Michael Withstand 10 Posted August 19, 2010 A picture tells a thousand words Can BI explain why their app is thought to be attempting buffer overflow attack? Share this post Link to post Share on other sites
Gunter Severloh 4067 Posted August 19, 2010 What are you running that gives you that message? Share this post Link to post Share on other sites
Michael Withstand 10 Posted August 19, 2010 Günter Severloh said: What are you running that gives you that message? As the pic states Combined operation: arma2oa.exe With ACE2 add on and mando missile add on. Not running the game with add-on would also result in the same warning. The beta would not give the warning though Detection is done by COMODO CIS(COMODO Internet Security) Share this post Link to post Share on other sites
MJK-Ranger 0 Posted August 20, 2010 Topic: "tried to execute shellcode as a result of possible buffer overflow attack" From Ronny at Comodo forum: Quote Hello Amy, The new version of CIS 3.9.x (Still beta though) has a few fixes to prevent false alerts. I can't tell from this info if yours is a false positive, but if you like you could try 3.9.x beta and see if the alert is gone.... i have to say you should probably only be using beta software if you feel confident. You could if you have time, export your "old" 3.8 configuration, uninstall the 3.8, install the 3.9.x beta and see if the problem still exists or not, remove 3.9.x beta, install 3.8 latest and import your settings back so you are "back to where you started" only you know if the alert is still there in the latest version. And from LostAmy that had the problem: Quote Hi Ronny, i've downloaded and installed the Beta version and everything seems to be working fine. thanks for your help! It's a good idea to use google to search after error from applications ;) Share this post Link to post Share on other sites
Michael Withstand 10 Posted August 20, 2010 (edited) I did google it but found nothing...well I didn't look past the first page or maybe I was googling the wrong keyword. Any link to those? Besides it's already version 4.0 now those quotes are irrelevant. Edited August 20, 2010 by Michael Withstand Share this post Link to post Share on other sites
MJK-Ranger 0 Posted August 20, 2010 (edited) Michael Withstand said: I did google it but found nothing...well I didn't look past the first page or maybe I was googling the wrong keyword.Any link to those? Besides it's already version 4.0 now those quotes are irrelevant. But try a newer version or latest beta from Comodo and see if you still run into same problem. To me it's seems to be more like a Comodo bug or something. Version 4.1 is the newest i think. http://forums.comodo.com/help/tried-to-execute-shellcode-as-a-result-of-possible-buffer-overflow-attack-t35795.0.html http://tinyurl.com/32t86e8 :D :) Comodo Internet Security v.4.1 (free version) Edited August 20, 2010 by MJK-Ranger Share this post Link to post Share on other sites
Gunter Severloh 4067 Posted August 20, 2010 no i meant running as is it the game giving you this message or another progam, like an anitvirus or something. Share this post Link to post Share on other sites
Michael Withstand 10 Posted August 20, 2010 MJK-Ranger said: But try a newer version or latest beta from Comodo and see if you still run into same problem. To me it's seems to be more like a Comodo bug or something. Version 4.1 is the newest i think. http://forums.comodo.com/help/tried-to-execute-shellcode-as-a-result-of-possible-buffer-overflow-attack-t35795.0.html http://tinyurl.com/32t86e8 :D :) Already using latest version. Günter Severloh said: no i meant running as is it the game giving you this message or another progam, like an anitvirus or something. It's a security app COMODO Internet Security. The warning comes out whenever trying to launch Combined operation. launching beta version of Combined Operation would not result in the warning being shown. Share this post Link to post Share on other sites
MJK-Ranger 0 Posted August 20, 2010 (edited) Michael Withstand said: launching beta version of Combined Operation would not result in the warning being shown. Interesting, hmm Are you running Steam Version of ArmA2/OA/CO? You are not running the game in Sanboxie from Comodo? I'm not familiar with Comodo products at all, but I can not remember having seen others in here with same issue. Edited August 20, 2010 by MJK-Ranger Share this post Link to post Share on other sites
Michael Withstand 10 Posted August 20, 2010 MJK-Ranger said: Interesting, hmm Are you running Steam Version of ArmA2/OA/CO?You are not running the game in Sanboxie from Comodo? I'm not familiar with Comodo products at all, but I can not remember having seen others in here with same issue. No Im not using COMODO sandbox It's OA retail(boxed) version merged with ArmA 2 retail version Share this post Link to post Share on other sites
Gunter Severloh 4067 Posted August 20, 2010 what if you turn that program off and then try the game, will it work then? Share this post Link to post Share on other sites
