Starcraft 2 shellcode injection

I tried looking around in the forums about this, but no luck… I have problems running Starcraft 2, even in Game mode. Defense + reports a shellcode injection warning. The only way that works is disabling Defense+ entirely. Any ideas how to go around this?


I found another way to fix this without having to disable Defense+ entirely. I found a forum post regarding this same problem and Daemon Tools. The following link, Comodo Help, lead me to the steps in order to add Starcraft 2 to the exception list in Defense+

I hope this can be fixed in a next update from Comodo.

im having this problem with World of Warcraft too
had to add wow.exe to shellcode injection exclusions


Its in the stickies too here.

I had to go to Defense+ Setting at tab Execution Control setting and click on Exclusions to add 3 files for Starcraft 2

C:\Program Files (x86)\StarCraft II\StarCraft II.exe

C:\Program Files (x86)\StarCraft II\Support\SC2Switcher.exe

C:\Program Files (x86)\StarCraft II\Versions*\SC2.exe

It looks like every new patch we get on StarCraft2 - we’ll have to update the new version to get access again ( there are 2 older one there already ). Those 3 same files are suppose to be in the Trusted Files list too but I don’t see it on my list and yet when I try to add it - it said it was already added. However, I do have file:

C:\users\public\desktop\starcraft ii.Ink and I did put a check mark on it to include all subfolders.

I am adding details here for I know when the next patch happen again - I’ll have to search the forums to figure out what I did to fix it again and hopefully help other people better too. This is wayyyyyyyyyyyyy too much work to make it working again ( minuses a few hairs along the way - LOL )

Just so you’ll all know. I never had to go to Exclusions panel in version 4 of Comodo Internet Security. It just happen that Comodo updated my software to version 5 AND Starcraft 2 updated to a new patch !! What a bad combo to happen at the same time :-[

Last but not the least - my OS is Window PRO 64 bit software

Edit: I replace C:\Program Files (x86)\StarCraft II\Versions\Base 16605\SC2.exe with
C:\Program Files (x86)\StarCraft II\Versions*\SC2.exe - meaning I replace \Base 16605\ with *\ so that it would work with every patch update.

This is dealt with in the FAQ here.

The problem with this game in particular is the way it’s coded and executed. When you launch SC2, you do it through a lnk file which is basically a shortcut, to the file “drive:/Program Files (x86)\StarCraft II\StarCraft II.exe”. This executable in turn, is a launcher/patcher and loads “drive:\Program Files (x86)\StarCraft II\Support/SC2Switcher.exe”. After the patching/validation, it then loads “drive:\Program Files (x86)\StarCraft II\Versions\Base16605\SC2.exe” (latest patch 1.1.1).

Now, adding all these files to the trusted files list doesn’t do the job in its entirety, since by doing only this, the game loads, but it crashes right after log in. I need to also add this last file, SC2.exe to the exclusions list for buffer overflow protection in Defense+.

However, the patching nature of Blizzard Entertainment for this game is extremely “weird” to say the least. The game already has 3 patches out . On each patch, the path for the file SC2.exe changes. So far, there are 3 locations for this file in “drive:\Program Files (x86)\StarCraft II\Versions\Base15405\SC2.exe”, “drive:\Program Files (x86)\StarCraft II\Versions\Base16561\SC2.exe” and “drive:\Program Files (x86)\StarCraft II\Versions\Base16605\SC2.exe” (latest update, patch 1.1.1). This way, everytime the game patches, the already excluded SC2.exe in Defense+ is useless and it crashes again due to a buffer overflow or shellcode injection. In order to fix it, you have to manually re-add the SC2.exe file to the buffer overflow protection exclusions, to reflect the path change.

I hope my explanation is not as confusing as it might seem and its helpful for those having this problem.

Best regards

Not sure if this will work in buffer overflow protection exclusions but it might be worth trying.

“drive:\Program Files (x86)\StarCraft II\Versions*\SC2.exe”


Ah Dennis, you, magnificent Comodo god (:LOV). That does work as intended. I removed my previous exception and added yours. The game did not crash. I can expect this to keep working after a patch. Wonderful :).

Thank you,

i had this shellcode injection problem with Daemon Tools Lite. I checked “skip this application in the future” then clicked “skip”. (see the picture below) . and the alert never show up again.

edit: the application is automatically added to the Image Execution exclusion list.

thank you for this. :-TU didn’t know you can use wildcards.

[attachment deleted by admin]