Author Topic: Settings for running Steam [Draft] [v6] [v7]  (Read 12085 times)

Offline Dch48

  • Comodo's Hero
  • *****
  • Posts: 2548
Re: Settings for running Steam [Draft] [v6] [v7]
« Reply #15 on: May 08, 2014, 07:11:39 PM »
Actually I run all my games in full screen mode and only have an issue with one every time it is updated. The game is Lord of the Rings Online by Turbine. The issue is not Comodo's fault but purely Turbine's. Every time there is an update, all of the new game files are accepted by CIS as trusted except for the main .exe of the game. For some unknown reason, Turbine does not sign the main game file but every other file is signed. This makes me have to manually add it to Trusted Files every time to keep it from being sandboxed and not functioning correctly. With Steam and every game I have from them, I never have any problems installing, updating, or running them.
Avatar FX6327X Desktop
AMD FX-6300 6 core CPU
Sapphire R9-270X GPU
Windows 8.1 64 bit, IE11 & Outlook 2007
Comodo Internet Security 7.0 full package, MBAM on Demand

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11852
Re: Settings for running Steam [Draft] [v6] [v7]
« Reply #16 on: May 09, 2014, 03:50:49 AM »
I've read somewhere that some games use buffer overflow for some reason, for what I do not know and I do not know if what I've read is true or not... I can't remember where I've read it either...

I guess it is a way of inserting code into memory and running it without the overhead of all the OS security checks.

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11852
Re: Settings for running Steam [Draft] [v6] [v7]
« Reply #17 on: May 09, 2014, 04:09:35 AM »
Actually I run all my games in full screen mode and only have an issue with one every time it is updated. The game is Lord of the Rings Online by Turbine. The issue is not Comodo's fault but purely Turbine's. Every time there is an update, all of the new game files are accepted by CIS as trusted except for the main .exe of the game. For some unknown reason, Turbine does not sign the main game file but every other file is signed. This makes me have to manually add it to Trusted Files every time to keep it from being sandboxed and not functioning correctly. With Steam and every game I have from them, I never have any problems installing, updating, or running them.

I think it really depends on what games you are running. Quite a lot are unknown and steam users sometimes run beta games too.

Here are a few links from the steam site that indicate the depth of the conflicts with security programs:

https://support.steampowered.com/kb_article.php?ref=6057-YLBN-1660
https://support.steampowered.com/kb_article.php?ref=9828-SFLZ-9289
https://support.steampowered.com/kb_article.php?ref=4361-MVDP-3638
https://support.steampowered.com/kb_article.php?ref=2198-AGHC-7226
https://support.steampowered.com/kb_article.php?ref=7319-EFGZ-8640

And one quote from the steam site.:
"Important:

We encourage protecting your PC from viruses, spyware and other forms of malicious software. However, it is not necessary to run anti-virus and other security applications while you are engaged in playing a game on Steam.

Anti-virus applications often interfere with Steam and can cause a range of problems from connection issues to games not launching correctly. Please set your anti-virus to Game Mode or disable it before launching Steam if you are experiencing issues with your Steam games."

« Last Edit: May 09, 2014, 04:18:52 AM by mouse1 »

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11852
Re: Settings for running Steam [Draft] [v6] [v7]
« Reply #18 on: May 09, 2014, 04:39:14 AM »
Ok on the basis of the Steam site discussions have added AV exclusions. The settings ought to work with most games now - if anything they are a bit permissive.

There is also something about a friends server creating inbound connections to check if people are still online. Although probably not essential for the functioning of games, that plus a few PTP games means I cannot use just an allow outbound for games, which I would prefer.

I suppose inbound connections will always need a global rules hole too. So maybe I should start by saying stealth should be in alert mode.

I'll think further about your suggestion re installer/updater Sanya. Maybe if there is a separate updater I can make just that an installer/updater plus Steam.exe. Everything in Steam itself would start as trusted then, even if they forgot to sign some executables. Would be good if there was a games installer which was always used.

