Gameguard and Comodo

Basic information:
CPU: Intel Core2Duo E8400
OS: Windows XP SP3 32-bits
CIS: version 3.8.64739.471
Other security programs: ESET NOD32 Antivirus 3.0.684.0

There were problems with gameguard in the earlier versions of CFP 3.0 but they were fixed up to the CIS 3.5 releases.

The bug:
Gameguard is a software utility used in several games to prevent cheating, developed by INCA.
The game i’m frequently playing is Cabal Online (European version) which uses Gameguard revision 1264.
In the 3.8 beta D+ caused that i was unable to start ANY program when gameguard was running. However i could still use all the programs that were already running. When 3.8 went final this bug was gone, however not completly.
When gameguard is running and D+ in activated the Task manager has no “user name” for any of it’s processses, apart from the “system ilde process” which shows username “SYSTEM”. As soon as i close cabal (and gameguard with it) all the “user names” return. This is odd behaviour, but i can still start/use/stop all other programs but one. If gameguard is running i am unable to logon to windows live messenger (v2009)
Starting Windows Live Messenger works fine, but I am not able to sign in.

All gameguard and cabal processes are trusted applications, and the entire Cabal directory is on the “my own safe files”
After playing Cabal, sometimes(!) CIS crashes after a D+ event is triggered. This seems to be randomn, at least i haven’t been able to pin it down precisly.

As soon as i fully disable Defense+ this problem is gone And everything works fine, and CIS no longer crashes.

Some others are experiencing this bug too, but they didn’t search much for the causes

I have tried running under an administrator, power user and just regular user account. The problem shows up on all account types.

I did some further testing, but can’t come up with any further (usefull) results:

I’ve put D+ into training mode
Removed all entries in D+ to cabal and gameguard
Unchecked every box in D+ settings

But still as soon as gameguard is launched, all the usernames of processes are gone, and Windows Live Messenger isn’t able to login anymore.

If you don’t received a BIIIG BSOD with Gameguard yet…hmmm you are lucky (:LGH) A more severe issue was discussed some time ago here: https://forums.comodo.com/empty-t22022.0.html

That’s indeed what i said, but those were fixed and up untill CIS 3.5 it all worked fine.

The latest version of CIS v3.8.65951.477 does unfortunatly not solve this problem either :frowning:

Today Gameguard version from Lineage 2 has been updated and BSOD generated in conjunction with D+ is history… Can you verify if the gameguard has changed for Cabal too?

Well as i already stated the BSOD problem was already solved long time ago for cabal. At this moment cabal (EU version) still uses gameguard revision 1264. And the problems described in the start post still remain.

It was fortunate that the game that I play has recently just changed from the usage of GameGuard to another anti-hack program, which works with the upgraded CIS.

So as of now I will not have any experience with GameGuard. Those still playing games that use GameGuard can continue to report your problems.

Small bump :slight_smile: Saw some rumours about a possible upcomming release of cis.

Normal behaviour of gameguard is that it will inspect (more or less inject itsself into) each new process started to see if it might be an illegal/cheat program for the game it is protecting (in this case Cabal EU)
I’m still running without d+ now, but at least this work :slight_smile:

And another bump. This problem still remains in v3.9 (beta)
In the meantime gamguard has been updated to nPortect GameMon Rev 1293

After cabal is launched i get some D+ popups about Services.exe and again all proces names are gone, and i’m unable to logon to windows live messenger.
So again i have to disable D+

Can you show us screenshot(s) of the popup regarding Services.exe? I guess a new service is being made. Is the name of the service the same each time or is it different?

For some reason i’m not able to reproduce the popups of services.exe…
I have enabled D+, cleared all previous entries and put it into paranoid mode.

As soon as i start cabal up i get a bunch of popups, most are common/safe. I’ve taken some screenshots of the popups regarding gameguard. 1 to 10 is when cabal/gameguard starts up. And the last 2 appear when i close cabal/gameguard.
Apparantly gameguard tries to gain some high privilidges so it can hide the processes from cabal. My guess is they want to do this so other programs can’t find the cabal process to “hack/cheat” into.

And again, if i have disabled defense+ completly everything works fine. The process gets hidden, but all the other processes keep a “name” and i’m able to run/use any other program i like.

[attachment deleted by admin]

Please try making Cabalmain.exe, Gameguard.des and Gamemon.des safe files.

Go to Defense + → Common Tasks → My own safe files → Add → browse files → add the mentioned files → Apply → Close .

Let us know how things go.

I did another full reinstall of CIS 3.9 (under the administrator account now)
And on the first start i got a few “services.exe” popups again. I have made a few screenshots of them.

Adding cabalmain.exe works, but when i select gameguard or gamemon.des it does not appear on the safelist after i click ok. (add files, manually add them, than click apply) And so the problem still remains.

[attachment deleted by admin]

The services.exe popups show that a service with the name npggsvc is being made. When you allow that and start the program do things work?

What happens next time you start the program? Do you get popups of services.exe again? If so what is the name of the service being made? I want to know if the program is not making a service with a new name each time it starts.

I allow (and let comodo remember) these actions, when i start the game again i do not receive any more popups about services.exe But still the problem remains the same.

Btw:
There is a USA/Canada version of the Cabal Online aswell, which as far as i know uses gameguard too. Perhaps it can be of use: GamersHell - Your Gateway to Gaming Since 2000

It is just a wild thought. Could it be that Windows Live Messenger is being seen as a risk by Gameguard?

I don’t think so. When i have D+ completly disabled everything works fine, and WLM and gameguard run toghether without any problems.

Could you check the logs of the Firewall and D+ for events with WLM and Gameguard?

Ok, this time i have put D+ to “disabled” (rather than completly disabled) and unchecked all the monitor settings.
Again the problem remains the same. As soon as cabal/gameguard is active, the processes loose their “user name” and again WLM is not able to login. The firewall logs shows nothing (Windows Live messenger is defined as a trusted application)
When i have D+ completly disabled (the box with “need to reboot” checked) and i start cabal, the task manager is completly normal.

I’ve attached a screenshot of the process manager, together with the D+ settings i used. And i should add that in the first beta release of 3.8 not only WLM didn’t work, but no program would start when D+ was running.

PS: I appreciate the help :slight_smile:

[attachment deleted by admin]

Thx for the information. I see msnmsgr.exe is not in your Task Manager list. Please start WLM with gameguard running. Then look up the logs of the Firewall and D+.

The logs can be found under Firewall → Common Tasks → View Firewall Events and D+ → Common Tasks → View Defense+ Events. Show me what is being logged in both logs with a screenshot.

If I understand correctly WLM will start up but won’t connect, right?