Jump to content

Surf Protection blocking game going online


Sturm
 Share

Recommended Posts

Hi,

I'm trying to run game IL2-Sturmovik(on steam), it needs to login online.

Emsisofts Surf protection blocks it.

There's no notification or log entry about the executable being blocked!

Game folder is excluded from scaning and monitoring.

It only works, when I disable the Surf protection.

 

How do I fix that?

 

 

Link to comment
Share on other sites

Can you launch the game in windowed mode? If so, then the notification should be displayed.

If not, then you can enable showing notifications in Silent Mode in Emsisoft Anti-Malware's settings:

  1. Open Emsisoft Anti-Malware.
  2. Click on Settings.
  3. Click on Notifications in the menu at the top.
  4. Turn off the option that says Don't show notifications in Silent Mode.

If you can see the notification, then you can click the Don't block this button in the lower-left corner of the notification. Otherwise, if you can figure out exactly what address is being blocked, then it is possible to manually edit the Host Rules to allow it:

  1. Open Emsisoft Anti-Malware.
  2. Click on Protection.
  3. Click on Surf Protection in the menu at the top.
  4. Make sure that the option Hide built in list is not selected (located to the right of the search field).
  5. Search for the website that you would like to unblock.
  6. If you find it, double-click on it to edit the rule.
  7. Change the Implemented action to Don't block, and click OK to save it.

Link to comment
Share on other sites

Hi,

I enabled notifications in silent mode... without effect. Logs are empty.

AS marko mentioned, the option for the hidden list is not there.

I tried to add new rules... without effect.

Their login server is on the Amazon cloud >>  ec2-174-129-204-103.compute-1.amazonaws.com

What bothers me the most (as an IT guy and customer) about this is that the application is being so oversimplified, I can't do anything about it 😕

No proper logs to read, hidden list/settings, which you can't control.

If you need Wireshark network traffic dumb or something, I can do that. Thanks.

Link to comment
Share on other sites

17 hours ago, marko said:

Arthur, this option was removed from the gui some time ago so Sturm won't be able to do this

You're right, I need to update my canned instructions. ;)

 

8 hours ago, Sturm said:

Their login server is on the Amazon cloud >>  ec2-174-129-204-103.compute-1.amazonaws.com

That address is not in our database.

 

8 hours ago, Sturm said:

I enabled notifications in silent mode... without effect. Logs are empty.

If you enabled notifications, then there should have been a notification. Are you sure that EAM is blocking it intentionally? It could simply be a bug causing the communication to error out when monitored by our Surf Protection.

Would it be possible to attach your logs.db3 file to a reply, and let me know roughly what times/days this happened on? It's an SQLite database containing all log entries, and usually when log entries don't appear in the UI they will still be in logs.db3. If it is being blocked intentionally, then I should be able to see it in the logs.db3 file.

Link to comment
Share on other sites

  • 3 weeks later...

> "I even turned DEBUG ON, but there is nothing interesting being logged"

Did you disable debug logging afterwards so that the in-use sets of debug logs were closed (and new ones opened)?

Also... unless you know what Emsisoft's code does, the meaning of return codes etc from their functions, I don't understand how you think you can tell what the flow of logic described in the debug logs actually means. 

Link to comment
Share on other sites

24 minutes ago, JeremyNicoll said:

> "I even turned DEBUG ON, but there is nothing interesting being logged"

Did you disable debug logging afterwards so that the in-use sets of debug logs were closed (and new ones opened)?

Also... unless you know what Emsisoft's code does, the meaning of return codes etc from their functions, I don't understand how you think you can tell what the flow of logic described in the debug logs actually means. 

I was looking in db file (SQL log), not the text files, which were written elsewhere.

Link to comment
Share on other sites

> I was looking in db file (SQL log), not the text files, which were written elsewhere.

The db file is just the "forensic log".   The logs created when you turn DEBUG on are placed in:  C:\ProgramData\Emsisoft\Logs        and - if you leave DEBUG on for long - can become very large.

Link to comment
Share on other sites

@Sturm have you tried adding an exclusion for il-2.exe to see if that has any effect on the issue? I keep my entire Steam folder excluded, as there are some games that don't respond well to the hooks Emsisoft Anti-Malware opens (Garry's Mode for instance).

If you'd like to try it, then here's how:

  1. Open Emsisoft Anti-Malware.
  2. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle).
  3. Click on Exclusions in the menu at the top.
  4. The exclusions section contains two lists (Exclude from scanning and Exclude from monitoring). Look for the box right under where it says Exclude from scanning.
  5. Click on the Add File button right below the Exclude from scanning box.
  6. Navigate to the folder you would like to exclude, click on it once to select it, and then click OK.
  7. Scroll down to the box under Exclude from monitoring and click the Add File button right below that box.
  8. Navigate to the folder you would like to exclude, click on it once to select it, and then click OK.
  9. Close Emsisoft Anti-Malware.

Note: If a program you have excluded is running, then you will need to close it and reopen it for the exclusion to take effect. In some cases you will need to restart your computer before this will happen.

Link to comment
Share on other sites

  • 1 year later...

Hi @GT500,
Sorry to bump an old thread, but this issue is not solved.
Here are my fresh logs, tried to keep them as clean as possible.

I didn't see the game executable anywhere in a2service, but i suspect it is using dllhost.exe instead.

I'll try to find the address of the login server using fiddler.

Thanks!

Logs.zip

Link to comment
Share on other sites

10 hours ago, neo_razgriz said:

Sorry to bump an old thread, but this issue is not solved.

The game in question is IL2-Sturmovik?

 

10 hours ago, neo_razgriz said:

Here are my fresh logs, tried to keep them as clean as possible.

OK, thanks, I'll forward them to QA.

Link to comment
Share on other sites

Let's also get logs from FRST, in case they show anything relevant. You can find instructions for downloading and running FRST at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.

Link to comment
Share on other sites

1 hour ago, GT500 said:

The game in question is IL2-Sturmovik?

Yes, the game is IL-2 Sturmovik.
Specifically, the error occurs when starting the game / trying to log in.

If i log in, then reactivate the protection, i can connect to game servers without issue.
I believe the traffic to the login server is blocked.

Attached FRST output files.

Thanks!

Addition.txt FRST.txt

Link to comment
Share on other sites

At the moment we believe this is related to our WFP (Windows Filtering Platform) driver. Hopefully this issue will be resolved in a future update to that driver.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...