5.3 and WoW trouble.

I installed v5.3 last night and it is great!! Except, I couldn’t get it to let me play WoW. The game loads up fine and all, without any popups, but after I type my password in and press “Login”… it immediately closes.

I tried game mode, putting firewall and D+ into training mode, and manually changing them to trusted in the policies, but nothing worked.

So I uninstalled it a few minutes ago and now it works. : ( I really want to use CIS lol.

Any ideas?

Open Comodo and go to the Defense+ tab. Then click on “Defense+ Settings”->“Execution Control Settings” and add an exclusion for “wow.exe” ;).

I have seen this same problem with 5.1 Can’t believe the most popular PC game is not whitelisted. Shows that the current whitelisting methods are not effective.

I tried CIS again about a week ago, and found programs I submitted many times before like Process Explorer and Miro Player, still caused pop-ups and sandboxing. The issue appears to be that when programs issue updates, Comodo does not automatically add them to their whitelist. Instead they depend on people to manually submitted them in the other thread.

It’s not Comodo’s fault if WOW has a buffer overflow problem.

Good point.
In the same way that some programs won’t run with DEP enabled,you can’t blame the security infra-structure for poorly coded applications.

Try to add wow to trusted files, just add the whole folder. It worked on Starcraft 2, the same happened there too.

Noticed it aswell. Except it doesn’t crash for me because I run fullscreen windowed mode. I got prompted about a BO attack and clicked to add to exceptions. It’s also causing issues with Alcohol 120% since september, which has its own thread. BO protection needs to be toned down, it’s becoming increasingly aggressive and starts to interfere with some apps.

No, it doesn’t need to be toned down. The only reason it’s interfering with some apps is because those apps have a buffer overflow problem… There is nothing that Comodo can “fix” in this situation. These should be reported to the applications development team so they can fix the problem with their code.

BO protection is great as it is. Just add your programs to exclusion like i did with Alcohol 52% and that’s it

But when it starts responding to situations which aren’t malicious attacks, it’s essentially a false positive. CIS is now sticking out as a sore thumb as the only IS suite that crashes WoW by default.

Do you perhaps mean that no other IS suite has buffer overflow protection? :wink:

No, it’s not essentially a false positive. It’s a weakness in the code of WOW. Buffer overflows shouldn’t be happening. Period. :-\

But if you have any ideas of how the developers can have the software tell the difference between a malicious buffer overflow and a non-malicious buffer overflow, I’m sure they’d love to hear it.

No idea how the devs have to do it, but they should just do it. They’re the ones who have to come up with technical solutions to people’s frontend problems. BO has been there for a long time and only recently began attacking Alcohol and WoW with version 5.0 and now 5.3. Perhaps exceptions can be made for certain types of attacks.

WoW European gave me a nice BO prompt and froze the app until I clicked to add to exceptions. However, WoW US crashed silently. If CIS is enforcing some kind of BO, it should NOTIFY and freeze BEFORE taking down WoW, like it did with the EU one. The same goes for Alcohol, whose UI gives an error about the driver when launching, and the Alcohol installer which says “internal setup error”.

In both cases there are NO Comodo popups to tell the user that that it reacted to something, and so the user has NO way of knowing it was Comodo that crashed/hung their app unless they search Google. ← This sounds like a good place to start for the devs, at least let people KNOW that Comodo caused it.

I don’t think users or devs will care about how Comodo wanted them to toughen up their apps, just look at Alcohol Soft, they haven’t released any fix. And the users will only want stuff to WORK, they don’t care about the code neatness either. Also to note, not all buffer overflow glitches are exploitable and devs would only patch those that are.

And imagine if say, some program in the Win7 SP1 RTM install suite was prone to closure by Comodo’s BO and it decided at its own discretion to trip it without even asking the user. The update may fail in such a manner that the user is left with an unusable OS. I know it’s all theory but just think of how such aggressive behaveior may one day backfire!

Buffer overflows, especially in Internet-aware applications, is the one of the most dangerous security holes, being known these days and one of the most hard to contain. So any BO indication is not a false positive by any means, but very strong warning sign.

Perhaps, this because of CIS is the only IS equipped with memory firewall? :wink:

No, it is absolutely not Comodo’s place to rewrite faulty code in a given application.

Again, Comodo didn’t cause it. Comodo is protecting you from it.

It doesn’t matter if a buffer overflow is exploitable. It shouldn’t be happening! Buffer overflows can wreak all sorts of havoc that has nothing to do with system security. Memory access errors, Application or system instability, unexpected operation of the application, etc… If the developers of said application aren’t interested in writing stable code, are you sure you want to be running it?

“the only IS equipped with” also means novelty. Oftentimes novelty can bring about problems and needs POLISHING. Again not all BOs are exploitable and only those that are would get patched. This is stretching the definition of “programming guidelines for secure software” a bit too much.

When D+ gets ready to deny something, it issues a popup, makes the program wait, and once an action was decided it enforces/doesn’t enforce a policy. This is healthy behaveior.

BO oftentimes will decide at its own discretion to stomp a type of behaveior, crash the app, and not give the user a say. That it is possible to exclude some applications implies some acknowledgement on Comodo’s side that this behaveior may NOT ALWAYS be useful or helpful, and can create more problems than it solves. As such, they should take the next logical step and request user consent before doing so.

CIS 5.3 is not yet an auto update, so only the people on the forum know and care. But once this build gets pushed en masse to all the WoW players, I doubt it will be good public relations to tell them “it’s a problem WoW has always had, and we decided now that it’s time Blizzard fixed it”.

Now that’s stretching it a bit too far. It’s one thing to defend a system you’ve put in, and another to consider it such a correct approach as to not even let people know or consent the behaveior. Even windows’ DEP notifies you. I don’t care if it says “Comodo has PROTECTED you from a potentially dangerous activity of this program” as long as it TELLS me and gives me a choice! But it doesn’t always do that.

If we are to be so strict on programming guidelines and standards, then at least concede that CIS should allow users a say before “correcting” things. Even virus detections, which are REAL malware, give you a choice before kicking in.

What novelty are You telling about? Comodo Memory Firewall is more than three years old:
https://forums.comodo.com/Comodo_memory_guardian_beta_corner/Comodo_memory_guardian_beta_v1_buffer_overflow_protection-t11108.0.html;msg78852#msg78852
Buffer overrun attacks are well known for more than 20 years.

Sure. But this also applies to third parties, which are unable to provide stable code.

How CIS should to determine, what BO is exploitable and dangerous and what is “safe”?


http://img692.imageshack.us/img692/2042/46w436e.th.png

In many cases when application’s stack(s) or heap(s) becomes corrupted there is no option to “wait”, because this app is already crashed actually.

WoW does not produce one such popup. Neither does Alcohol. And WoW and Alcohol are not one of those “many cases” as they will run perfectly normal otherwise. This is what I meant by aggressive - these new developments don’t even notify anymore, they just alter the behaveior and you may or may not be lucky to figure out that Comodo is the reason why they don’t work anymore.

Starcraft 2 made overflow too, and Comodo do not give alerts, you have to relaunch starcraft for getting this alert.
COMODO maybe hate blizzard company (:

I’m not all that surprised since they use the same graphics and battle.net engine. WoW has been live for over 6 years and never has an exploit or malware been carried out through the client itself. It is possible under defense+ shellcode detection exclusions to add groups → all programs. It is highly unlikely that Blizzard bow down to Comodo on this one.

what’s the big deal? put in in Exclusions in Detect shellcode injections (i.e. Buffer overflow protection)?

I wish all here Happy New Year!

Regards,
Valentin N