JPF v2 beta progress.

Discussion in 'other firewalls' started by Nail, Aug 2, 2006.

Thread Status:
Not open for further replies.
  1. Nail

    Nail Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    28
    Hi there. I created this thread to list JPF v2 bugs description/status. I just
    want to minimize email support outlays.

    1. Uninstaller problem (Error read log file, err code 0) - in progress
    2. Service start problem (MainDoc, CoCreateInstance hr = 0x80070005) - in progress. Service encountered startup problem. I shall prepare special build with step by step debug output and send it to volunteer to track down the problem.
    3. File->Save as does not work. We just forgot to implement it. Sorry. We shall fix it.
    4. File->Save is disabled. Current beta version has autosave hardcoded.
    5. Sometimes firewall displays extra (echo) popup message - in progress. Just click "Cancel" for a while - it's harmless.
    6. jpf2notes.htm (release notes) text has a mistake. Installer sets JPF service start mode to "Manual".

    Sincerely,
    Nail Kaipov
    Jetico, Inc.
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Nail,
    Thanks for the update, hope to see you around the forum more, to keep the forum updated.

    Best Regards,
    Stem
     
  3. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    A few points from me:

    1, Jetico main window doesn't remember size, when adjusted and then restarted.

    2, I found on my system that upon system reboot, the Jetico window pops up instead of running minimized.

    3, Jetico still seems to forget user allowed entries. For example, disabling the trusted 127.0.0.1 loopback address can lead to multiple prompts (Local Port & Remote Port unchecked) ;) Test it with Firefox:)

    I am a little disappointed that Jetico v1 configuration can't be imported into v2 since i spent a considerable amount of time creating table presets.

    I am staying with v1 for now, as i am more than happy with it's tight configurability and very LOW impact on overall resource consumption.
     
  4. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    When you have this sort of list...it can be a pain:ouch: Preset List.gif
     
  5. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    That would be me :)
    Nice to see the development going on.

    Yes indeed, the memory usage in v2 jumped from 4.5MB in v1 up to the dopple ca. 13 MB, and by the way a tool for importing v1 rules into v2 is a must.
     
  6. Ciaba

    Ciaba Registered Member

    Joined:
    May 29, 2006
    Posts:
    22
    ...a problem...
    when I assign a table for a popuped-message-rule that rule remind the event(outbound conn, send datagrams, receive, listening, etc etc), that is not correct because access to a table shall be without event or table dont work well.
     
  7. Nail

    Nail Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    28
    New beta is available: http://www.jetico.com/jpf2setup.exe
    Improvements:
    1. Uninstaller bug fixed. Quick fix is also available: get uninstall program from our site:
      http://www.jetico.com/bcuninstall.exe, copy it to windows directory (%windir% c:\windows or whatever else), then start Add/Remove programs->uninstall
    2. File->Save as implemented
    3. Release notes fixed.
    Now let me comment new entries:
    JPF should write window positions to HKCU\Software\Jetico\Personal Firewall\2.0 on exit. Try to exit JPF, then start it again. If problem persists please write to support@jetico.com - I'll try to find the solution.
    Sorry, but I did not understand this problem. Please write step-by-step instructions to reproduce it.
    Again, I could not get what happened exactly. I need more detailed/precise information.
     
  8. Ciaba

    Ciaba Registered Member

    Joined:
    May 29, 2006
    Posts:
    22
    ...ok.
    Es. I try to start first one IExplorer...Jetico ask me this...
    http://img156.imageshack.us/img156/4131/problem1aj2gd5.th.jpg

    ...so I try tu use the funcion Use Template ->Web Browser but result is not like I think...
    http://img156.imageshack.us/img156/6047/problem1cj2gk5.th.jpg
    ...the rule created is point to Web Browser table but has remind outbound connection...so this table dont work well.

    For to solve it I need to do different...select Custom rule and set like in image...
    http://img215.imageshack.us/img215/6315/problem1bj2fh3.th.jpg
    ...in this way table is right and work
    http://img215.imageshack.us/img215/1371/problem1dj2ov1.th.jpg

    ...Problem is: Use Template work well??...is necessary?

    p.s. problem about install\disinstall: I've install beta version on an HD( C: ) with XP...this morning I've start on different HD( E: ) XP with version 1 installed for disinstall it but procedure is freezing...so I think beta from an SO has manipulate version 1.x to other SO...This not like much.
     
    Last edited: Aug 3, 2006
  9. smb

    smb Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    17
    Hello Ciaba,

    i am not shure if I understand your problem correctly.
    But I think you mean that with the default settings the template was only applied for the event "outbound connect". This way the event "access to network" is not covered and would need an extra rule?

    If this is true than the solution is easy. Go to the corresponding "Ask" rule, click "advanced" and deselect "event" for templates (see screenshot). After that the Web Browser template is used for all events triggered by IE.

    If that was not your problem maybe you could ty to describe it once again :rolleyes:
     

    Attached Files:

  10. smb

    smb Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    17
    Installed the new beta. The service startup problem seems to be improved (no problem since reinstallation) but the extra popup messages still appear.
     
  11. Nail

    Nail Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    28
    Hi, Ciaba.
    Now I got it. This is configuration bug. Solution:
    1. Find "Network activity" table
    2. Run edit dialog for "ask" rule
    3. Click "Advanced" button at the bottom of dialog
    4. Uncheck 'Event'-'Template'. Screenshot:
    template-event.JPG

    I shall fix it in the default configuration.
     
  12. Ciaba

    Ciaba Registered Member

    Joined:
    May 29, 2006
    Posts:
    22
    ...Hi smb, tnx...that is the solution :thumb: will be fixed ;)


    @Nail tnx too I've see now :D ...good general evolution for Jetico...little little bug but a great beta version.
     
