nProtect (gameguard) and Comodo D+

Status
Not open for further replies.
P

Plexx

Thread author
That's the constant problem I have with nProtect (gameguard). Any users know how to fix this? I have manually configured the gameguard and gamemon rules.
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
I have splited this post so that you'll receive some proper help.
Can you explain what's the problem with nProtect (gameguard) and Comodo?
 
P

Plexx

Thread author
Heya Jack,

Thanks for splitting the post. Well this is how it goes:
I launch the game and gameguard loads up (file is in trusted files in D+) but I keep getting intrusions shown on the log and sometimes the pop ups appear despite having the rules created (I saw on Comodo Forums how to add to allow memory access etc). Sometimes when all pop ups appear, the game cant be launched and I have to restart the Game.

Happened to Asda 2 as well as Scarlet Legacy.

Also, each time I have to allow the pop ups, CIS says I haven't perform a full scan (despite me having it the default settings including schedule scans).

Hope this helps.
 

iPanik

New Member
Feb 28, 2011
530
This is an older issue. The issue is that GameGuard is behaving much like a rootkit. It goes through the system looking for kernel hooks, and when it finds Comodos hooks it tries to remove them, and comodo isn't going to let that happen. The only fix is to disable comodo.

However i am certain this has been fixed a few years ago. What version of gameguard are you running?
 
P

Plexx

Thread author
iPanik, how could I find out the version of Gameguard? I know each game has a different version since some download 10 files, some 15 etc.

I'm looking at the folder where gameguard is and I can't find it.

Edit: I wanted to attached a screenshot of the files on Gameguard folder for Asda 2 and opened the ver file with notepad but I don't have the option. Not sure if it is because it is disabled on this sub forum.

Hope this helps.

gameguard.jpg
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
I remember before when I'm playing an online game with Gameguard patching it goes through weird thing when Comodo D+ installed before and sometimes cannot execute the game properly.

That's the case when I used older version of Comodo before.
 

iPanik

New Member
Feb 28, 2011
530
oh sorry, i was looking at the wrong game. GameGuard updates with the game, it cannot be done manually, sorry.

But the issue is still the same. The only workaround i have found is to disable comodo. I had the same problem when Aion was in beta, i had to disabled Comodos protection when i wanted to play.
 
P

Plexx

Thread author
Would disabling D+ to launch game and then enable while Game is running be a work around or fully disable D+?


Edit: Just tested and disabled D+, Launched game and once in game, enabled D+ and no problems nor disconnections.

Thanks so far for the help!
 

Valentin N

Level 2
Feb 25, 2011
1,314
one way is to grant gameguard access memory (nothing I recommend but it's up to you) or you exclude CIS in gameguard. I would also add it in CAV exclusion as well as in d+ exclusion (d+ settings --> execution settings --> exlusions)

Will this help?
 
P

Plexx

Thread author
I have manually granted GG access to memory to CIS but still doesn't resolve the issue. It was like this on the previous CIS version as well.

GG is added to the exclusions as well.

Perhaps I should report this to Comodo?
 

Valentin N

Level 2
Feb 25, 2011
1,314
biozfear said:
I have manually granted GG access to memory to CIS but still doesn't resolve the issue. It was like this on the previous CIS version as well.

GG is added to the exclusions as well.

Perhaps I should report this to Comodo?

you could.

May I look at your config for a sec through teamviewer?
 
P

Plexx

Thread author
I am via TeamViewer helping a friend with her graphics issue (posted a thread already).

Give me about an hour or so.

I had a quick look at the custom policy and it seems I forgot to add gamemon.des to CIS...

I need to go back to Comodo Forums and search for that guide I saw and used before.

Will keep you posted
 

iPanik

New Member
Feb 28, 2011
530
I don't think Comodo will do anything about it. (haven't yet)
GameGuard is trying to unhook Comodo from the kernel, i doubt that Comodo will ever allow any third party to do that.
 
P

Plexx

Thread author
Unhook comodo? Could you explain briefly the hook/unhook?
 

iPanik

New Member
Feb 28, 2011
530
When Defense+ listens for certain events on the system it places a so called "hook" in the kernel. A hook is a piece of code that intercepts code to and from the kernel. Rootkits and keyloggers operate this way, a rootkit intercepts traffic going to or from the kernel and modifies it to fit it's needs. Lets say you have a keylogger on your computer. Normally when you press a key on your keyboard the data passes through the kernel to the application (ex. your browser). But if you have a keylogger, the keylogger intercepts the data before it reaches the application. So the data passes through the kernel to the keylogger and then to the application.

HIPS products rely heavily on these hooks, so when GameGuard tries to remove these hooks, it's basically incapacitating Defense+.

Hope that made sense :D

You can read more about hooks on wikipedia: http://en.wikipedia.org/wiki/Hooking
 
P

Plexx

Thread author
Well I just learned something new iPanik. Thanks for explaining. I think I understood now.

I checked COMODO forums and through this link, I did what Ronny said and just launched the game to test. Although it still shows on logs the intrusions, no pop ups appear and games launches fine. Tried it 3 times.

Guess that's my issue resolved!

Thanks a lot guys!
 

iPanik

New Member
Feb 28, 2011
530
Happy to help :D

Remember, the logs can get quite big this way so it might be a good idea to delete them once in a while.
 

Valentin N

Level 2
Feb 25, 2011
1,314
biozfear said:
Well I just learned something new iPanik. Thanks for explaining. I think I understood now.

I checked COMODO forums and through this link, I did what Ronny said and just launched the game to test. Although it still shows on logs the intrusions, no pop ups appear and games launches fine. Tried it 3 times.

Guess that's my issue resolved!

Thanks a lot guys!

Glad it solved. I have played Rapplez and I never had any problem. I added it in CAV exclusion and d+ exclusion and that was it
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top