Jetico 2 New Release (build 34)

22-August-2007 version 2.0.0.34 released. Changes:

* Stateful inspection for ARP protocol added.
* Monitoring of direct access to memory, OLE/COM communications, process code/memory modifications disabled in 64-bit versions to prevent conflict with Kernel Patch Protection after Windows Update KB932596.
* Clone/Delete policy, Clone table commands added to the policy tree context menu.
* Expand/Collapse command added to the policy tree context menu.
* Empty values handling fixed in rule parameter editors.
* Column order save/restore bug fixed.
* French translation provided by Patrick Leloup.
* Default configuration template updated:
Explorer.exe is allowed to access the network
Stateful ARP enabled to prevent ARP poisoning
"Bypass" rule fixed in the "Access to network" table


Download:- http://www.jetico.com/download.htm

 

Stem,

thanks for the info! Of course, I will try this build as soon as I can. Not that I need ARP protection, but a new build is a new build Other improvements sound quite useful to me though.

How convenient...

Cheers,

 

Hi Seer,

I have not installed yet, but will later.

I hope this gives the ability to export rulesets (?), I did ask for an export option last year (and told "yes" it would be easy to impliment)

I have mentioned this numorous times, as without this, there is slow shutdown/startup.

 

It's good to see that they are still working on Jetico after all this time. If I still needed a software firewall, I'd most likely be using it now...

 

Me too.
I like Jetico very much because it's light.
The only thing which keeps me away from using it, is that it requires too much knowledge to get it working properly.
I'm still waiting for a complete automation of the rules, or at least, some presets for some Windows Services (a wrong 'Block' decision and your connection is locked :/ )

 

Hello

I have been busting my brains over this very same issue a few months ago. I finally got it, with a little help from your side

Cheers.

 

Is this unique to Jetico or does it happen with any firewall?

 

Just Jetico (that I know of).

 

The complexity of Jetico's interface had always given me headaches whenever I trialed past versions, but I could never quite turn my back on it for good. So on that note this version has, so far, afforded me a rather pleasant experience This is developing into a truly awesome firewall.

Just to make things easier I went into a couple of the application templates, Web browser & Mail Client, and modified the rules to offer a bit better security, as well as adding inbound/outbound connections to localhost and send/receive datagram rules. Then I just use the templates for my browsers and email programs, saving loads of time by not having to create so many individual rules for each application. Obviously there is still a lot for me to learn about this firewall, but at least I don't find it a frustrating, hair pulling experience like I used to

 

So what gives here? explorer.exe is allowed to access the network, but can it do so unsolicited? In my first screenshot it is allowed indirect access to the network, otherwise blocking it kills my Internet access, but the second shot indicates what happened for the first time in two days using Jetico, that explorer.exe attempts to receive datagrams with remote addresses my DNS server ips. I block it permanently and there have been no ill effects yet; no blocked Internet and no slow restarts or shutdowns. It would appear there is a big difference between indirect access and network activity

 

I do not allow explorer.exe internet access.

Yes. There is a big difference.

 

Me neither

That's what I thought, but based on several comments I've read in this and the official Jetico forum, I got the impression that Jetico 2 allows explorer.exe complete network access because it needs indirect network access, and, in fact, all other applications allowed indirect access! I have yet to see evidence that explorer.exe gains Internet access with this version of Jetico.

 

Have you performed a (file/folder) search using explorer's "search" feature perhaps? AFAIK, this is the only case when explorer will do network connections (@home). I personally block this as well, but I don't find this to be a big concern.


BTW, this version is playing nicely with me so far. Nothing to complain about.

 

Good point! In fact, that is exactly what I did when it happened It is not surprising to me that explorer.exe attempted Internet access; I have see it happen many times before and I always block the attempts permanently. The only question I have had concerning this with this version of Jetico is whether or not it actually can access the Internet, simply because it needs indirect access. It appears it can not, which is a good thing.

