Jetico not show outgoing at all!

Discussion in 'other firewalls' started by kraijeck, Jul 19, 2006.

Thread Status:
Not open for further replies.
  1. kraijeck

    kraijeck Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    10
    Last edited: Jul 19, 2006
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello kraijeck, Welcome to Wilders.

    Are you using the original (optimal) ruleset that was installed with Jetico?

    Have you installed a proxy of any kind? (which AV have you installed?)
     
  3. kraijeck

    kraijeck Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    10
    Thanks for reply.

    Yes, I use optimal setting with KAV6.

    I format hardisk and install windows XP.

    At first they work perfectly [Jetico monitor both incoming and outgoing].

    after edit some system rule (only some reject "Access to network").

    ----reboot-----

    KAV show some protection have malfunction [mail antivirus or web antivirus] every time. I try to fix this by reboot over 20 times. No help.
    So I change firewall rule to "allow all" and KAV work perfectly again.

    Bet when I check at system tray. The "up" arrow stay gray (not show outgoing) and traffic monitor for outgoing was gone.

    I try with uninstall firewall, uninstall KAV and reinstall many times but can't get traffic monitor for outgoing back.
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    The last time I installed Kav6 with Jetioco there was a conflict, due to kav6 acting as proxy. (Kav handles packets at network level).
    I have only installed this combination once, at that time the "System IP table" within Jetico was being bypassed due to KAV6. (this resulted in no outbound logging). But the problem was not predictable.
    You could disable the "web scanner" within KAV to see if the problem remains.

    Which version of Kav6 have you installed?
     
  5. kraijeck

    kraijeck Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    10
    Thankyou very much Stem. I use KAV 6.0.0.299

    Problem solved by NOT install BOTH web antivirus and mail antivirus.
    Disabe them are not enough.

    Now KAV run 2 services with File antivirus and Proactive defense.


    Should I go for KIS and uninstall Jetico?
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    When you disable the "Web AV" you also need to remove the ports to be scanned (in the web AV settings).

    That is your desition. Do you think KIS firewall/AV will protect better with the web AV active, or Jetico firewall/Kav with no AV scanner?
     
  7. tako

    tako Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    5
    Read this forum
    http://forum.kaspersky.com/index.php?showtopic=16036

    I made Jetico rules for Kaspersky Anti-Virus 6.0

    Port of the AVP.EXE process: 1110
    Standard HTTP ports: 80, 81, 82, 83, 1080, 7900, 8080, 8088, 3128, 11523
    Standard SMTP port: 25
    Standard POP3 port: 110
    Standard NNTP port: 119
    Standard IMAP port: 143
    Note: if port 1110 is closed, the AVP.EXE process starts looking through all other ports beginning from port 1110 till 2110, unitl it finds an open port.

    and

    In order to avoid different problems with Internet access blocking you can try the following steps:

    1. Temporary disable Kaspesky Antivirus 6.0 Self-Defence under Settings - Service - Protection.
    2. Please run Registry editor. Click Start - Run. In the Run field type regedit and click OK.
    3. Find the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KL1
    4. Add DWORD value "PatchOB" the key. Right-click KL1 and select New - DWORD Value. In the Value name field type PatchOB.
    5. Make sure that the value data is equal to 0.
    6. Reboot your PC and enable Kaspesky Antivirus 6.0 Self-Defence again under Settings - Service - Protection.

    it worked For me
     
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi tako, Welcome to Wilders,

    Thank you for the link/info.

    If you are currently running Jetico+KAV6, please go to Jetico "System IP table / System internet zone",.. here you will see "Stateful TCP Inspection", set this to log the packets,.. you will see from the log, only the inbound is seen by Jetico (outbound bypassed).

    I have just installed KAV6 (300) to re-check my earlier findings,.. and they are the same.
     
  9. tako

    tako Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    5
    Hi Stem

    Im using KAV6 (300) and Jetico
    i set Log and it look like this

    [img=http://img54.imageshack.us/img54/3442/jetico2cu9.th.png]

    [img=http://img54.imageshack.us/img54/2073/jeticonu0.th.png]

    Im Not sure, if Jetico working as it should be

    I Have to go out, bye for now
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi tako,
    Thank you for taking the time to check this (and post),.. from the log (second pic) the SPI appears to be working correctly. If this is a log while you are running KAV6, then this problem is/maybe hardware related. (could you possibly post info of your hardware?)

    It would be interesting to see other results from this combination. (hardware/logs)
     
  11. tako

    tako Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    5
    Stem, i had same problem as kraijeck, before i find forum(my first post)

    things i have done are
    1- made Jetico rules for KAV6 (300)
    2- change KAV6 registry setting.

    My hardware are

    A8N-SLI Premium
    NVIDIA Nforce Networking Controller
    KAV6 (300) Web AV off and Jetico
    (ScreenShot and Log were taken from)

    Second PC
    Intel/Pro/100+ Management Adapter
    KAV6 (300) Web AV on and Jetico

    Just checked Second PC for Jetico Stateful TCP Inspection Log
    KAV6 (300) Web AV Enabled

    It's working. no matter Web AV Enabled or Disabled.

    hope it help
     
  12. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi tako, thanks for the info,
    I thought you where running with "Web AV" on (posted pic). Do you find the need for creating all the "Jetico rules" for KAV6 with "Web AV" off, as KAV should not be connecting out except for mail scanner/ updates. (I know earlier versions of KAV6, it was just a case of disabling web AV, and removing all ports used from KAV6 settings, and then Jetico processed packets correctly again)
    Now that is interesting.
    My 2 test PC`s are both AMD, both have the problems with Jetico+KAV6 web AV installation. I will have to try this installation on an Intel board.
     
  13. kraijeck

    kraijeck Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    10
    Hello Again Stem and tako. Thankyou for information.

    After I read both of you post, I try to find out what is best way to enable all service of KAV6 and full compatible with Jetico .

    first tako, your solution is work for me. Now Incoming and outgoing traffic are monitor

    but in my system rule configuration like this

    http://img143.imageshack.us/img143/2897/clipboard01zb9.th.png

    .....that cause mail antivirus or web antivirus subsystem malfunction at every startup. But this error is fix by stop and enable manually.

    The strange is KAV will startup perfectly by "accept" all access to network in system application OR,

    1. "reject" some access to network (up to 6-7) system aplication.

    2. not run KAV at startup.




    Likely if KAV is start up slower by 10 sec, they work with no problem.
     
    Last edited: Jul 20, 2006
  14. EGOiST

    EGOiST Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    0
    Yes, I confirm, work with both AMD/Intel.
     
  15. tako

    tako Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    5
    Sorry, i should wrote that WEB AV was actually on,
    but the Standard HTTP ports: 80, 81, 82, 83, 1080, 7900, 8080, 8088, 3128, 11523 was turned off. they made browsing slower.

    if u say disabled Standard HTTP ports was Web AV off,
    no need to make rules for HTTP ports.

    my 2 PC's are both AMD, just using intel nic
     
  16. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi,.... I just couldn`t understand why you placed rules in Jetico for KAV when your post stated that the "web AV" was disabled,.... and if you have removed all the ports within KAV6 "Web scanner" it will be disabled anyway.

    I will find time later to re-install KAV6.
     
Loading...
Thread Status:
Not open for further replies.