Mini Spy

Loading...

Latest Threads

Loading...
 
  1. HitmanPro CHRISTMAS GIVEAWAY: REVO UNINSTALLER PRO GIVEAWAY

    Get a free license key for Revo Uninstaller Pro. We are giving away free Revo Uninstaller Pro keys for our awesome members!

    (LIVE) Get now a Revo Uninstaller Pro license key!

nProtect (gameguard) and Comodo D+

Discussion in 'COMODO Software' started by Plexx, Nov 24, 2011.

  1. Plexx

    Plexx Guest

    Reputation:
    0
    That's the constant problem I have with nProtect (gameguard). Any users know how to fix this? I have manually configured the gameguard and gamemon rules.
     
  2. Jack

    Jack Administrator MalwareTips Staff

    Reputation:
    1,000
    Joined:
    Jan 24, 2011
    Messages:
    7,271
    Likes Received:
    2,789
    I have splited this post so that you'll receive some proper help.
    Can you explain what's the problem with nProtect (gameguard) and Comodo?
     
  3. Plexx

    Plexx Guest

    Reputation:
    0
    Heya Jack,

    Thanks for splitting the post. Well this is how it goes:
    I launch the game and gameguard loads up (file is in trusted files in D+) but I keep getting intrusions shown on the log and sometimes the pop ups appear despite having the rules created (I saw on Comodo Forums how to add to allow memory access etc). Sometimes when all pop ups appear, the game cant be launched and I have to restart the Game.

    Happened to Asda 2 as well as Scarlet Legacy.

    Also, each time I have to allow the pop ups, CIS says I haven't perform a full scan (despite me having it the default settings including schedule scans).

    Hope this helps.
     
  4. iPanik

    iPanik Regular Member

    Reputation:
    0
    Joined:
    Feb 28, 2011
    Messages:
    504
    Likes Received:
    1
    This is an older issue. The issue is that GameGuard is behaving much like a rootkit. It goes through the system looking for kernel hooks, and when it finds Comodos hooks it tries to remove them, and comodo isn't going to let that happen. The only fix is to disable comodo.

    However i am certain this has been fixed a few years ago. What version of gameguard are you running?
     
  5. Plexx

    Plexx Guest

    Reputation:
    0
    iPanik, how could I find out the version of Gameguard? I know each game has a different version since some download 10 files, some 15 etc.

    I'm looking at the folder where gameguard is and I can't find it.

    Edit: I wanted to attached a screenshot of the files on Gameguard folder for Asda 2 and opened the ver file with notepad but I don't have the option. Not sure if it is because it is disabled on this sub forum.

    Hope this helps.

    [​IMG]
     
  6. jamescv7

    jamescv7 Community Superstar Trusted Member

    Reputation:
    103
    Joined:
    Mar 15, 2011
    Messages:
    6,634
    Likes Received:
    1,230
    I remember before when I'm playing an online game with Gameguard patching it goes through weird thing when Comodo D+ installed before and sometimes cannot execute the game properly.

    That's the case when I used older version of Comodo before.
     
  7. iPanik

    iPanik Regular Member

    Reputation:
    0
    Joined:
    Feb 28, 2011
    Messages:
    504
    Likes Received:
    1
    oh sorry, i was looking at the wrong game. GameGuard updates with the game, it cannot be done manually, sorry.

    But the issue is still the same. The only workaround i have found is to disable comodo. I had the same problem when Aion was in beta, i had to disabled Comodos protection when i wanted to play.
     
  8. Plexx

    Plexx Guest

    Reputation:
    0
    Would disabling D+ to launch game and then enable while Game is running be a work around or fully disable D+?


    Edit: Just tested and disabled D+, Launched game and once in game, enabled D+ and no problems nor disconnections.

    Thanks so far for the help!
     
  9. Valentin N

    Valentin N Regular Member

    Reputation:
    1
    Joined:
    Feb 25, 2011
    Messages:
    1,289
    Likes Received:
    18
    one way is to grant gameguard access memory (nothing I recommend but it's up to you) or you exclude CIS in gameguard. I would also add it in CAV exclusion as well as in d+ exclusion (d+ settings --> execution settings --> exlusions)

    Will this help?
     
  10. Plexx

    Plexx Guest

    Reputation:
    0
    I have manually granted GG access to memory to CIS but still doesn't resolve the issue. It was like this on the previous CIS version as well.

    GG is added to the exclusions as well.

    Perhaps I should report this to Comodo?
     
  11. Valentin N

    Valentin N Regular Member

    Reputation:
    1
    Joined:
    Feb 25, 2011
    Messages:
    1,289
    Likes Received:
    18
    you could.

    May I look at your config for a sec through teamviewer?
     
  12. Plexx

    Plexx Guest

    Reputation:
    0
    I am via TeamViewer helping a friend with her graphics issue (posted a thread already).

    Give me about an hour or so.

    I had a quick look at the custom policy and it seems I forgot to add gamemon.des to CIS...

    I need to go back to Comodo Forums and search for that guide I saw and used before.

    Will keep you posted
     
  13. iPanik

    iPanik Regular Member

    Reputation:
    0
    Joined:
    Feb 28, 2011
    Messages:
    504
    Likes Received:
    1
    I don't think Comodo will do anything about it. (haven't yet)
    GameGuard is trying to unhook Comodo from the kernel, i doubt that Comodo will ever allow any third party to do that.
     
  14. Plexx

    Plexx Guest

    Reputation:
    0
    Unhook comodo? Could you explain briefly the hook/unhook?
     
  15. iPanik

    iPanik Regular Member

    Reputation:
    0
    Joined:
    Feb 28, 2011
    Messages:
    504
    Likes Received:
    1
    When Defense+ listens for certain events on the system it places a so called "hook" in the kernel. A hook is a piece of code that intercepts code to and from the kernel. Rootkits and keyloggers operate this way, a rootkit intercepts traffic going to or from the kernel and modifies it to fit it's needs. Lets say you have a keylogger on your computer. Normally when you press a key on your keyboard the data passes through the kernel to the application (ex. your browser). But if you have a keylogger, the keylogger intercepts the data before it reaches the application. So the data passes through the kernel to the keylogger and then to the application.

    HIPS products rely heavily on these hooks, so when GameGuard tries to remove these hooks, it's basically incapacitating Defense+.

    Hope that made sense :D

    You can read more about hooks on wikipedia: http://en.wikipedia.org/wiki/Hooking
     
  16. Plexx

    Plexx Guest

    Reputation:
    0
    Well I just learned something new iPanik. Thanks for explaining. I think I understood now.

    I checked COMODO forums and through this link, I did what Ronny said and just launched the game to test. Although it still shows on logs the intrusions, no pop ups appear and games launches fine. Tried it 3 times.

    Guess that's my issue resolved!

    Thanks a lot guys!
     
  17. iPanik

    iPanik Regular Member

    Reputation:
    0
    Joined:
    Feb 28, 2011
    Messages:
    504
    Likes Received:
    1
    Happy to help :D

    Remember, the logs can get quite big this way so it might be a good idea to delete them once in a while.
     
  18. Valentin N

    Valentin N Regular Member

    Reputation:
    1
    Joined:
    Feb 25, 2011
    Messages:
    1,289
    Likes Received:
    18
    Glad it solved. I have played Rapplez and I never had any problem. I added it in CAV exclusion and d+ exclusion and that was it
     

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Loading...
MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.