Problems setting up Jetico V2

Re: JPF v2 beta progress.

Just thought I would take a look at the latest version (2.0.0.9). I am using Win 2k sp4.

When if first booted it said it could not connect to server. Initially I had the router unplugged but after plugging the cable in and re-starting Jetico it still could not connect and it sent off a bug report. A second boot had it up and running and seems ok.

I am getting a plethora of pop ups (using proxo, Mozilla, Firefox, Poco) and services is the main one that keeps coming up with each app. I am never sure how to treat "services". If I block it then there is no connection. Should the rule be edited to allow all ports and if so I cannot see where it should be edited.

Thanks

 

Re: JPF v2 beta progress.

If you get popups for services.exe with remote port 53, check Use template: DNS Client. services.exe must be allowed to send DNS requests if you don't disable DNS Client service on Win 2000 machine.

 

Re: JPF v2 beta progress.

Hi David,
To start,.. go into groups(trusted) and edit the defalt LAN address to your own. (this will allow the comms needed to your router).

You can tighten up with rules later.

 

Re: JPF v2 beta progress.

Thanks Stem

Those are already as you have shown.

With my email and browsers each time a new connection is made "services" comes up with various ports in the 1050 plus or minus, usually in the 1000 plus range. I keep accepting them but they continue.

 

Re: JPF v2 beta progress.

Maybe you missed my previous post #267. Have you enabled DNS Client for services.exe?

Also you should set up IP address of your LAN (if you are connected to LAN or router) in Trusted Adresses. Not the same IP shown in Stem's picture.

 

Re: JPF v2 beta progress.

Thanks

I am a bit lost here. Cannot find DNS client reference in Jetico, but the DNS servers are correctly identified. Secondly all the queries are for ports above 1000

 

Re: JPF v2 beta progress.

Hi David,

 

Re: JPF v2 beta progress.

Thanks Stem

Yes I see that now, but I seem to have by-passed that by clicking on "show the rule that sent this pop up" and changing the "ask" to "allow". Now I wonder if I have compromised anything. If I start up another un registered browser then it asks for an allow but nothing further.

On another point. When I started up this morning it allowed my mail prog to connect but not the browsers. A reboot seemed to sort that.

Also it is taking several minutes before it allows windows to shut down.

 

Re: JPF v2 beta progress.

Hi David,

If you have changed the "network activity"->"ask" rule (which is at the bottom of the table) to "allow", then yes, you have compromised the firewall, as any/all network activity will be allowed (once the application is allowed "access to network"). You should change this back to "Ask"

Due to you allowing all "network activity", you will only be asked for "access to network"

You may have processes running that are blocked. An example for W2K: (\system32\)Internat.exe will run on startup, if this is blocked from indirect access and is running, then your browsers will not connected out.

this could be due to something you have blocked, or something you have not allowed (yes it is a little confusing,.. the fact the firewall is still beta (with bugs) does not help.)

What I suggest:
First, you should change back the "network activity"-> "ask" rule.
Go through the "Network activity" rules, and remove any rules for "services.exe" that contain a "local port number" and a remote port of 53-(you should then be prompted again for services.exe to make DNS lookups,.. you can then create the rules as shown above,.. Services.exe->use template-"DNS client"

 

Setting up Jetico 2.0.0.9 and on

I have got in a muddle with this. There are too many entries under "network activity" so think I will go back and re-install it and see if I can get it right this time.

 

Re: Setting up Jetico 2.0.0.9 and on

O.K. What I will do is re-install onto W2K (with DHCP/DNS client enabled). I am behind a router, so the popups etc should be similar (possibly the LAN address will be different). I can then post the problems I find and how to handle, and I will then take screen shots and show you the popups I get, and how I handle these. Would this help?

 

I have re installed Jetico over itself and have done message 7. Now I have the following popup

 

This is proxo,... you should "use template"->"Browser"

 

Thanks

Presumably that also applies to Avast proxy. What about BOClean when it checks for an update? Does that also go as a browser?

 

Most updaters will connect out to remote port 80 (just keep your eye on the "remote address/port"). So in this situation, then yes,..... Some do attempt update with FTP,.. you will know this by checking again the remote port, which would be 21, in this case, for FTP(remote port 21), you would "use template"->FTP client.

.

 

BOClean update is going out on local 1359 and remote35792

 

If it always updates on remote port 35792, create custom rule with remote port 35792, local port should be empty (uncheck it) and you can specify remote IP (I suppose that it always updates from same server)

EDIT: when you create rules for applications requesting outbound connect, you should look at the remote port info here and it will be more clear what to do.

 

Thanks

Don't know how consistent it is but will try and see how it goes.

 

I edited previous post, after you posted. Maybe it would be usefull for port informations.

 

Thanks

Re BOClean it seems to be various port numbers

 

Did you allow a remote port 21 connection at any time during update? If you did then this is the start of an FTP connection. After the first connection (remote port 21) random local/remote ports are used (between 1024-65535). Check the rules you have created.
There is no trial for Boclean, so cannot install to check.

 

Thanks

No I didn't. Did not see where there was an opportunity to do so. I have set this rule for BOClean (see pic). I am also getting this with Avast and setting a custom rule has no effect. I keep getting bombarded until I allow "Permanently", then it is quiet until the next time.

 

Untick the remote port, then any can be used.

 

Yes I did try that and same non effect. Perhaps I ought to go back through all my rules for browsers and downloader and uncheck address and port but not sure if that is the right way to go.

 

hmmm,... I cannot install Boclean to check,.... but I can install Avast. I will install now to check on connections made.