Cannot block a game from launching Firefox/connecting to home

Hello,

I was bored the other day so I downloaded a free game “StarDefender 2” at MyPlayCity.com. It reminded me of Space Invaders. Well it took my boredom off but I have some difficulty blocking it from calling home. After playing it would connect to the site:

http://www.myplaycity.com/play.html?utm_source=star_defender_2&utm_medium=downloadable_play*

I do not want it to connect to the internet.

I already placed it in the Network Security Policy/Blocked Application. But it still connects after I end the game. It’s not a virus/malware as I scanned it 5x also with 2nd opinion checkers.

In TheKMPlayer I just use that rule and it cannot connect to it’s mother site. This one is different.

I placed it in the Sandbox/Limited. It still launches FF but it would not push through and would not connect.

I want it to be blocked at that instant and not launch FF.

Please help me how can I do it?

Thanks.

malik


http://www.freeimagehosting.net/t/bc4db.jpg

If you installed CIS with the Antivirus component, it uses the Internet Security Configuration (CIS - More/Manage My Configurations). This configuration includes all Application firewall rule:

All Applications - Allow All Outgoing Requests

If the rule you’ve created for your game is below this rule in the list, it will never be seen, as the rules are processed from the top down and the first rule that matches the criteria is used.

If you are using this configuration, I’d suggest deleting the rule, or switching to another configuration, preferably Proactive. Doing so, however, will require you to recreate your rules.

[at]Radaghast

In my first install I installed the whole suite including the AV component. But later removed the AV component.

Isn’t that when I use the rule Block All Incoming and Outgoing Requests (for Blocked Application Predefined rule) enough? I think it should block the application. But Firefox still launches.

In another pc I have (not with CIS) I apply the similar block rule as stated and it blocks the same application. If there was any of that game wanting to access the internet I see a pop-up and I block it. But here in CIS there is none(no pop-up).

That predefined rule blocks all incoming/outgoing requests (re: ICMP/TCP/UDP/IP), yes?

I also have plaved the Host Nam http:\www.myplaycity.com in Blocked Zones and it’s IP in the IPv4 Address range (174.0.0.0 - 174.255.255.255). But it still launches Firefox and connects to the host. I am confused…


http://www.freeimagehosting.net/t/89d24.jpg

Details of the host:

IP Location: United States Dallas Softlayer Technologies Inc
ASN: AS36351
Resolve Host: myplaycity.com
IP Address: 174.36.246.156
Reverse IP: 1 website uses this address. (example: myplaycity.com)
NetRange: 174.0.0.0 - 174.255.255.255
CIDR: 174.0.0.0/8
OriginAS:
NetName: NET174
NetHandle: NET-174-0-0-0-0
Parent:
NetType: Allocated to ARIN
RegDate: 2008-02-14
Updated: 2010-06-30
Ref: http://whois.arin.net/rest/net/NET-174-0-0-0-0

I do not understand why it cannot be set to not launch Firefox…

Is this a bug of some sort?

Is there a better way to do it?

When you installed the entire suite, the Internet Security Configuration policy was used to define the firewall rules. one of which is to allow all Applications outbound. Even if you later remove the AV component, the rule remains. You either have to delete the rule or switch to another configuration.

As I said in my earlier post, the hierarchy of the rules is important, as they are processed from the top down. So, if the Allow all applications rule is still active, any rules you create above this will be used, any below will be ignored (image)

With regard to the Blocked zone, unfortunately, this feature can be a bit hit and miss at times and it does depend having the DNS Client service running, which is the default and how the site you’re trying to block allocates IP addresses. I can see you’ve tried to block the entire range used by mplaycity, but are you sure this address block is the one used when you actually play the game?

[attachment deleted by admin]

Hang on… shouldn’t this be a Defense+ rule? Shouldn’t the game be prevented from launching Firefox/IE in the first place?

Sorry, if a missed something speed reading the topic. :slight_smile:

I just replaced the configuration file and activated the MaxPro settings. Kindly see image. I have placed the Game.exe and the Stardefender.exe as Blocked Application. I also placed the host name in the Blocked zone

Upon exit it still connects to home.


http://www.freeimagehosting.net/t/8d5cd.jpg

I checked my other unit and observed how it behaved with the other firewall. It was blocking the application and asks via pop-up to decide what to do.

“…Application…attempting to control another network enbled application’s behavior using OLE.
Application: Game.exe
Server \RPC Control\OLE18BB76A7…
Port: Service…”

If I block that then calling home is blocked and no instance of Firefox is launched.

Likewise when I use Sandboxie and place the program there with DropMyRights and deny all internet access. Calling come also is blocked. No instance of Firefox is launched either.

Maybe there is some setting that can be done to not let it launch Firefox or other browser for that matter. I know there is and I know Comodo can block it. Just need to checkout some settings that can be done that I don’t know how. Yikes.