    Last edited: Aug 3, 2006
  13. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    Nail,
    i have removed the trusted address 127.0.0.1 from the groups tab as i would prefer to see 'loopback' activity.
    Firefox on initial execution calls for both outbound and inbound to local address 127.0.0.1 and this is normal behavior for Firefox.

    The problem i had is that even when removing remote port & local port from the prompts, i would still get a few of the same event :

    accept TCP/IP outbound connection 127.0.0.1 any any
    accept TCP/IP outbound connection 127.0.0.1 any any - Duplicate
    accept TCP/IP inbound connection 127.0.0.1 any any

    This would mean going back into the configuration and removing uneeded entries.
     
  14. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Ok, i installed the new Beta of Jetico2.

    Results:
    1. Jetico server/service connection problem still the same.
    2. Uninstall process starts now, but does not remove any file.

    I debugged the Server process with following output:

    [3936] JPF: Startup
    [3936] JPF: Runtime objects created
    [3936] JPF: Modules loaded
    [3936] JPF: Auth DB ok
    [3936] JPF: DNS cache ok
    [3936] JPF: kernel logger ok
    [3936] JPF: loading IP config reader
    [3936] JPF: reading IP config
    watchdog!WdUpdateRecoveryState: Recovery enabled.

    I turned off 'System recovery' and i got this log:

    [3532] JPF: Startup
    [3532] JPF: Runtime objects created
    [3532] JPF: Modules loaded
    [3532] JPF: Auth DB ok
    [3532] JPF: DNS cache ok
    [3532] JPF: kernel logger ok
    [3532] JPF: loading IP config reader
    [3532] JPF: reading IP config

    It seams Jetico Server is not able to read my IP configuration.
     
  15. appyface

    appyface Registered Member

    Joined:
    Jul 30, 2006
    Posts:
    9
    Hello Nail,

    I have VPN issue to report.

    I downloaded and installed current JPF2 from location earlier in this thread. 2.0.0.5 I believe.

    I enabled VPN protocols on main screen for active ruleset.

    I connected successfully to VPN server over internet connection.

    However, cannot access any network resources (browse shared folders on network servers, for example). There is no prompt from JPF2 at any time. Windows Explorer returns 'cannot access the requested resource'.

    Using 'shutdown firewall' command on JPF2 has no effect. After removal of JPF2 services, VPN connection and resource access works correctly.

    Please let me know if you need further information.

    Thanks and regards,
    ---appyface
     
  16. ubuntu

    ubuntu Registered Member

    Joined:
    May 17, 2006
    Posts:
    22
    Location:
    China 中国
  17. smb

    smb Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    17
    Hi Nail,

    I prefer to divide my applications in groups like "Browser", "Mail", "Standard application" etc. and defining all neccesary access rights for the group. This way I only have to make one assignment for a new application in order to enable all necessary access (see screenshots) what makes life much easier in my oppinion while still beeing reasonable secure :).

    However it looks like the application rules and checksum rules in v2 have been divided in a way that they can not be combined within one table. Therefore it seems impossible to give an application all necessary rights with just one assignemnt when i want to use application checksum. Is this true or am I missing someting? What is the advantage of seperating this functionality? o_O

    Regards
    Stefan
     

    Attached Files:

  18. Angelarme

    Angelarme Registered Member

    Joined:
    Aug 3, 2006
    Posts:
    2
    Location:
    Paris
  19. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    I made the same request and I got response that group edit dialogs are typeless, which I understand that they use same dialog for IP groups and applications group and because of that they didn't added the browse button. But they will consider the request.
     
  20. ubuntu

    ubuntu Registered Member

    Joined:
    May 17, 2006
    Posts:
    22
    Location:
    China 中国
    thx, after that
    I have tried to enable logs in "Log messages filter", but nothing changed.
     
  21. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I think this is down to another request is being made for that connection in the time period that the first rule is being applied. I did get the same popups as you mention, for the loopback, but found that these can be just cancelled.

    If you do want to allow firefox loopback, you can now place just one rule (Jpf2) which can be made to allow both inbound and outbound connections.
     
  22. Nail

    Nail Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    28
    To Ubuntu:

    Groups are typeless by design. That's why JPF uses the same dialog to modify IP addresses and applications. We shall return to this problem later.

    Edit boxes for log file settings are read-only in this beta. If you really need to adjust log settings, use following registry keys:
    Log folder (REG_SZ)
    HKEY_LOCAL_MACHINE\SOFTWARE\Jetico\Personal Firewall\2.0\Log\LogDirectory
    Max log file size, bytes (REG_DWORD), min size is 200kB
    HKEY_LOCAL_MACHINE\SOFTWARE\Jetico\Personal Firewall\2.0\Log\LogSize
    Keep last (REG_DWORD)
    HKEY_LOCAL_MACHINE\SOFTWARE\Jetico\Personal Firewall\2.0\Log\LogRotate
     
  23. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    Thanks Stem.
    It isn't a major problem, just an observation. nod32krn.exe also popped up twice for 'Allowed Network Access'.
    I think the problem is that Jetico is a little lazy in checking it's own configuration before eagerly popping up with an action already granted.

    That said, this is a remarkable firewall, right down to the informative notification icon:)
     
  24. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi tony62,
    Yes, I am seeing this numerous times now, but then noticed in bug report:-
    so it is a current bug. (its doing the same for "application checksums" :D)
     
  25. Nail

    Nail Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    28
    Hash checking was separated because previous model caused a lot of popups when application altered. Initially we planned to allow the user to turn off hash checking. Unfortunately it conflicted with rule auto creation (popups, rules based on log entries). We had one more model but this one was easier.
     
Loading...
Similar Threads
  1. IvoShoen
    Replies:
    12
    Views:
    1,345
Thread Status:
Not open for further replies.