Comodo FW ignoring rule set

There’s a MP game I play quite regularly called Joint Operations: Typhoon Rising made by Novalogic Inc., and which I’ve configured to allow all activities. This is especially important because the game incorporates an anti-cheat utility called Punkbuster made by Evenbalance.com which identifies cheaters and kicks them from Novalogic’s servers and could possibly result in a complete ban.

Normally, Punkbuster operates from its own servers, but Novalogic took over the maintenance and operation of the utility for the above mentioned game back in 2004.
Punkbuster itself is not accessible as an independent executable and only the DLLs and HTML files are visible in the JointOps folder located at: C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\pb.

So when I configured the game to have unlimited access, I assumed that to mean that the Punkbuster function would be included. But to my dismay, I noted three Punkbuster DLLs being listed in the log files for Tuesday, 2nd Oct which you can see in one of the screenshots. Also, Comodo seems to have blocked outbound UDP for some unknown reason.

The main problem here is that the alert would not be visible during the game because it doesn’t have focus. So I’ve been playing along quite happily for the past couple of days, blissfully unaware that the files had been blocked from updating. If I hadn’t exported the logs in HTML format today (I was looking for something else at the time), I may well have found myself banned from the game in the not too distant future.

I’ve included the three files which I’ve added manually to the Components menu as can vbe seen in one of the other screenshots, but they don’t seem to have registered with their paths.

I think it would be a good idea if the FW could be configured to display a popup if components which need to be authenticated but weren’t because the alert wasn’t visible, be displayed every hour or so, so that the user can take appropriate action.

[attachment deleted by admin]

re,

did you tick in alert level highest option?

as i did understand your problem, did you try to to make dll always ask me?

you can make this imho, if make the app learn again and on the popup is sub- button for the dll.

dont forget to erase before from components.

but might a expert here can tell protection of dlls.

as i did understand DLL injection option does not watch modifying, but may tick there too?

try this, there apps you can make hidden popups assign with a beep noise, and might make a new thread to enhance cpf with sounds.

Mike

PS: hihihi you ghostgamer :slight_smile: but clever

You could try turning application monitor from ‘learning’ To ‘On’. Not sure, but this may help with your situation.

Also, setting alert level to high might also help.

:SMLR

I don’tthink it makes that much difference actually because the alert doesn’t have focus and is therefore hidden by the game which is running on top.

The Application monitor only has the option to Turn On or Off. Learning mode is only available for Component Control rules. I already have that enabled there.

And now there’s another strange thing. In spite of adding those three DLLs yesterday and which appear in one of my screenshots, the FW appears to have deleted them today. Or at least, they’re not visible in the Component Control window as can be seen the following screenshot.

This presents a problem because if the firwall can’t be disabled before loading the game (cmdagent.exe runs regardless), then my only option would be to uninstall the program completely in order to play without risking being kicked.

[attachment deleted by admin]

hi,

the learning mode is a global switch works for both.

you can select in the popup then to allow a dll, that even is allowed but not in this context.

at least your game should run without popups, i think to run a game in a window press alt- enter?

Mike

You’re not getting it I don’t think Mike. Games run full screen and take priority over all other applications running in the background. Because they have focus (that means they run on top of all other applications), the user never sees alerts.

Windowed mode is disabled for this particular game, so that’s no fix either. ALT+TAB reverts to the desktop, but this means the operating system has to load the desktop into memory before anything being displayed there becomes visible. It’s not always guaranteed to work and can result in the game shutting down if there’s not enough free memory available.

There’s also a logging on procedure to contend with in this particular game in addition to choosing a zone to log on to. In the latter respect, Europe/Africa is separated from the USA and Asia. The player has to select one of them before logging on. Each stage means the game logs onto a different IP address to verify that the user is using a legitimate copy of the game and has been properly registered. This is one of the reasons I authorized the game manually in the very beginning giving it unrestricted access.

However, yesterday I decided to uninstall the FW completely and start all over again. This time I went the ALT+TAB route at each stage of the logon process. But even doing it this way seems to result in the same DLLs appearing in the log as needing authentication.

I’m wondering if this has anything to do with the way alerts have to be approved? For example, I updated another program yesterday called MailWasher Pro. Comodo subsequently displayed the usual alert, but I decided to wait to see what would happen during the default 120 second period an alert remains on screen. So I was a bit surprised to see the counter at the foot of the alert changing from 1 of 8 to a total of 1 of 20. I subsequently clicked the right arrow to equalize both figures, checkmarked the appropriate field and then clicked “Allow”. However, I note that only one of the components for this particular application is listed in Components Control menu, and even then, it’s not registered as belonging to the program. So perhaps somebody would be kind enough to explain to me what the significance of those arrows is and whether the user should wait before checkmarking and clicking the “Allow” button. Screenshot attached to illustrate what I mean.

[attachment deleted by admin]