I can see you've tried to block the entire range used by mplaycity, but are you sure this address block is the one used when you actually play the game?
-- I play not connected to the internet. I am uncomfortable with it and honestly I am not really a gamer. I just got bored the other day and tried playing again(offline).

The address I got from searching the host name with http://whois.domaintools.com/ the data that I have posted came from there.

Is there a better rule to create for blocking a site?

Hang on.. shouldn't this be a Defense+ rule? Shouldn't the game be prevented from launching Firefox/IE in the first place?

I tried to set in Defense+ through Computer Security Policy and placed it under Isolated and Limited application. And a customized one. See image please. The game will launch and still connects to home.


http://www.freeimagehosting.net/t/a1765.jpg

If I place it in Always Sandbox as Limited, it launches Firefox and connects to home. As Restricted, the game will launch but will “not” connect to home.

You can’t play either so you’ll have to close the window. Both settings in Always Sandbox is applied with the custom Defense+ rule mentioned above.

Appreciate the assistance :slight_smile:

I do not know if this can help but the Defense+ events shows some targets that maybe can be blocked. See image.


http://www.freeimagehosting.net/t/6a810.jpg

Kail is completely right - my bad, I missed it. To simply stop the application launching your browser, you’ll need to modify the D+ policy to block the application from launching firefox. See the image.

[attachment deleted by admin]

– Okay I will test that when I get home (I am at work now). Incidentally, I checked http://whois.domaintools.com/ for http:\www.myplaycity.com and saw a different data from yesterday. See image. From there I placed that IP in the Blocked Zones /IPv4 single address. It launched Firefox but I get a “Problem Loading Page”…apparently it was blocked. But this is better. I’ll get back here when I have tested it later when I get home.

How about the other rules that I have applied earlier? What will I need to retain and what can be removed?

Thanks to you and Kail.

The only rule you should need in D+ is the one I mentioned above, it’s enough to stop the game application launching firefox. if you want to stop the interaction with other browsers, just add them to the blocked list.
As far as firewall rules, blocking the application from making outbound connections in Application rules should be enough, but adding the data to Blocked zones will prevent any application from connecting.

@Radaghast,

The only rule you should need in D+ is the one I mentioned above, it's enough to stop the game application launching firefox. if you want to stop the interaction with other browsers, just add them to the blocked list.

As far as firewall rules, blocking the application from making outbound connections in Application rules should be enough, but adding the data to Blocked zones will prevent any application from connecting.

I am afraid just setting Defense+ rule is not sufficient…(was surprised too…)…

I deleted the Network rule I created previously(as Blocked Application) tried it with only the settings in place for D+. I started the game and it opened. CIS threw a pop-up that StarDefender is a “safe” application and should be allowed. I clicked Block. Then clicked “Exit” in the game but it still connected. See images.

It will not work if you do not apply block rules in Network Security Policy and it should be that you set a rule that it’s a Blocked Application and then block the host name or the IP address. If you set it with D+ alone it will not work and will launch Firefox.

Having the block rules for Firewall and D+ will prevent StarDefender from launching Firefox.

Firewall settings:
-Set StarDefender/Game.exe as Blocked Application in Network Security policy.
-Set StarDefender/Game.exe’s Host Name and IP Address in Blocked Zone.

Defense+ settings:
-Set StarDefender/Game.exe Computer Security Policy as Limited. Edit Rule and customize Access Rights/Exclusions/Blocked Applications/firefox.exe

Not setting this both will result to the application launching Firefox thus connecting to home. I have confirmed this 5x.

In my opinion just the D+ settings should have blocked the application from launching Firefox thus calling home. I am at a loss as to “why” does it need to be set on both Firewall and Defense+.

Radaghast what you said should have sufficed and is “sound”. I wonder why that is…?

Earlier I have believed that the Firewall component should have blocked/took care of that but what happened is that you’s have to set both. Isn’t that too much settings for an application calling home…?

Will try to add the images later as I a having difficulty uploading it now.

Thanks.

@Radaghast,

That did not happen(was surprised too…)…

I deleted the Network rule I created previously(as Blocked Application) tried it with only the settings in place for D+. I started the game and it opened. CIS threw a pop-up that StarDefender is a “safe” application and should be allowed. I clicked Block. Then clicked “Exit” in the game but it still connected. See images.

It will not work if you do not apply block rules in Network Security Policy and it should be that you set a rule that it’s a Blocked Application and then block the host name or the IP address. If you set it with D+ alone it will not work and will launch Firefox.

Having the block rules for Firewal and D+ will prevent StarDefender from launching Firefox.

Firewall settings:
-Set StarDefender/Game.exe as Blocked Application in Network Security policy.
-Set StarDefender/Game.exe’s Host Name and IP Address in Blocked Zone.

Defense+ settings:
-Set StarDefender/Game.exe Computer Security Policy as Limited. Edit Rule and customize Access Rights/Exclusions/Blocked Applications/firefox.exe

Not setting this both will result to the application launching Firefox thus connecting to home. I have confirmed this 5x.

