OK, the CFP Developers are painfully aware of this issue & are investigating.
However, I get impression that they are very unhappy with nProtect & its rootkit-like behavior. It actually seems to be trying to disable CFP and may have even been successful on previous versions until CFPs rootkit protection was improved in 3.0.22.349 (thus, the BSODs). But, they are actively investigating & if they find a bug in CFP, they will fix it PDQ.
I would suggest that it might be prudent for users to contact their Game vendors, advise them of this issue & get their take on it. Ignoring CFP for a moment, this nProtect GameGuard might be disabling firewall protection at will.
GameGuard tries to disable CFP’s Defense+ and CFP tries to counterattack. During this fight, if you have another security software installed(For example AVAST!), unexpected BSODs happen. We will be fixing these BSODs with the next update(in a couple of days).
However to be able to play the games, you must permanently disable Defense+ otherwise it wont let any rootkit to disable its protection(i.e. it will activate its self defense).
To deactivate the D+ permanently
1 - Goto “Defense±>Advanced->Defense+ Settings”
2 - Select “Deactivate the D+ permanently” checkbox
3 - Press Apply and restart your PC
The games must work fine if you follow 3 steps.
However as a side note: The behavior of this game protection software is typical of a rootkit and can never be accepted as a legitimate behavior. There is no such thing as “white rootkit” in terms of CFP. CFP is an anti rootkit tool. Whether it is white, blasck, red, yellow. Unless the rootkit does not attack CFP, it wont attack the rootkit if it is allowed by the user. But this one is unfortunately attacking D+ core.
Maybe you can leave this at “user level” . Every user if he/she wants - to disable (in one or another way) monitoring of this particular aplication. On the other hand , maybe it’s nProtect problem, not game developers. They take and implement this “Gameguard” as a finite product, and they cannot add modifications to a software that is not their product. For my point of view is a simpler way for comodo to implement a rule for this particular aplication, not to disable entire firewall rootkit protection. Anyway, nProtect gameguard is not a hack program - is a legitimate program, and is not the single one in this category…
BTW - i use CFP in conjunction with NOD32 antivirus (V.3)
The reasons & work-around are above. But, be aware - although the CFP Devs might be able to stop the actual BSOD from happening, that probably will still not allow nProtect GameGuard to disable CFPs Defense+ Rootkit protection. In short, you still might not be able to play the game without Defense+ being permanently disabled first (the current work-around).
razor74: Yes, I understand that the game developers are not directly responsible for GameGuard. I suggested contacting the game developers since they are, in effect, customers of nProtect & it would be appropriate for them to contact nProtect on this issue (they’d probably carry more weight as well) rather than you (the end-users). I may be wrong, but often in situations like this, nProtect may not even want to talk to, or acknowledge, the end-users directly.
And other sollution? From your side? For example - to let user to create a rule to leave gameguard to function without interfere with CFP? To be more explicit - let user to decide what can he do with his security in this case, but not to disable entire D+ . It is so difficult to resolve this problem? It’s annoing to disable and restart computer every time when i want to play a MMO game. And i don’t want to have a firewall partial disabled. Most users will preffere to uninstall CFP for the time when they play those games. And time it can be looong, very long. To play a MMO game it can take months, or maybe over an year… I propose this sollution because i am aware it will not be any fix (too soon) from game developers or INCA software (developers of Gameguard)… :-[
Firstly, I’m one of you (a user), most Mods are volunteer users here. Although, I do code (infrequently these days)… I’ve never coded for Comodo. So, this is a personal take, not an official one…
It is so difficult to resolve this problem? Based on what Egemen has said, yes I suspect it might be. I doubt that an allowance can be made on a application by application basis, as this issue has a system-wide impact. The problem is that GameGuard is “attacking” CFP (I guess it thinks CFP is a cheat/bot or whatever) & that is provoking CFP into responding in-kind (self-defence). This, coupled with the presence of another security app, results in the unexpected BSOD. Even if CFP allows GameGuard to disable its anti-rootkit (which it cannot/must not do), then CFPs anti-rootkit protection is disabled system-wide (globally). This, for the user, is not a good thing. Additionally, CFP is probably ahead of most of the field in things like rootkit protection… but, it’s only a matter of time before GameGuard starts running foul of other security software (firewalls, AVs, HIPS, etc…).
