Does it mean I don’t need SvcHost Table ?

Group,

After checked many post, I build this System application Table.

Does it mean I don’t need to create a SvcHost Table?

About System.exe, the only time I saw service in Ask User Table on 68, 67 Port, it was when in property of Network cable connexion, the NetBios TCP/IP was active.
Is it preferable to let this NetBios active?

I will show you the application, system applications and System Internet Zone Tables.

If somebody could comment these 3 Tables, and let me know if I need to change something.

In the same time explain the role of each 3 Table.

By the way, the log of Jetico is not really visible, is there something to do for fix it.

Windows xp Sp2 Home edition, Cable Connexion, no router.


SYSTEM APPLICATIONS >>>>>>> in SvcHost Local port is 1024:4999 <<<<<<<<<



APPLICATION TABLE


SYSTEM INTERNET ZONE


Thank.

 

It looks like you have similar/same rules for svchost spread out over several areas. You don't need to do that. You really should only have one set of svchost rules set up in a table under Network applications only. This is probably easiest because then you just point svchost to that table using the "Use template" option. To enable logging for your rules you have to select your choice when editing rules under "log level", usually: info, warning or alert. There are other choices too.

 

Thank wat0114,

When you say
"You really should only have one set of svchost rules set up in a table under Network applications only."

My English is so so.

Is it mean, I should create a Table under "Ask User Table" for SvcHost.
Then remove/drag they rules I created/add for SvcHost in System Applications.

What do mean by (using the "Use template" option)?

I have already tried "log level" on info and the Log file was not more usable, I will try to play again with these option.

Thank.

 

Youre english is fine, Mido What is tough is that you are using version 1 while I'm using 2. Still, if we can bounce ideas off one-another, we can both maybe head in the right direction with our firewalls. My 3 screenshots simply illustrate what I have done to organize my "Web Browser" applications. it is not necessarily the best way to do things, since I am still in learning mode with Jetico.

1. The "Group" of applications is created.

2. That group is placed in "Network Activity" and directed to my "Web Browser" table (template) ruleset.

3. the third ss shows all the rules in that Web Browser ruleset that will apply to that group. Notice also the "DNS Client" table which has become a sub-table of the Web Browser table because I have its template rule created within the Web Browser table.

I still have lots of work to do to figure things out and get everything organized as efficiently as possible, but I hope to have the right idea

*EDIT* sorry, please view the screenshots from bottom to top to middle.

 

wat0114,

A Web walk is certainly more secure like that.
And I suppose it could use with Mail client and other outside
communication.

I will try the Jetico v2.
Perhaps better then the v1 and more documents.



Thank for this!

 

Hi Mido,

I don't know how secure my rules are. I figure they're decent, at least, but I'm always open to suggestions from others. I'm also constantly fine-tuning them. My mail client uses a different rules table with the rules in it specifically setup for only the mail servers' POP3/SMTP ip addresses and ports (110/25).

Please do keep in mind that Jetico 2 is trialware. Version 1 is free and is actually an excellent firewall in its own right, as long as it is set up properly.

Jetico really does make the user think hard about what they need to do to get it set up properly.

 

Hi wat0114,

I tried Jetico 2 but it was very unstable.

I have reinstalled ver1.

I have remark something stange?

The Block Port and System applications Tables are not suppose to be before Ask User.

Into the "Application Table" I have : (in order)
1) Application Blocked zone
2) Application Trusted zone
few rules...
3) Block Ports ----> I put all they block port 135, 137-139, 445, 500...
4) System applications
5) Ask User
6) continue

But in the fact, in the left column, "Ask User" happen before "Block Ports" and System application.

Why?

Thank.

 

Hi Mido,

it could be the placement of one or more of your block rules or you have not included an important process in your Indirect access group - maybe explorer.exe. I have the majority of my block rules in the Network/IP table. See screenshots. Jetico is very unforgiving if even one critical rule is wrong or situated incorrectly. Do keep in mind that if you inadvertantly block even one required process/application in the Indirect access group, you will effectively block all Internet access.

Maybe try starting out with the default "Optimal protection" policy and work from there. BTW, what exactly was the stability issue? For some issues with J2, see: To resolve slow shutdown_startup issues on how to pin-point the problem. Usually something is blocked that should not be.

Also, it is easier to see what is wrong if you can include screenshots of your rules.

 

I'll put some Table.

As far I remember. I Almost sure, It always be like that, even if I Reload or Reinstall Jetico.
The Ask User Table will happen before System Application.

OK, In Application Table the first blue arrow in bottom is the Block Port Table I created with all Block Port from "Attachment 194316" of my first post.

In System application, I take all they SvcHost rules from "access network" till bottom and put it in WindowsUpdate Table (can see these original rules in first post)

I had Explorer.exe in "Ask User" and "System application" I clean off explorer.exe from Ask user.


Application Table


System application


System IP Table


System Internet


Thank.

 

Mido,

something is wrong with your "name server" rules. The red exclamation mark [!] means there is an error with the rule. In some cases, the error is not a problem just as is the case with my Trusted zone and Blocked zone rules because I did not bother setting those up. But with your DNS connections, it is important you fix those up, otherwise you will get a loss of Internet connection. Check the name server ip addresses under the "Group" tab and make sure they are right. I will be busy until late this afternoon. Good luck!

 

Wat114,

Is it a good think to put all of these address into Trust Zone for optimize the WindowsUpdate.


72.246.0.0/15 Akamai technologie
209.170.113.0 - 209.170.113.255 "
209.170.64.0 - 209.170.127.255 "
209.170.64.0 - 209.170.67.255 "

207.46.0.0/16 Microsoft
65.52.0.0/14 "
64.4.0.0/18 MS Hotmail

204.160.0.0/14 Level 3 com
8.0.0.0/8 " "
199.92.0.0/14 " "
192.221.0.0/16 " "
206.32.0.0/14 " "

80.0.0.0/8 RIPE
195.0.0.0/8 RIPE
212.0.0.0/8 "
82.0.0.0/8 "
85.0.0.0/8 "
89.0.0.0/8 "
193.0.0.0/8 "

208.174.0.0/16 SAVVIS
208.175.0.0/17 "
208.175.160.0/19 "
208.175.192.0/19 "

207.138.0.0/16 Global Crossing (GBLX)

124.0.0.0/8 APNIC

240.0.0.0 IANA

And other ones as IANA... are still reject by Jetico during this text writing.

Should I autorize all of them anytime?


Thank.

 

I would probably create a M$ update server "group" of ip addresses. However, it is infuriating attempting this with their update server ips because there are so many of them for both ports 80 & 443. Still, it is better than simply allowing svchost unrestrricted access to those ports.

Before anything else, I would advise you fix the name server rules. Also check out the Jetico driving me crazy thread from a while back. In particular, check out the posts from Moderator/Security expert Stem. He knows Jetico 1 inside-out

 

Wat0114,

OK for conclude.

I have fixed name server by they IP of my internet provider.

Is it good to let access internet svchost port 80-443 always, even if it's not for Windows update?


Thank.

 

Good news

Generally speaking, no. Still, it is tough with MS update servers because of all thos ip addresses. You could probably create that rule to those ports with unrestricted remote addresses and simply keep it disabled, only enabling it when you need to check for/download updates.