Jetico making me crazy.

@Roger_
Thank you for the info, from your post, this makes a number of issues regarding this games "ports" needs more apparent. (and thank you for your time in making the post)

Stem

 

You are welcome, Stem!
I like to help people when I have the time.
I have started using Jetico recently and so I have been watching this topic quite closely.
Nonetheless, it was all this mess with the gaming thingy that was driving me crazy....

Roger

 

Well,

I read and reread all the link you gave me and trust me, with all the willing from me, it doesn't work.
Now, I set rules and it seems to work. I did it with checking each important "Blocked" in the log from the "Block all other" and put it in the rules. Everything now work, but I am sure the security is sucky (as if I accept it in the trust zone. :O) Please have a look of this rule. And trust me one more time, I know it's wearing because I'm also so tired of this kind of firewall problem. So I apologize for bothering, but know that it's not only wearing for you.
The rules is at this link

Translation Evènement = Event ; port distant = remote port ; adresse distante = remote adress ; tout = any ; accès au réseau = access to network ;connexion sortante = outbound connection ; réception de datagrammes = receive data ; envoi de datagrammes = send data.

Ps : Thanks Roguer_ btw, even if I've already looked for this problem many times on google and even with some other searching system.^^ But thanks.

 

Yes, they look o.k. (if the IP`s are for the game servers)

 

Hello guys,

if you can help me, I would like to get one thing clear about how Jetico works.
You have probably the same table structure as me or very similar:

http://www.volny.cz/pavel.pilat/share/jetico.png

As the Help says, rule processing starts in the beginning of the Root table. The first rule in the Root table is jump to Application table and it is unconditional. OK, let's go into the Application table.
First what we can see there is a jump to Application Block Zone, which is marked by an exclamation mark which should mean that this rule doesn't work. Next one is jump to Application Trusted Zone. And there is only one unconditional rule in there: accept all.

As I see it, the rule processing should never come to another tables (like Ask User) and it should end up here.

So how come we get pop-ups for various applications?

BTW: What is this "Application Trusted Zone" table for? How am I expected to understand it? I experienced that when I handled some application like "Application Trusted Zone", it had access to internet and not only to my trusted addresses zone.

Thank you for any answer

 

At the end of the tables you will see a "continue", this is a return from that table to the next rule within the table the jump was made from. Meaning: you mention the jump to the trusted zone,.. there is the rule to allow all for the programs you trust, there is then a "continue", this then returns to the rule "accept listen UDP ports rule"

The application trusted zone is for programs you "trust" to make any comms (this will allow all in/out for the application you set as trusted)

 

There are 2 IP from ripe.net , I don't know what it is.

 

Sure. And according to Jetico help file in section Advanced Firewall Configuration, chapter Firewall rules processing:
"a suitable rule is found and 'Action' field of the rule is accept or reject. The firewall stops rule processing and takes corresponding action . "
So if the rule allowing all trusted programs matches, the processing STOPS. It can never reach the "continue" statement.

 

Yes,.... when a rule matches. The "jump" rule (to the trusted zone) in the application table is only matched if the remote address is in the trusted zone. (created with the "configuration wizard") Check the rule

 

Oh yeah, Stem, now I see it. I'm sorry, I should have looked more carefully...

But this thing in Jetico is misleading. You get a pop-up, you select "Handle as application trusted zone" and think: it is good, the app now has the right to communicate only with trusted addresses, which I have just set up.
You are wrong. You have just given your application the right to talk to the whole internet (and to receive inbound connections as well). Watch out for this, guys.

The developers somehow forgot that this action ("Handle as application trusted zone") should also set the Remote address condition to "Trusted addresses".

I solved this by making my own ruleset and don't use Application trusted zone anymore.

 

For a program to use the "trusted addresses" you only need to give a program "access to network",... this is somthing I do not like, and dont place addresses within the "trusted zone",... Giving an application "handle as" Trusted, does make the "application" trusted (and give full internet access as you have stated)

You also mentioned the "blocked zone" rule having a red mark,.. this will be because you currently have no entries within the blocked zone.

 

Well, I think, Stem, when you give a program "network access", you give it only a loopback access so the apps within that PC can talk to each other through TCP/IP. They can not go any further.

Yes, you're right. No entries in there.

 

The loopback address is within the "trusted zone",.. Any program with "access to network" can access the loopback,.. along with any other IP within the trusted zone.
You can check this if you want to easily. Place into the trusted zone wilders forum IP(65.175.38.194),.. remove your browser rules,... run your browser and only allow "access to network", then connect to this forum,....

 

Man, you're right! Thanks for pointing this out, it's weird behavior.

I also do not like one thing about the Configuration Wizard: anytime I run it, it adds the local subnet (for instance 192.168.1.1/24) into the Trusted addresses list, so I have to remove it manually. And I don't trust all machines in my local network.

But these are only a small issues and since the v1 development has finished, we have to live with them.

 

Do not allow the config wizard (fwsetup.exe) access to the network, just reject this access (this stops the auto adding of the network)

 

Yeah, you really do know this FW . It works, thank you.

 

Your Welcome,

 

By the way, Stem, I have already asked in another thread, but: since Jetico does not run as a service and is a child of explorer process (which starts when someone logs in), how is computer protected when no one is logged in? What do you think?
I use to have computer running for long hours in logon screen.

 

There is no protection from Jetico1 during boot/login (a problem with a number of firewalls)

 

Can someone post a solution, how to run Jetico as a service?

 

You can try this thread.

https://www.wilderssecurity.com/showthread.php?t=137113

You may want to try the new Beta 2. It runs as a windows service without installing any extra software.

Rick

 

Thank you, but i don't like this new Jetico (2)...

...so i tried my luck with "SrvAny". Now it runs as a service, but there is something wrong.

a) i have make a test:
1. 23.33 h - pc reset
2. 23.34 h - pc start
3. 23.34 h - login window (i did nothing for the next ~6 minutes)
4. 23.41 h - login to desktop

Here is my log:
http://img276.imageshack.us/img276/6921/fwlt4.png
Why is Jetico loading the policy not earlier? Or is it active during the waiting phase?

b) When i switch between 2 XP Users:
http://img378.imageshack.us/img378/781/fwlp7.png

0.09.28h - "Firewall shutdown completed" ?
0.09.55h - "Firewall shutdown completed" ?
Why? I thought, when it's run as a service, it should be always on?

 

It happened as it is probably defined as an auto-start service meaning it only starts with user logon... and also stops with logging off. Change it to system start.

 

In the registry? I did it:
http://img247.imageshack.us/img247/3760/fw3ta2.png

Here is my service (it changed from "auto" to "system"):
http://img329.imageshack.us/img329/886/sysra8.png

I restarted the pc. Change users. But again... :
http://img329.imageshack.us/img329/8995/sdvx3.png

 

I apologize as I believe I have misled you before.
In fact, it does not have to do with running as System start, it may as well run as Autostart.
What happens when you Logoff is that all related after-logging on drivers/services are also terminated (that obviously includes your Network connections and Jetico service among all).

So, there would be no associated risk with the waiting-to-log-on time since your network is not active either.

Someone correct me please if I am wrong!

Anyway, I also presume that the startup loaded Jetico drivers (bc_... .sys) that run right from the start of the system (before logging on) will prevent any Network comms from acting until Jetico fwsrv.exe has started.