Jetico 1.0.1.61 causing BSOD

Discussion in 'other firewalls' started by adam777, Jan 3, 2007.

Thread Status:
Not open for further replies.
  1. adam777

    adam777 Registered Member

    Joined:
    Apr 15, 2006
    Posts:
    48
    Well, about as simple as it sounds...
    I've had BSOD for some time, and finally decide to take the time to do a little debugging.
    Turns out the cause is my dear Jetico FW (bcftdi.SYS to be exact, which is the TDI Filter Driver).
    I'm using XP SP2, fully patched, and the only things running in real time (security-related) are KAV 6 (6.0.1.411) and Jetico (1.0.1.61).
    As far as i can tell, reinstalling Jetico probably won't do the trick (i'll do it anyway), so i'm basically clueless as to possible solutions for the situation.
    I would like to stick with Jetico and would have installed V2 beta, but as far as i know, V2 will not be free and that is not an option unfortunately.
    As for free options - well, I've tried Comodo but uninstalled it pretty quick - did not play nice with KAV and had way to much resources in use.
    I think Kerio used to give me BSOD's as well, and ZA - well, just don't trust it too much :)
    So...
    Any ideas on how to try and fix the mess i'm in?

    PS.
    I've added a link for the full memory dump analysis (using WinDbg), in case you find it of interest...
    http://mihd.net/x9u8t4
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi adam777,
    Please read this post at Kaspersky, and add the reg entry for patch0B to see if this helps.
     
  3. adam777

    adam777 Registered Member

    Joined:
    Apr 15, 2006
    Posts:
    48
    Hi Stem, thanks for the super-quick reply.
    Did the registry thing, added the Jetico folder as trusted and made sure avp.exe is handled as trusted zone in Jetico.
    I guess time will tell...
    Thanks again, will update as necessary.
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi adam777,
    You should not place AVP.exe permanently in the trusted zone, instead allow AVP.exe any outbound it needs, and place a rule in the Jetico "Attack table" to allow all for AVP.exe
     
  5. adam777

    adam777 Registered Member

    Joined:
    Apr 15, 2006
    Posts:
    48
    That actually makes much more sense... :oops:
    Speaking of the matter, i've noticed i also put the executables for Jetico in trusted zone (fwsrv.exe and fwsetup.exe), how should i handle them?
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    fwsrv.exe, only requires/needs "access to network"
    fwsetup.exe. will require "access to network" so it can automatically pick up your LAN, it will also add localhost(127.0.0.0/24). Adding the localhost can be a problem at times, in such setups where a localhost proxy is used.
    KAV does take connections on the localhost for its web scanner, you may want to tighten your rules by removing the localhost from the trusted zone (via the "Configuration Wizard"(fwsetup.exe). But to permanantly remove this, you would need to block fwsetup from "Access to network", you would also then need to set rules for any application that requireds localhost comms.
     
  7. adam777

    adam777 Registered Member

    Joined:
    Apr 15, 2006
    Posts:
    48
    Thanks for the tips, Stem.
    Unfortunately, here comes the update - the registry stuff did solve the outgoing traffic thing (which i haven't even noticed, to be honest, just did some search...).
    However, BSOD is still alive and kicking... haven't diff'd the outputs, but yet again it's bcftdi.SYS as the cause o_O

    * EDIT *
    Forgot to mention, it's an IBM R40 laptop, so it also has all kind of IBM/Lenovo stuff on it, that might cause some problems (i'm not aware of any, but who knows...)
     
    Last edited: Jan 3, 2007
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Do you have BSOD with KAV un-installed?
     
  9. adam777

    adam777 Registered Member

    Joined:
    Apr 15, 2006
    Posts:
    48
    Well, i honestly don't know :)
    It's been my security setup for quite some time...
    The whole BSOD's is a thing that comes and goes... might not be around for a long time and then present itself several times a day :doubt:
    As far as i can remember (but in that case, i can definitely be wrong), it has been the situation since formatting and reinstalling the computer (sometime around August, i believe).
    Anyway, i can't say for sure there are no BSOD with KAV uninstalled, as both applications are installed together from day one...
    Thanks again, Adam.

    * EDIT *
    Well, at the moment i've only re-installed Jetico.
    So far, so good, but who knows? as i've mentioned it comes and goes...
    I'd like to avoid ditching KAV (having bought a license and so...), so i'll just cross my fingers.
    Thanks once again for all your help, Stem.

    * EDIT 2 *
    No, i haven't really thought it would be that easy...
    BSOD's all over the place.
    I'm starting to get used to the idea i might have to ditch Jetico or KAV 6...
     
    Last edited: Jan 6, 2007
Thread Status:
Not open for further replies.