Ticking trust child processes in s/b exclusions plus including whole directories may be more than needed too. Question is, does everything, always, run under Steam.exe.

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11852
Re: Settings for running Steam [Draft] [v6] [v7]
« Reply #19 on: May 09, 2014, 04:41:52 AM »
Added Stealth in alert inbound.

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11852
Re: Settings for running Steam [Draft] [v6] [v7]
« Reply #20 on: May 09, 2014, 04:55:20 AM »
Cannot at the moment work out what does the steam program updating. No obvious updater. Maybe the service does it.

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11852
Re: Settings for running Steam [Draft] [v6] [v7]
« Reply #21 on: May 09, 2014, 05:01:59 AM »
Steam service needs admin privs according to this thread, and is use for tasks needing higher privs. I'm guessing it acts as the steam installer as well as game installer.

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4214
  • Lurking
Re: Settings for running Steam [Draft] [v6] [v7]
« Reply #22 on: May 09, 2014, 05:02:23 AM »
Cannot at the moment work out what does the steam program updating. No obvious updater. Maybe the service does it.

For installing games, setting Steam.exe as Installer/updater in HIPS should be enough; for installing Steam updates, the relevant files are already signed and in TVL so nothing needed there.

I do not know how the BB works with excluding child processes, I'd imagine all that is needed is Steam.exe as exclusion with the child process thing ticked, I'll give it a try.
Edit: I set up BB with Steam.exe in exclusions and ticked to also exclude child processes, were able to install and play unrecognized game without it getting sandboxed. Worth noting is that you need to restart Steam.exe for the changes to come into effect (for example if you have Steam running and then make the exclusion rules then unrecognized games will still be sandboxed but after you restart Steam they will no longer be sandboxed)
« Last Edit: May 09, 2014, 05:24:28 AM by Sanya IV Litvyak »
I support privacy and freedom online - eff.org

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11852
Re: Settings for running Steam [Draft] [v6] [v7]
« Reply #23 on: May 09, 2014, 06:10:21 AM »
Sorry missed the thread from the above: http://forums.steampowered.com/forums/showthread.php?t=2614056

So I think the service needs to be an installer updater if HIPS is active in relation to them.

Not sure exactly what CIS does regarding services. It does not BB them, but maybe it BBs files run by them.

The big problem is what happens if some Steam executables are unsigned. In CIS 6/7 the steam updater (probably steam service) cannot be made a *trusted* installer by policy application, AFAIK. Adding updaters to exclusions merely disables the s/b. Making them installer/updaters in HIPS has no effect on the BB now. So the files cannot be automatically made trusted by the BB. Even MS keeps on issuing non-trusted files in in-place updates. FF has caused lots of problems that way. In FS mode you just don't know there's a problem.

Do people normally run the main Steam executable in FS mode would you think?

Maybe so long as games are allowed to run we could say that any Steam executable trust problems are Steams fault.

Best wishes

Mike

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11852
Re: Settings for running Steam [Draft] [v6] [v7]
« Reply #24 on: May 09, 2014, 06:13:48 AM »
Theres something called big picture mode. What is that for. No menus so it seems to be a sort of FS mode in which alerts would not be seen.

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4214
  • Lurking
Re: Settings for running Steam [Draft] [v6] [v7]
« Reply #25 on: May 09, 2014, 08:25:46 AM »
Sorry missed the thread from the above: http://forums.steampowered.com/forums/showthread.php?t=2614056

So I think the service needs to be an installer updater if HIPS is active in relation to them.

Not sure exactly what CIS does regarding services. It does not BB them, but maybe it BBs files run by them.

The big problem is what happens if some Steam executables are unsigned. In CIS 6/7 the steam updater (probably steam service) cannot be made a *trusted* installer by policy application, AFAIK. Adding updaters to exclusions merely disables the s/b. Making them installer/updaters in HIPS has no effect on the BB now. So the files cannot be automatically made trusted by the BB. Even MS keeps on issuing non-trusted files in in-place updates. FF has caused lots of problems that way. In FS mode you just don't know there's a problem.