Michael Withstand 10 Posted August 20, 2010 (edited) Günter Severloh said: what if you turn that program off and then try the game, will it work then? Yes it would work I assume but according to COMODO Internet Security some hidden program would also be run that would enable some people to take over my machine :rolleyes: Running the app when the security app is telling you it's potentially dangerous would make using the security app kind of pointless . . . . . Edited August 20, 2010 by Michael Withstand Share this post Link to post Share on other sites
Gunter Severloh 4067 Posted August 20, 2010 dont think they would if you dont have your remote services enabled, plus if you got a firewall on. Are you in mp when you play or try too, or are you just in the game sp, and editor? Share this post Link to post Share on other sites
Michael Withstand 10 Posted August 20, 2010 I play MP most of the time, firewall wouldn't help against this kind of attack I think. Shellcode is taking advantage of vulnerabilities in app to take control of the target machine. It's very risky. I hope some other people are also experiencing this as well and hopefully it's a false positive. Running the game using admin right is stupid however. OA would make you to run it on admin rights when battleeye is used in game.:( Now I can't even run the game. I may have to exclude the app from bufferoverflow detection Share this post Link to post Share on other sites
Encrypted_God 10 Posted August 20, 2010 (edited) My 2.5 Cents: First you need to understand what a 'shellcode' is. Lots of information available but here's one for ya ---> LINK Next, educate yourself on what a Buffer Overflow is. ---> LINK Now, I'm more then positive that this is alarming for a lot of people. So it would behoove you to investigate it. However; Something else you have to take into consideration that most to all games need internet access whether you're in SP or MP. With that said; Some AV's will erroneously report such behaviors in some games. Including applications as well. If you are positive that you don't have ANY virus's, malware, spyware and all that crap then maybe it's COMODO being to paranoid. But I suggest you scan your entire computer again using different programs of your choice. Hm...what else ...Try a different one first. well I'm sure we'll all get this figured out but patience is key but we need to keep our cool and try not to go off the deep end about this... EDIT: Oh...I am in no way disrespecting the COMODO program and I have no reason to doubt it as I have never used it. However, you might want to think about getting a different AV if you have had this before (This issue). Or better yet, just try one from a reputable vendor. I personally use Kaspersky 2011 Internet Security Edited August 20, 2010 by Encrypted_God Share this post Link to post Share on other sites
Michael Withstand 10 Posted August 20, 2010 Encrypted_God said: My 2.5 Cents: First you need to understand what a 'shellcode' is. Lots of information available but here's one for ya ---> LINKNext, educate yourself on what a Buffer Overflow is. ---> LINK Now, I'm more then positive that this is alarming for a lot of people. So it would behoove you to investigate it. However; Something else you have to take into consideration that most to all games need internet access whether you're in SP or MP. With that said; Some AV's will erroneously report such behaviors in some games. Including applications as well. If you are positive that you don't have ANY virus's, malware, spyware and all that crap then maybe it's COMODO being to paranoid. But I suggest you scan your entire computer again using different programs of your choice. Hm...what else ...well I'm sure we'll all get this figured out but patience is key but we need to keep our cool and try not to go off the deep end about this... I understand that most games would need internet access and I have no objection to that and I play other games as well that need internet access and have no problem with shell code or buffer overflow attack. I asked to know whether this is a false positive or a true positive. Last time I scanned it was all clean. I'll scan everything again. Share this post Link to post Share on other sites
Encrypted_God 10 Posted August 20, 2010 Understood sir. And believe me, I wasn't belittling you. I am here (like many others) for you if you need help. We'll get this figured out. Oh..I do have to ask this; Does your computer "act funny". I mean do you notice strange things that would indicate virus' or that other junk? Reason why I ask is because within the last week My own rig has been acting funny. Long story short I was forced to Re-Format because sometimes it's better to start over from scratch then spend hours and hours trying to figure it all out. Plus...headaches Share this post Link to post Share on other sites
