How to use CFP with Microsoft Games?

Hi,

how do I set up CFP in order to play Microsoft Games like Zoo Tycoon 2? The problem is, that the game uses apparently a copy protection methode where the game executable (zt.exe) creates a new temporary file in C:\Documents and settings/[Username]/Local Settings/Temp, which starts another file (splash.exe), which then accesses the game disc, starting even another file (the actual game).

So I repeat: the game creates a temporary file every time it is started. The name of the temporary file changes every time, and it accesses then several other files.

For every instance I get a defense+ alert. Choosing “Allow” with “Remember my settings” is of course quite useless, as the temporary file changes every time.

What can I do to stop the alerts forever? I just want to play my games without clicking five or six times on “Allow” every time I start it. I have set zt.exe as a trusted app, but I can’t set the temporary files as trusted as they don’t exist until I start the game.

Any ideas?

Bye,
Vanilla74

I don’t know if this will work, but you can set the c:\documents and settings.…\Temp folder as a My Own Safe Files entry. I suspect that this will only work for the files in it when you do this, but I don’t see any other way to deal with files that are randomly generated and then need access privileges. Click Defense+>Common Tasks>My Own Safe Files> and click Add and choose Browse Files. Double-click to expand folders and browse to the …\Temp folder and then use the arrow button to put the folder on the Selected items list. Click Apply and hope for the best.

You could try using the wildcard.
I have gone back to v2 for the time being (until the interface becomes usable :p) so this is from my (pretty shaky) memory, but

1. go to D+ > advanced tasks > computer security policy
2. find zt.exe entry, highlight it then click edit on the right.
3. In the window that appears, click on ‘process permissions’ (I think it is? anyway, the one that isn’t protection settings)
4. In the next window that appears, click on ‘modify’ box in the first row (execution settings?)
5. in the execution settings window that opens, click ‘Add’, then 'browse".
6. This should open a file explorer type thing, with a text bar at the top. Type out the full path to the temp folder, and after temp put *.tmp , or *.exe as the case may be.
   (C:\documents and settings\username\local settings\temp*.tmp)

Now, close down all those b***** windows, until you get back to the ‘computer security policy’ window, and click "Add’, then ‘browse’, and add exactly the same line you did just before
(C:\documents and settings\username\local settings\temp*.tmp )
and press ok.
Once again in the ‘computer security policy’ window, highlight the entry you just created, and click on ‘edit’. In the window, again choose the ‘process permissions’ link, and in the window that comes up, again click on ‘modify’ in the top row. In the new window, click on ‘Add’, then browse. Browse to splash.exe, and press the arrow to move it to the right hand column. Press ok.

What you want to do now is to close all the windows again, till you’re back at the ‘computer security policy’ window.

Now what you need to is add the actual game executable to the list of processes that splash.exe is allowed to execute.
Highlight splash.exe, click edit, and once again, you want to choose the process permission link thing.
(you may want to have the game cd in the drive at this point)
In the first row, click on the modify button, and in teh new window that opens, click on ‘Add’, then browse. Browse to the drive that has the cd in it, locate the actual game executable and use the arrow to move it to the right hand column again.

I think, so long as you always put the game cd in the same drive, that should work.
You may also need to muck around in the ‘protected files and folders’ option for zt.exe, to give it permission to create a new file each time it’s run.

To do this (I think) in the ‘computer security policy’ window, highlight zt.exe and click ‘edit’. Once more, you want the ‘process permission’ link. In the next window, click on ‘modify’ next to 'protected files and folders. In the ‘allow’ tab, choose ‘add’, and then ‘browse’. In the text bar of the file explorer thing, type
C:\documents and settings\username\local settings
temp*.tmp
(or *.exe if zt.exe creates an xxxx.exe file)

I think that should cover everything, but remember to leave the ‘purge’ button in ‘computer security policy’ well alone, as it will delete the *.tmp rule.

Following the steps that [b]AnotherOne[b] posted is a good idea as well.

it’s a good idea but it creates a security hole since most of the malware firstly appear in “Temp” folder.

True, but not much of one imo.
the only process given permission to launch *.tmp is zt.exe. so iexplore launching *.tmp (for eg) should throw a d+ alert. And *.tmp is restricted to launching splash.exe only, D+ will ask about anything else started by *.tmp.

I suppose adding things like cmd.exe, iexplore.exe, for that matter *.exe, *.dll to the blocked tab in the execution permissions of *.tmp could tighten it up a bit?

If I’ve gotten something wrong though someone please step in, this is all from memory so I could easily have it wrong.

it’s just the best i could think of!

the only process given permission to launch *.tmp is zt.exe. so iexplore launching *.tmp (for eg) should throw a d+ alert. And *.tmp is restricted to launching splash.exe only, D+ will ask about anything else started by *.tmp.

That should work! Much better than my attempt…

Thanks quwerty, your approach worked like a charm. Had to modify it only slightly because the temporal file accesses even more files and processes, even a com-interface (something with rpc…), so I added whatever was necessary to the access options.

Now I can finally play my favorite game without any hassle!

Bye,
Vanilla74

Glad to hear it
As Burillo posted, this does open up a bit of a security hole, so I’d advise adding
C:\windows\system32\cmd.exe, C:\program files\internet explorer\iexplore.exe to the blocked tab in *.tmp’s execution permissions, and having any other access rights, (com interfaces, etc) set through the modify button, rather than just setting protected com interfaces (for eg) to allow. If you leave it at ‘ask’, you should get a warning if anything suspect is going on.

I also realized that simply putting *.exe in *.tmp blocked execution tab could cause problems, as a lot of installers seem to use temp files to launch the installing program.

cmd is sometimes used by installers too.

Oh bother.
cmd should have a pretty tight ruleset anyway, but that does throw a spanner in the works.

D+ should ask about cmd creating or deleting files in any important areas, or launching any new processes itself, but unless there’s another way around Vanilla74’s situation, I guess it’s gonna be a security vs usability compromise.