???
Do people normally run the main Steam executable in FS mode would you think?

FS? ???
Theres something called big picture mode. What is that for. No menus so it seems to be a sort of FS mode in which alerts would not be seen.

http://store.steampowered.com/bigpicture/
I support privacy and freedom online - eff.org

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11852
Re: Settings for running Steam [Draft] [v6] [v7]
« Reply #26 on: May 09, 2014, 12:44:14 PM »
FS=Full Screen :)

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4214
  • Lurking
Re: Settings for running Steam [Draft] [v6] [v7]
« Reply #27 on: May 09, 2014, 03:59:55 PM »
FS=Full Screen :)

Does it matter if they run Steam in full screen? (Assuming it's possible, haven't seen any such option except Big Picture Mode) ???
I support privacy and freedom online - eff.org

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11852
Re: Settings for running Steam [Draft] [v6] [v7]
« Reply #28 on: May 09, 2014, 04:17:35 PM »
Does it matter if they run Steam in full screen? (Assuming it's possible, haven't seen any such option except Big Picture Mode) ???
Yes (see above) that's one key issue. You cannot see alerts. If there is no such mode then I think, the risk of unsigned Steam executables causing problems is low I guess they would most likely be opened when games were not full screen. So probably installer updater for Steam and Steam service should do re HIPS, and recursive exemption for same re BB, despite the risk of the occasional updater mistake. Unfortunately BO and AV exclusions are not so simple, we'll need to exclude the games directories for those. So two groups maybe..... Steam and Games. Will think tomorrow.

But maybe 'big picture' also suppresses alerts?

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4214
  • Lurking
Re: Settings for running Steam [Draft] [v6] [v7]
« Reply #29 on: May 09, 2014, 04:37:24 PM »
Yes (see above) that's one key issue. You cannot see alerts. If there is no such mode then I think, the risk of unsigned Steam executables causing problems is low I guess they would most likely be opened when games were not full screen. So probably installer updater for Steam and Steam service should do re HIPS, and recursive exemption for same re BB, despite the risk of the occasional updater mistake. Unfortunately BO and AV exclusions are not so simple, we'll need to exclude the games directories for those. So two groups maybe..... Steam and Games. Will think tomorrow.

But maybe 'big picture' also suppresses alerts?

Full Screen doesn't suppress alerts, the alerts simply show below the Window, by default the user should hear the alert sound and can then tab out (alt + tab) to answer the alert, sometimes the full screen application is minimized automatically and if neither of those are possible then ctrl+alt+del should work, however in some situations that won't work either, mainly for games that actively try to stay in full screen (for example won't let you tab out) and this is in my opinion border-line malicious behavior on the developers side of the game and honestly I would personally boycott such games... Although if you have KillSwitch set to replace the task manager then you can as a last resort press CTRL+SHIFT+ESC or whatever the combo is and make sure to keep pressing SHIFT, this will kill most processes and most likely the game as well.

Steam.exe as Installer/Updater policy should never give you any HIPS alerts regarding the game or Steam or at least that is my experience, I haven't had the need to set the Steam Service as installer/updater, perhaps because KillSwitch lists it as "Trusted (Installer)" even though I've made no such HIPS settings, perhaps Steam.exe initiates SteamService in which case the installer/updater policy of Steam.exe carries over to SteamService? Or perhaps the file is simply set as Installer in the TVL or whatever? Either way I've been using only Steam.exe as installer/updater for months now and not a single HIPS alert for any Steam process nor Game process.

I do not know how this works for BB though, for example if I set Steam.exe as excluded and also tick to exclude child processes, then the processes that Steam.exe launches will be excluded from the Sandbox, but will processes created by those processes also be excluded? If yes then Steam.exe is the only needed exception, If no then the directory needs to be added.

Now firewall alerts is the real issue here, you can set up HIPS and BB to allow Steam and all games fairly easily with the power of child processes, the firewall doesn't have any such options and hence you have to do it on an application per application basis or you know, make a group. Personally I just deal with it on an application per application basis.
I support privacy and freedom online - eff.org

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek