Jetico making me crazy.

Discussion in 'other firewalls' started by aigle, Feb 19, 2006.

Thread Status:
Not open for further replies.
  1. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi David,
    Which program is giving you all the popups? We can go through the creation of a ruleset if you want to?

    EDIT,
    On call out (work) will be back in about 5 or 6 hours,....
     
    Last edited: Jun 15, 2006
  2. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    Thanks Stem

    It is every program that wants net access popping up

    Avast
    Proxo
    Mozilla
    Firefox etc.

    Even once connected with Moz, a fresh page will bring an alert for Proxo

    I am accepting the defaults "Allow this activity" and remember my answer.

    No rulesets have been imported.
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi David,
    O.K. lets start from the basics.

    But first, I am going to install "proxo" (as your setup), as I have not used this with Jetico, so I am not sure what effect this will have the the rulesets needed (if the default "browser" rules can be used "as is" or not), or if "proxo" may cause problems?.......
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi David,
    O.K., I have installed "Proxo", So lets begin. First, please either, revert to the Jetico "factory settings" or load a new "optimal protection" and make this active. (to reset, open Jetico / file and select "revert to factory settings",..... or to load new "optimal policy",.. file / open / browse to you Jetico/config folder and open "optimal.bcf" when loaded right click this loaded policy and select "Apply policy"
    (Post if any questions)


    Once done, start "Proxo", you will be prompted by Jetico,.. select "HANDLE AS"__ "web browser" (see attached pic).

    Now you can start "Firefox" (I assume the proxy settings in Firefox are already made for "Proxo" (127.0.0.1:8080). When Prompted by Jetico, [because Firefox is setup to use "proxo" proxy, you can just "allow network access"] OR to save any confusion you can select "HANDLE AS"__ "web browser". That should bring you online,..

    If you are prompted by Jetico for "Avast", again, simply select "HANDLE AS"__ "web browser" (this will allow Avast to connect out for updates/ web shield (is avast web shield on? config for Proxo?)) Avast may want to connect out to FTP (remote port 21), check any alert for this, if it does then select "HANDLE AS"__ ftp client (but on my short use of Avast, it only updated using HTTP)



    Post if questions,...or when you are ready to continue,...
     

    Attached Files:

  5. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    Thanks Stem

    Yes I get that. Basically anything that wants to connect to the 'net you allow as a web browser? Does that also apply to a time check program I have that connects to a time server?

    Now I am getting a lot of the type below. This was initiated by starting Word 95 from the MS Office Toolbar. A whole van load of these come up and seem to cycle through every running program.



    Jet 1.jpg
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    You will need to check the info given by Jetico, Check the "remote port" that the program is trying to connect to, the remote pot is normally static (always the same) but the local port will change, so if the program is attempting to connect to remote port 80, and you trust the program, then yes, select the "browser rules". If the program is attempting to connect to, for example, remote port 123, then you would need to edit/create a rule (I will find an example of this, and post)

    You should block this. But, make sure this does not cause connection problems (just about any MS program will attempt network access, one way or another,.. )
     
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi David,
    Below is an alert from Jetico, as "Svchost" is attempting to connect to MS time server.
    You will see from the rule:
    Event: o.k.
    Protocol: o.k.
    local address: o.k.
    local port: Now, this is where there can be some confusion, in this rule it is showing "any", which can be allowed for a trusted program. Somtimes when a rule comes up, this "local port" may have a number, example 2000. Now if the rule shows a local port, and you allow/remember the rule, then only a connection from this local port will be allowed. So for this (if a port number is shown) you would need to edit (will post to show how next)
    Remote address: o.k. for this program, If this is the address that the program will always connect to, then this is o.k. (but if this program was a browser, or a program that may need to connected to any address, then you would need to edit this).
    Remote port: As mentioned, this is normally static for such a program (an exception is FTP)

    So this rule, for svchost, for connecting to "time" is o.k. as is
     

    Attached Files:

    • time.jpg
      time.jpg
      File size:
      38.6 KB
      Views:
      1,715
  8. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    Hi folks!

    I have been following this thread from the start and all I can say is "Stem, you are a GODSEND". You are giving others the opportunity that normally they would'nt have and I thank you for that;)
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi David,
    The points I made in my last post concerning,
    local port:
    remote address:
    If these as I mentioned need editing, you would select custom, (I know this says "reject", but this is the only way to edit while the rule is up at this point), EDIT rule.
    You will see the rule opened out, and I have arrowed:-
    Change the "verdict" to accept (as you are allowing this rule)
    You can see from the pic, where the entries are for:
    local port (local address/port) if this had a port number, you would need to change this to "any" for a trusted program, or, as I do, you could change this to a port range of 1024-5000
    Remote address: As mention, this may be correct, if that is the only site that is needed by the program, or you may need to change this to "any"
    "
     

    Attached Files:

    Last edited: Jun 15, 2006
  10. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    Thanks Stem for all the input.

    All seemed to be going fine till Jetico decided without warning to block all access to the web. A reboot resolved it for a while then it happened again. The third time after I had been away for about an hour, I had to uninstall it and go back to Kerio since it was stopping me from doing any work.

    Interestingly although Kerio uses more memory I find it is faster than Jetico in all aspects. Maybe it is not tuned in very well.

    One program that is causing a problem is a mouse guesture one called StrokeIt. The option to "handle as" is greyed out because it is injecting code into another program. Of course it would since it is controlling it for an instance. Don't know if that is why Jetico is closing things down. If you have any thoughts I will look at it again.
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi David,
    What MS applications where you running at the time? I have found problems with MS programs such as MS word (and 1 or 2 other programs), which for some reason require "network access" (not internet connection) and if blocked can cause problems. I did allow "network access" then placed a rule to "block all" for MS word, and this solved my problem.
    Can you remember what MS applications (and others) you had running (MS office?) and where these blocked from network access?

