PunkBuster slips past Defense+

I do a lot of online gaming, and while I hate cheaters, I also hate the fact that Punkbuster wants to spy on me 24/7.
I’ve been trying to get Comodo to stop PunkBuster from changing its Services entry to “Automatic,” but no dice. I’m pretty sure I’m just not configuring it correctly.

AFAIK, Punkbuster has three parts: PnkBstrA, PnkBstrB, and PnkBstrK. 'A is the main part, the one that communicates with the game server, while 'B is the part that puts itself in the registry and tries to run constantly. I’m not sure what 'K does, but it’s a .sys file, not an .exe. I know that both 'A and 'B try to change 'B’s registry entry.

Anyway, the Services directory is already in the Protected Registry Keys thingy, so I set, in the access rights, to block both 'A and 'B from changing the registry keys. They still slipped past. Then I tried changing the protected keys, and I put the Automatic Startup group under “Blocked.” And they were still able to change the registry.

I’m not sure what to do next, can someone show me the correct way to block them?

Vettetech or someone else might help you further, But as I see it: PnkBstrA, PnkBstrB & PnkBstrK are ALL services part of the Game to run it.

and A & B are trying to change registry keys- Is this the cheat your talking about and want blocked? Or is this NORMAL behavior? Probably the cheat Because “B” is trying to change its OWN Reg keys!!! :open_mouth:

By the way…All 3 services automatically run on Windows Startup?

This is a hard one! 88) :slight_smile:


No. I’m not trying to block a cheat, I’m trying to stop PnkBstrB from starting with Windows. As far as I can tell, if Punkbuster can’t change the registry, then it just goes, “Oh, whatever…” and keeps doing it’s job. I don’t think it’ll get you kicked from servers.

I’m just trying to stop PnkBstrB’s registry entry from being modified.

Help is on the way… :slight_smile:


Very easily fixable and has nothing to do with Comodo. Do what I do. You CANNOT stop Punkbusters but you can stop it the SERVICE from booting up. Simply go to run and type “services.msc”. Then find Punkbusters A & B and set both services to manual. Unfortunately every time you play a game that uses Punkbusters it will change back to automatic. So after your done playing then just do that same steps. Stop the services and change them to manual. You will get kicked off of servers and even band if you ■■■■■ with Punkbusters or try to stop it from running.

That’s… exactly what I’ve been doing. I’m not so sure about the getting kicked part, because as far as I could tell, Comodo did stop PunkBuster from changing the registry. It’s services entry was still set to manual when I was finished playing, and I hadn’t gotten kicked or banned from the server.

Please tell me the correct way to set up Defense+ to protect PunkBuster’s registry entry. If that does get me kicked, then I’ll make a batch file to run at shutdown that “fixes” the registry.

There is no way that I know of. Punkbusters is one of those programs you don’t mess with. Are you looking for a way so it doesnt change to auto by itself?

Yes, that is what I’m trying to do. Sorry if I wasn’t being clear.

Well honestly I don’t think there is a way and believe you me if you ■■■■■ with Punkbusters you will get band. Sometimes permanently. I know several gamers this happened to. The only game I play that really uses it is COD4. When I am done playing I simply stop the Punkbusters services and put them back to manual. Only takes a second.

Well… How would you normally go about protecting specific registry keys from modification?

Have you tried going to D+\My Protected Registry keys?

On WinXP, you can use the “sc” command to control services. You can try “sc config pnkbstrb start=demand” from a command prompt to set the pnkbstrb service to manual from automatic. It’s probably be easier to set up as a script, and run as needed. The sc command has a large number of parameters. You can type “sc /?” to get a quick introduction, but digging into the WinXP Help&Support will give a lot more detail.

I made a script, but I went the Rube Goldberg route. I had it query the registry, and then make a temporary registry file, and then paste it in there. 88)

Yes, I have tried that. The firewall then asked me whether I wanted to allow PnkBstr to modify those, I chose no, but Punkbuster did it anyway.

Takin from the Punkbusters site.

Can I configure these components to run as other users rather than as a system service?

These components will not operate properly unless they have Administrator rights. Any manual reconfiguration after they are installed may prevent being able to play on PunkBuster servers.

Can I safely stop / disable / remove these new components when not playing games?

Yes. However, please keep in mind that the PnkBstrA service is designed to run all the time and auto start when the computer is booted. If you choose to alter this behavior manually (which is an advanced topic beyond the scope of this FAQ), keep in mind that in order to play on PunkBuster enabled servers going forward, PunkBuster will need unblocked communication with a running and working PnkBstrA service when the game is started. Otherwise, PunkBuster servers will kick from gameplay.

Vettetech, I already knew that, mainly because that’s the fourth time you’ve said it.

If anybody cares, here’s a thread in a different forum with scripts and stuff for “dealing” with Punkbuster:

Listen JP don’t give me an attitude for giving you a heads up warning. No need for a batch file. When i am done playing Crysis or Q4 or even COD4 I merely open up my AnVir task manager and stop both Punkbusters A and B then put them to manual. It only takes a second and is no biggie to me. I have seen and heard of many people getting kicked out of servers and even band for screwing with Punkbusters. Taking a few seconds to disable a program from auto starting with Windows is no big deal to me.

I eyeballed your script thread on the other forum. Good going! As long as it works for you, and you understand it, that’s what you should be using.

As for your original question about how to do something like this in CFP using D+, I have no idea. On seeing what the script is doing, it doesn’t look like something that CFP should do, as it’s a system management policy function, and not so much a permissions problem. For things to be reset to automatic each time, means there’s code down in the innards of the pnkbstr processes that look at the bits and set things accordingly. If the processes are running with admin privileges, which seems to be the requirement, then even with permissions set the admin authority could override. If that makes any sense.

Is the script method a workable solution for you? If so, I can mark this as resolved. Otherwise, we can try digging into some other ideas.