Disabling CFPs anti-rootkit protection: I don’t think this is a switch, that can be turned off and on. We’re probably talking about Kernel-level hooks here. Which is probably why you need to reboot to disable Defense+.
I hope that helps or, at least, makes things a little clearer.
Let me be clear about what it is: It is ENTIRELY DISABLING CFP and any other security software in an illegitimate way. Never mind entirely disabling them, by unhooking, it is also endangering the OS stability. The operations it attempts are not such simple things. It is trying to disable kernel hooks set by CFP.
Your only option is to disable D+ permanently. Because there is no way to run D+ and such a rootkit in the same computer.
We can reconsider restarting requirement for disabling D+ permanently. But this does not solve anything. Really D+ is only to protect against such things. You should simply disable it permanently if you are OK with this fact. No other security software will be operational in anyway with those game protection hacks.
Yesterday i start a discussion on 2Moons Forums at bugs section, and i don’t see 'till now any answer. Inca software on their web site disabled contact link ;D. They are koreans and don’t expect any “good” from their brains. There are many discussions about the same problem on Agnitum (Outpost Firewall) forums witch probably incorporate anti-rootkit protection, and they obtain nothing till now from koreans.
I’ve gone to all lengths to try to run this game (except disabling D+ permanently & uninstalling CFP), I’ve even disabled the cmdagent.exe & removed cfp.exe from startup, did a restart… and then tried to run the game, it still does not work. (:SAD)
Does D+ run even with cmdagent.exe and cfp.exe disabled? Someone have any explanation for this behaviour? ???
Hello,
Lineage II has just joined the club. GameGuard was updated and computer rebooted as soon as I ran it.
I came here due to my own findings, after re-installing DirectX, graphics drivers even the game. The first things that I have tried were to shutdown Comodo to see if there is a conflict, but alas … it didn’t cross my mind that I have to disable D+. Just after uninstalling Comodo, I observed the change and I came to this post. Well now reinstalling without D+ (I am not happy - I valued D+ …).
So here is one answer for my last message to L2 support:
We do not promise that our game will work with every other application out there. Since the game works fine when Comodo is not on the system, you need to contact support for Comodo to see if they have a work around for this issue.
I am now angry ! (:AGY) I wish Inca will go bankrupt and save us all from their horrible products !!!
Maby some smart boys here would allow D+ to run even with that broken software.
Regards
Hi vyperin, welcome to the forums… sorry, however, it’s under such circumstances.
A quick clarification: You mentioned a GameGuard update… Do you mean that Lineage II (with GameGuard) worked OK with CFP 3.0.22.349 until GameGuard updated? Or was it the CFP 3.0.22.349 update that sparked the issue? Thanks.
Thanks for the warm welcome. I have read before your forums, but as I had nothing to add, I didn’t make an account here.
As for the Lineage II update, it was a major update to Hellbound, both for game and GameGuard version. I presume I had installed the previous version of Comodo before the update as in that same day with the game update I had done Windows update, Comodo Firewall update, etc. - together with a scan and defrag - like a little system maintenance.
I’ve sent an e-mail to Inca too, telling them it’s my own computer and I want to have Comodo as a firewall, play Lineage II as a game, but I never ordered GameGuard on the menu !!! Little problems like Firefox connectivity when GameGuard was running turned into system reboots (without BSOD containing explanation or events recorded into event log !). I have lost 1 day of my life looking for a problem that I didn’t generate. As I have disliked GameGuard in the past now I really hate it. It is a known fact that accounts and passwords have been stolen even with GameGuard “protection”. So, useless …
Is it a possibility that you provide GameGuard engine with fake kernel hooks at startup and even a set of fake system libraries, somewhat like a fake virtual machine that is a copy of the current running system, so that GameGuard (and possible other naughties) will take control of pretty much nothing ?
As I have previously stated, I love D+. I know who accesses who and what are they trying to do. It’s a really usefull tool to see how a program behaves. I agree to prevention before harm has been done.
Regards
Edit:
here is an usefull page about GameGuard behaviour: http://mfyyre.narod.ru/overview.html
I hope I didn’t break any rules because I haven’t got time to read them. My apologizes for that.
