not use procesguard free and Prevx free beta!
    Antihook takes overyour system, well mine anyway and is really noisy, Jetico and processguard tend to go to sleep with antihook on as it does take over lol! I have now suspended antihook through msconfig and I now know processguard is alive and well!


    prev free

    http://free.prevx.com/
     
  19. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    with Jetico , just make sure you check the box remember this answer and put symantec into the apllication trusted zones, the problem with symantec if you have it's security suite as I see this in many hijack this logs, is there are many processes for Norton's anti virus and it's other products, so I doubt it your seeing just the same Symantec file asking for access!

    Either your not telling Jetico it is a trusted application, and allowing it access when it asks you if it is an attacker.

    When Jetico pops asking about

    Event: Attacker writes to application memory
    Description: Suspicious process activity

    click allow this activity,


    Then if it's asking for


    Event: access to network: configration table : Ask User

    which gives you the choice of ticking these options of:

    Allow activity
    Block this activity
    Handle As
    Custom

    this is where you should always choose Handle as, use the drop down menu and click Jetico's drop down menu and choose web-browser if its either IE, Mozilla or Opera, if it's a mail client like Outlook Express, Mozilla Thunderbird choose web client, make sure always to check the box in the bottom left, as having this box ticked everytime you answer will reduce the pop ups!

    You might be better to go into Jetico's ask user table and delete all the rules for Symantec and then Jetico will ask again and follow these examples above!


    I hope this helps!
     
    Last edited: Feb 21, 2006
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    So i got it, i was giving option, allow it. Infact i used ZA pro for sometme and it was very easy,i can give options for any programme to connect to net,block, or ask user option OR kill the process.
     
    Last edited: Feb 20, 2006
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    So how to put it in trusted zones, can you explain a bit.

    also i am not sue how to make the first intial configuration when you start jetico first time after install. I am using dial up with proxy server and have a single PC not attached to a network. I will be thakfulif you can expalin by scrrenshots. Your previous post was very nice.Thanks a lot.
    I am going to install it again.

    Also i want to ask how I can take screenshots of my pc to post and how to edit these shots, sorry for an unrelated Q.
     
  22. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,046
    THanks for the examples this is very useful - Jetico might be noisy but ... it is very good with Leak tests as good as LNS - and better than Outpost; can block almost all, but ... it is very easy to allow a component.


    Jetico shows the launchng process making saying no a bit easier - for me any way.
     
  23. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    ok here's some more images!
     

    Attached Files:

    Last edited by a moderator: Feb 22, 2006
  24. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    here's another one!
     

    Attached Files:

    Last edited by a moderator: Feb 22, 2006
  25. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    This is usually the first box you get, simply to allow or deny an application, then you usually get the previous ones for outbound to the internet or to the network!

    In this example I was checking for updates for quicktime so I could get an example for you, here quicktime is lauching IEplorer to access the web and Jetico sees it as an attack until I ok-ed it!
     

    Attached Files:

    Last edited by a moderator: Feb 22, 2006
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.