Print

Welcome to Smokey's Security Forums.

Guests have only limited access to the board and it's features, please consider registering to gain full access!

Registration is free and it only takes a few moments to complete.

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Kicker]

Hi Erik,

as a side note, when you say "your firewall", please note most of us here does not have any relation to Jetico other than we are using their products. We are not Jetico developers or official support.

Now to your questions.

Indirect network access and process attack tables are strange beasts. I would recommend to turn both off, get familiar with the rest of the firewall and its configuration, and then, when you feel comfortable with the rest, get back to it. Otherwise, it may be hard to track down configuration problems and relation between rules and JPF behaviour.

When you feel ready, start by reading the Indirect network access and process attack chapters in the help file, then continue by this post. That should give you better insight into how to use these tables properly.

To your specific problem: Some time ago, there were questions about popups appearing for applications which terminated some time ago. I think that Nail explained it is by the way the hooking into the system works. I find it strange too, but I learned to live with it.
If the application "attacking" your browser really does not run nor did it run before (after last boot), then there is definitely something strange there. I would start by verifying the application really was not run. Then checking your machine for malware. Finally, you can try contacting JPF support by email, there may be a bug in the code you just found.

Hope this helps...

[erik]

Ok,

sorry for a long delay. I was trying Online Armor for a while, but I like your firewall more. It is much more clear in a way, and the footprint is lighter.

But it still does not work, and I'm in need of some real help.

I'm trying to make Chrome (Googles browser) to work. I have a group called "Web Browsers". It is in this group. AVGs network scanner is also in this group.

When Optimal Protection has "indirect network access" set to "bypass", then Chrome works. As soon as I turn it on ("learning mode"), Chrome stops working.

Now for the really weird part: The learning dialog that comes up has this content:

Ok,

sorry for a long delay. I was trying Online Armor for a while, but I like your firewall more. It is much more clear in a way, and the footprint is lighter.

But it still does not work, and I'm in need of some real help.

I'm trying to make Chrome (Googles browser) to work. I have a group called "Web Browsers". It is in this group. AVGs network scanner is also in this group.

When Optimal Protection has "indirect network access" set to "bypass", then Chrome works. As soon as I turn it on ("learning mode"), Chrome stops working.

Now for the really weird part: The learning dialog that comes up has this content:
------------------------
Indirect access to network detected.
Application   C:\Program Files\application_name_01 [name excluded].exe
made inject dll and probably tries to access the Internet via another application PID: n/a (PID: 1640 C:\Program Files\...\Chrome.exe)
If you block indirect access to network, it may affect other applications.
Do you want to authorize it?
Show rule that sent this popup
-----------------------
Now, the strange thing is, that the application is not running at all (I checked all the processes). So how can it do inject dll ?

Until somebody explains this to me, I think I have to keep the "bypass" flag set, otherwise I can't surf.

(To me, but this is only a hunch I have, something got messed up ... I don't think the application that is doing inject dll is the application it is claiming to be, but another one ... I think there are more cases like this in my installation, but I can not really be sure ...)

Eagerly awaiting some help ...

Thanks
/E

[Kicker]

It is very hard to give you generic answer to such a generic question.
Few hints:
 - for start, try setting "indirect network access", and "process attack filter" to bypass (click on "Optimal Protection" label in the tree). You can enable it later again, when you get the basic configuration right.
 - leave the "direct network access" and "network communication" in learning mode
 - do not touch the "network" category in the optimal protection node unless you know hat you are doing. For normal usage, the defaults there are almost always fine, the interesting part is under the Application node.
 - use the "log" option on your rules with different labels and inspect the log after testing it. You can easily see which rules were used for what.
 - for common applications like Thunderbird, the wizard should generate working config. If it still does not work, post more details here.
 - inspect the rules and tables for programs which work and for which you know what they need (e.g. IE is a browser, so i need access to http and https ports). Check the tables JPF created for it to understand how to configure rules for other programs.
 - what I usually do with new applications (for which I am not sure what access they exactly need) is that I usually run them and accept all the popups Jetico throws at me. When I get it to a bit more stable state, I inspect the generated rules and generalize them, usually by removing specific target addresses etc.

And last but not least, read the documentation. JPF has a help, and there is also a pdf version available on the Jetico download page. It is not very detailed, but it does good job in explaining principles behind JPF.

If you need more help, please be more specfic what does and what does not work. Help us help you .

[erik]

I'm new to Jericho. Just installed 2.0.2.8. I just can't get it to work properly.

When in Allow All Security Policy, then of course everything works fine.

But Optimal Protection just does not work. I've trying reloading the standard config and running the wizard. But to no avail. It's just not allowing my applications to come online (Skype, Thunderbird, Chrome) ... And I can't find a way of how to find which rules are blocking the access and why. Also I can't really understand the order the rules are applied. I've now spent several frustrating hours building different rulesets/application groups and still this is not working as expected. I'm a medium/advanced user. It is very frustrating and I would need some guidance/help. I find the way the program work very promising, but to me, finding what's wrong among the rules is almost impossible.

Anyone willing to try to explain what is wrong/going on?

Tia
/Erik