    If you do get blocked from access to the internet, before re-booting, try, "right click Jetico tray icon / security policy / and select:- block all", then re-select "optimal protection"
     
  12. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    The only one running was MS Toolbar which I think is the '95 version. I do have Office 97 but nothing later. The only program running were

    Mozilla
    Pocomail
    Outlook 98 (just remembered that one)
    PG
    Avast
    BOClean
    Socketwatch (Time checker)
    Download Mage

    I think those are the main ones.

    None of them have caused problems with other f/w's

    Looking at 'Active Ports' the only one listening are
    System
    lsass
    Avast
    Oodag (defrager)
    Kerio
    Mozilla
    Proxo
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Where/are any of these programs blocked from network access?

    What is your connection type? are you behind a router? (DHCP / fixed IP)

    Check Jetico log for any blocked packets.
     
  14. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Nah, why borther with understading, just download and use the rule set here
    https://www.wilderssecurity.com/showthread.php?t=134029 and be done with it!
    :D

    Your advise with proxomitron is okay, but I prefer a tigher rule set myself when using such web proxies.
     
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    The default ruleset for "Browsers" within Jetico, which I advised to use for "Proxo", allow only outbound connections to HTTP/HTTPS,.. Nothing more. Should "proxo" not be allowed outbound to HTTPS?, as that is the only way to make the ruleset any tighter (without blocking it all-together)
     
  16. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    I am behind a router f/w with a fixed IP. DNS servers are fixed.

    I think some of them were blocked. Can't check the logs as I have had to remove it to get some work done, but will try it out again this evening
     
  17. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    I had another go at installing it over the weekend. Apart from the hassle it presents I find that it slows my web access speed down by roughly half. There is also the fact others have mentioned that it does not install as a service.
     
  18. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    stem, pertaining to post 209 why is svchost connecting to windows.time.com for and what is initiating svchost? Is it just for time sync and should it be allowed?
     
  19. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Windows service "Windows Time"
    Yes
    If you have this service enabled, and want it to run correctly, yes..... If not, go into "Control panel \ Administrative Tools \ services" and disable "Windows Time"
     
  20. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    cheers!
     
  21. Green Dragon

    Green Dragon Registered Member

    Joined:
    Feb 18, 2005
    Posts:
    31
    Hi guys

    I am a newbie about how firewalls work, but this discussion helps me a lot.
    I have a few questions.

    a) as i see in Stem's 67 post, he has handle Adware and Spyboot & Destroy as "Web browser" rather than "Trusted Application". What is the difference between theese two?

    b) What about other security applications such Ewido and a-Squared with need of daily updates. Is better choise the "Web browser" rather than "Trusted Application" too?

    c) There are a lot of applications with a need for occasional search for updates, such as Acrobat reader, motherboard software, Samsung mobile suite, creative software etc. I prefer to search for these updates manually. Is " handle as Trusted Applications" the correct way or you suggest something else?

    Thanks a lot for your help. Have a nice day.
     
  22. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Green Dragon,
    Just about any software that requires update can achieve this by either HTTP/HTTPS or FTP.
    Setting an updater as handle as "browser" will give the program the ability to make outbound connections to HTTP/HTTPS, which in most cases is sufficient, some updaters may require FTP, and a firewall will alert that the program is attempting an outbound connection to remote port 21, in this case you would also Handle as "FTP client".
    Placing a program in the "application trusted zone" will allow the program all outbound and all inbound (unrestrictive). This is up to you, for me, I only allow outbound connections (to defined ports) for such programs.
     
  23. Green Dragon

    Green Dragon Registered Member

    Joined:
    Feb 18, 2005
    Posts:
    31
    Hi Stem

    a) I have setted any software that requires update ( adware, ewido, spyboot, QuickTine, Registry Mechanic, etc ) with the same manner.
    At the first popup: "access to network".......the choise is "allow".
    At the second popup: "request for outbound connection"......the choise is " handle as Web browser". Am i right?
    All my programms work fine now.

    b) The only exception was MSN Messenger and Icq where the choise was " handle as Application Trusted Zone". It was the only way to work.
    Is there any different suggestion?

    c) I would like to have a better understanting, how you have made two different rulset settings. For istance, one for browsing only and another for Windows and other updates.

    Stem thanks for your valuable help.
    Apologize for my bad English.
     
  24. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Green Dragon,
    a) For programs such as browsers / updaters etc, when prompted for "network access" you can simply just select "handle as browser" (there is a "allow network access" within the "browser" rule.

    b)I did post a ruleset for MSN messenger post#106 (instructions on loading these are in the previous posts to that). I didnt get any feed back on if the ruleset was o.k. or not (I do not use MSN myself, so never fully tested it myself) You could try this if you want to?

    c)You can load as many rulesets as you want to within Jetico,.. open Jetico,..file/open...browse to you Jetico config folder, here you will see the base rulesets, you can load another "optimal protection",.. configure this, lets say for manual windows updates, then to use this ruleset, right click on the ruleset and select "Apply policy"
     
  25. gkshikuro

    gkshikuro Registered Member

    Joined:
    Jun 23, 2006
    Posts:
    9
    I'm a Chinese.I have used many firewall softwares.And Jetico made me crazy,too. So,I uninstalled it. Now,I think Look'n'stop is the best
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.