BTW, I, too, have encountered no issues with this release. It is IMO a fantastic little firewall and not too difficult to figure out. The only possible issue I have seen with it is its HIPS-like feature seems sometimes slow to trigger alerts. I have often seen where I open an app that it has no rules for yet, and I don't see an alert on it until several seconds after it has launched, so I don't know what is going on there.

That said, I'm surprised it isn't talked about more, but maybe that is because anyone who has trialed previous releases, especially 1.0, have experienced nothing but confusion attempting to configure it so were turned off completely by it. There must not be a very large user base of this fw. I had found it quite confusing before but I recognized the potential in it, so I always kept it in the back of my mind to try it again. I'm glad I did

 

I am now curious. As I said, the only outbound attempt from explorer.exe I saw was when you perform a 'search' from explorer. Have you noticed other attempts by explorer? If so, please tell me in what cases.

I don't have anything blocked 'permanently' with Jetico, as I do like to have a better insight in outbound attempts by blocking them only 'once'

I use SSM alongside Jetico, and I have also noticed (in the past) that I am warned on interprocess operations from Jetico a few seconds after SSM pops up.

Yes, 'confusion' may be one reason for Jetico's notoriety. But, you have to consider the 'eye-candy' aspect as well. I have noticed that most users (unfortunately) give priority to GUI, and you must admit that Jetico is not the prettiest one Looks rather 'geeky', but I personally like this.

 

It would depend on the process and to what it does on startup. Some applications I have will load many files first, initiate, then attempt access to windows sockets(winsock), the access to windows sockets would then be intercepted and an alert given (it may take a couple of seconds for the application to attempt the access). If you are seeing this from a specific application, then please post details and a download link, I could then check any delay for its attempt for access (or indirect) to network, and compare this to a popup from Jetico (version 1 and/or 2).

 

Yes "wat0114", some more info on this please. I too only see internet access attempts by "Explorer.exe" made when a serch is performed.
Explorer.exe is a target for some malware, where attempt is made to control this process (various methods), and unfortunatly quite a number of firewalls allow "Explorer.exe" internet access by default (or whitelist)

I personally just name the blocking rule and set it to logging. But both methods can give the user important info, certainly if they start to have connection problems due to blocking a needed app/process

 

Sorry for any confusion I caused. I tend to ramble sometimes Indeed, it was only when I performed the search that explorer.exe attempted Internet access. I just couldn't remember that until Seer posted his comment on it, then it reminded me of it. The indirect access of course occured much earlier because, as you know, explorer.exe launches just about everything, including browsers. I have no issues whatsoever re explorer.exe & Jetico now that I have figured out what is going on.

Thank you Stem for your explanation on Jetico's alerts. That is likely all that is happening. It most recently occured with winzip.exe, even after winzip was closed I would have to post details later tonight or tomorrow when I have time.

Overall, I'm very satisfied with my ~ 1 week experience using Jetico.

Thanks again Stem and Seer

 

Applications can remain in memory even when the application is terminated, this can be for various reasons, usually due to open threads (or due to unresolved instance).

 

You are no doubt correct on this For the heck of it, I will post later on what happens with Winzip. Thanks again Stem!

 

Jetico 2 seems to have a problem with multiple accounts in XP. My system usually freezes after exiting any account. Seems fine, otherwise. Although I'm a little surprised that the XP firewall isn't disabled by Jetico after installation, nor enabled when uninstalling Jetico.

 

Yes I have found this too. One way I have found to fix this is to Log out and Log In several times till Jetico gets required pop ups and is configured. I no longer have freezes when logging in or out and switching users.

I allways disable windows firewall before install. That is the best practice.
I am not surpised that Jetico does not have this feature, alot of other firewall don't either.

 

This procedure may help shed light on what is causing the freezes. You have to register an account to see the screen shots.

Out of curiosity, what kind of "Access control" have you given the limited accounts for Jetico?

 

The default configuration values only.

 

Okay, I ask only because I wonder if the "Limited" access is causing the problem. I assigned "Full" to my limited XP account because I don't want to have to keep going into my Admin account to configure the fw.