In my opinion just the D+ settings should have blocked the application from launching Firefox thus calling home. I am at a loss as to “why” does it need to be set on both Firewall and Defense+.

Radaghast what you said should have sufficed and is “sound”. I wonder why that is…?

Earlier I have believed that the Firewall component should have blocked/took care of that but what happened is that you’s have to set both. Isn’t that too much settings for an application calling home…?


http://www.freeimagehosting.net/t/4a578.jpg


http://www.freeimagehosting.net/t/08137.jpg

Thank you for the assistance here.

I’m not sure why you’re having these difficulties. I just downloaded and installed the game and using the rule I suggested for D+ (image) stops firefox from being launched. As for the firewall, as noted from the alert you’ve posted, there is an attempt to send an echo request to the home website, which is easily blocked with a single rule.

One point to mention, the address block 174.0.0.0 - 174.255.255.255 does not solely belong to the game site, the block is allocated to a hosting provider called Softlayer Technologies, so if you block the entire range, you may be blocking access to other sites hosted by this company.

# start

NetRange:       174.36.0.0 - 174.37.255.255
CIDR:           174.36.0.0/15
OriginAS:       AS36351
NetName:        SOFTLAYER-4-7
NetHandle:      NET-174-36-0-0-1
Parent:         NET-174-0-0-0-0
NetType:        Direct Allocation
Comment:        abuse@softlayer.com
RegDate:        2008-09-12
Updated:        2009-08-27
Ref:            http://whois.arin.net/rest/net/NET-174-36-0-0-1

OrgName:        SoftLayer Technologies Inc.
OrgId:          SOFTL
Address:        1950 N Stemmons Freeway
City:           Dallas
StateProv:      TX
PostalCode:     75207
Country:        US
RegDate:        2005-10-26
Updated:        2009-07-02
Ref:            http://whois.arin.net/rest/org/SOFTL

[attachment deleted by admin]

Hi Radaghast,

I again deleted just now the rules for Firewall and used just D+. It did what I posted a couple days ago, it connected to the site. I applied all the firewall block rule and deleted it one by one (while the D+ rule was in place), it still connected to the site. As mentioned it will not block the launching of Firefox if I will not set the rule as Blocked Application and another block rule for the IP address in tandem with D+.

This is what I am in dilemma. I know you are correct and should be correct that the single D+ rule should be sufficient. But it’s not functioning right here.

In another set-up with a different firewall only blocking the application with a firewall rule blocks it from launching(this is with OA Premium/Outpost Pro --loaded a system image backup and set it there yesterday).

I may try re-installing but I am still thinking.

malik :slight_smile:

you could just switch to a different configuration temporarily - More/Manage my configurations - this will give you a clean slate for testing the D+ block rule, which as I said, is all I needed to prevent the game from launching firefox. The only firewall rule needed was to block the ICMP Echo request, which is unrelated to the D+ requirement.

Okay. I will try loading the MaxPro configuration again by tomorrow or the next day and will test the settings you suggest. I know you are correct there. That is the logical/theoretical application of it…just don’t understand why is this happening. Incidentally I downloaded another game from the site and it was the same behavior. Apparently they are all the same in behavior.

I will get back here and post again.

malik

Just loaded the Proactive settings again and manually placed the D+ rule for the application. No network rules created for the game. Launched/exited the game. It did not connect to the internet and did not launch Firefox.

That’s what I was believing. It should really do that and D+ rule is really sufficient. Now I do not know why in the previous settings (from first install of CIS beta v5.8) this was not applicable and as said earlier, the D+ rule should be set in tandem with Network rules.

Now it seems to be functioning right. I even installed the other game that I downloaded(which has the same characteristics) to be sure, applied the D+ rule and it was blocked.

It shows also in the D+ events. That both games has been blocked. I connected to the internet and launched the game. It tries to connect to it’s home still but there was a pop-up from CIS. See image.

To not have this pop-up and automatically block that, I placed a Network rule/Blocked Application(Predefined rule). If not it will show a pop-up again requesting connection through TCP port 80. I guess it will search for some way to connect to it’s home if you will not apply a block rule for it.

Also noted that choosing Allow or Block in that pop-up will not launch Firefox as it was being blocked in D+.

Setting just:

D+/D+ rules/Application System Activity Control/Customize/Access Rights/DNS Client Service - Block even if you have the block rule for Firefox present you will still get the pop-up. Though it did not show that it looks for another browser instead of the default one.

Although now it seems that the application may not search a way to connect via another browser it seems that setting a block rule in Network seems warranted also.


http://www.freeimagehosting.net/t/0278a.jpg

Hi guys,

Have confirmed now that the rule in D+ will prevent the game from calling home :-TU. It is required also to set it in the Network Policy as blocked application “if” you do not want the game to be updated. It’s behavior is only to the default browser and it would not look for another browser other than the default.

Thank you guys for helping me here. Still I do not know why in the earlier settings I was unable to block it from calling home through launching of Firefox. Thanks to kail and Radaghast for the great assistance. :-TU

;D