Jetico making me crazy.

Who is up to a Chinese translation of our beloved Jetico ?

gkshikuro : you should not abandon so quickly, this very long thread is full of precious information about effective configuration.

Also I have another post here with a few questions about jetico.

edit: mmm I don't know why the above link only shows a "non thread" view of this...

Thanks !
Jerome

 

HI, Stem,

I don't quite understand the local proxy issues with avast's web shield and mail scanner. Could you explain it a little bit about how to set up the rules within avast? btw, in my jetico setting, 127.0.0.1 is not in the trusted zone.

Thank you.

shek

 

Hello Shek,

I found no need to change any settings within Avast or Jetico for these to work correctly together, Jetico re-configured on a re-boot (after the installation of "Avast"). The only rules I found needed for Avast within Jetico, where Handle as "Browser", these rules where needed to allow "Avast" to update.

The "local host" (127.0.0.1), this is placed within the trusted zone by default. The entry of this you need to re-check. Go to: Start menu / All programs / Jetico personal firewall,.. and select the "Configuration Wizard". This will show the "Trusted zone" (this should have the "Local Host (127.0.0.1)" and, if you are on a local network (behind a router), you will see your Lan IP/subnet-mask (these entries do not show within the Jetico rulesets)

 

I have just installed Jetico FW on another computer I have, running Windows 98SE.

I see that the Security policy view context menus (at the Configuartion Tab, left hand pane) do not come up using left of right mouse click. That means I cannot see Flat View, Expand, Unload policy etc. although I can use Insert from the keyboard to insert an new table etc and triple right clicking Optimal Protection allows me to rename it. But importing a saved policy leaves me no way to get rid of it later.

Is this a problem with Win98SE or just my set up and is there a way around it? Thanks for any help.

 

Hi guys

I would like to show you my "ask user table", after a whole week in which jetico works fine in my machine.

a) Are these settings for my programms correct or you have any different and more usefull suggestion? Is my security status good?

b) At the bottom of the table there are 4 entries "C:WINDOWS\system32\svchost.exe". When there was the pop ups i choose "allow". Is there any better choice?

Thanks for your help.

 

You are keeping most programs to "outbound connection" only (browser rules) which is good. I am a little concerned with you allowing msnmsgr and ICQ as trusted. (I do not know the "Powerchute software", is this making inbound connections? is a rule to allow these needed?)

I would need to see where these connections are going, is this windows update?

 

Hi Stem

As I can see there are 4 proccesses "svchost. exe"

a) C:WINDOWS\system32\svchost.exe
Event: sent datagrams, Protocol: TCP/IP,
IP Adress: 239.255.255.250, Port: 1900

b) C:WINDOWS\system32\svchost.exe
Event: outbount connection, Protocol: TCP/IP,
IP Adress: 212.187.162.158, Port: 80

c) C:WINDOWS\system32\svchost.exe
Event: outbount connection, Protocol: TCP/IP,
IP Adress: 212.73.246.62, Port: 80

d) C:WINDOWS\system32\svchost.exe
Event: outbount connection, Protocol: TCP/IP,
IP Adress: 64.4.21.125, Port: 443

My choice was "allow" for all above requests but i am not sure. Any idea please!!!

 

Hi Green Dragon,

239.255.255.250, Port: 1900, this is uPnP, are you behind a router or have any software that requires this?

212.187.162.158 / 212.73.246.62 = Level 3 Communications (Have you any dealings with this company that may require comms?)

64.4.21.125 MS Hotmail

 

Is it humanely possible to allow / block any occurrence of svhost it's used all the time for so many purposes... is it not better to choose "web browser" or "trusted zone" ?

 

You should restrict ANY program / windows application / windows service to only needed comms. On my system, Svchost is allowed only localhost (127.0.0.1) and local Lan connections.

 

Yes i am behind a router.

First time in my life, i heard such a company! I really don't know what is that!

 

Level 3 Communications is one of the largest Internet backbones in the world and has from time to time helped Microsoft with their load for updates for instance.

 

Hi,

This then is not a major problem, but these comms are not normally needed, unless you are using software that is opening ports automatically in the router. If you are not using this type of software, I would suggest that you change the uPnP rule to "Reject"

You should set these two rules (for 212.187.162.158 / 212.73.246.62) to "reject" with "logging" (and name the rule so you can see easily when they are blocked) If you have any connection problems after you do this, check the logs, and post back (I am not sure if this may be related to your ISP?_ have you any software installed that was provided by your ISP?)

 

I think Level 3 Communications has to do with Windows Defender updates.

Thanks Bubba!

 

Test this, set the two rules to "reject" with "logging" and attempt an update.

 

Windows Defender update is impossible now!

 

Thanks for the info, I suppose anything is possible where Microsoft is concerned.
I just downloaded and installed "windows Defender" to see the connections for update (will restore my drive from image later).
connection (attempts) to:
193.38.108.216: a258.g.akamai.net (nothing new there then)
207.46.253.157: update.microsoft

o.k. change the rules back to "allow", rename the rules to "defender update" with logging, and try again. If this then updates, we know for sure, and you can then remove the logging.

 

After all, Windows defender updates again.

 

Thanks for taking the time,.. it is best to know where the connections are going and why. (on any windows or software updates, I have never had any connections to Level3, thats why I wanted you to check)

EDIT: Bubba, is Level3 used globally by Microsoft?

 

By globally do you mean all the time

I don't have an answer to that but with it being a backbone a lot of traffic especially in North America goes thru those folks. Microsoft is just one of many users of Level3 Communications.

 

Globally (worldwide).. I dont see these connections here in the u.k. Its possibly mainly U.S.? (as you mention (north America))

 

Well....it's pretty Worldwide and as noted in the linked supplied above....there is Level 3 in the United Kingdom also among many other countries.

Who is Level 3?

 

Thanks Bubba,
But it was mainly "is Level3 used globally by Microsoft?" its just I check a number of users logs (u.k.) and the only updates I see for microsoft software is to either "akamai" or "microsoft"
Its not important, I just thought it strange when I saw the connections in GD post. I will note this for future reference.

Thanks,

 

Stem---

Thank you for your help. One more question, how could i disable the process attack table? uncheck it under the root? or add a accept all rule on the top of the process attack table?

regards,

shek

 

Both of these will work. But if you "uncheck it under the root", it does save Jetico a little bit of work (it will not process the attacks).