Michael Withstand 10 Posted August 20, 2010 (edited) Umm no nothing funny at all. everything seems to be fine. I didn't feel you were belittling me either. I'm suspicious that the disc checking is what's causing this. The beta won't check for disc. the server exe won't either. I think whatever causing it may have stemmed from the disc checking. I hate having to have the disc in the tray. BI please give us no disc patch ASAP. And if some hacker found exploit in arma2oa.exe and inserted some nasty shellcode injection especially because the exe is demanding to be run with admin rights then we would not be able to tell because of the disc checking also resulted in the same warning. Running game with admin rights is just STUPID. ---------- Post added at 10:27 AM ---------- Previous post was at 10:19 AM ---------- Encrypted_God said: EDIT: Oh...I am in no way disrespecting the COMODO program and I have no reason to doubt it as I have never used it. However, you might want to think about getting a different AV if you have had this before (This issue). Or better yet, just try one from a reputable vendor. I personally use Kaspersky 2011 Internet Security Yea man COMODO is like the best firewall and internet security suite out there and it's free too. No kiddin. Official tests have concluded that COMODO security suite is the best one out there. I think it's you who may need to switch. :D No kiddin. ;) Google it http://www.matousec.com/projects/proactive-security-challenge/results.php yea the test was on proactive security but the firewall and Anti virus are also very very good. Edited August 20, 2010 by Michael Withstand Share this post Link to post Share on other sites
Encrypted_God 10 Posted August 20, 2010 Yes!! there ya go!! Come to think of it, how about the SecuRom? Do you have to put the disk in every time? This is offtopic but I had to use the CD/DVD everytime I wanted to ArmA 2. Then a very good friend of mine (Gunter Severloh) told me that I only had to do it a few times. RE: SecuRom verifying the disk. Which I neglected to think about. Share this post Link to post Share on other sites
Michael Withstand 10 Posted August 20, 2010 (edited) Encrypted_God said: Yes!! there ya go!! Come to think of it, how about the SecuRom? Do you have to put the disk in every time? This is offtopic but I had to use the CD/DVD everytime I wanted to ArmA 2. Then a very good friend of mine (Gunter Severloh) told me that I only had to do it a few times. RE: SecuRom verifying the disk. Which I neglected to think about. Hmm it was just a suspicion I wouldn't jump into conclusion because there's no way to verify that it's really the SECUROM since it could very well be a shellcode injection that's run at the same time Securom is checking for disc. And it's a bad programming if it is true. If the game wouldn't demand ADMIN rights in the first place I wouldn't be so worried. Edited August 20, 2010 by Michael Withstand Share this post Link to post Share on other sites
Encrypted_God 10 Posted August 20, 2010 (edited) Agreed. But SecuRom is notorious for that stuff ---------- Post added at 11:04 PM ---------- Previous post was at 10:53 PM ---------- I'm sorry but I need to go. I got to get some sleep. I wish you good luck my friend . I'll check on this thread in the morning Edited August 20, 2010 by Encrypted_God Spell Check Share this post Link to post Share on other sites
Gunter Severloh 4067 Posted August 20, 2010 Lol Jaeger, (encryptd God) Hes close Buddy of mine for many years and we game together reguarly. anyways, have you ever been able to play the game without the disc? Personally i had only installed Arma 2 when it first came out, and then had the disc in once i think to play and then after that maybe the patch i never had to use the disc again, so I can just click on the icon and Im in. I use AVG and I dont get any interference, but this is a stumping issue you have, as Jaeger would say we need to go through a process of elimination, basically strip everything down to the bare bones and the test things out and see what response we get. I think in a way you should start over, lose the antivirus, and any protection and what not, maybe uninstall reinstall the game, and just start over, play it, patch it, play it and final patch it, and then if the game works, go from there, the next response after the game should give you or at least narrow it down to what is possibly causing the inability to play, off course you have an idea already but we dont really know for sure what it may be. Just a thought. Share this post Link to post Share on other sites
Michael Withstand 10 Posted August 20, 2010 (edited) Well Encrypted God seems like a nice fellow :rolleyes: I don't have any problem running the game just that my security apps is telling me of Shellcode injection. It was just matter of changing setting in the security app but still I'd like to know what was it about. I'm still unable to accept that Battleeye requires the game to be run on admin rights which would make shellcode injection much more potent and would not surprise me that the game exe does have some exploits since it was probably never designed with customer security as priority. This is what concerns me: playing with admin rights and getting the shellcode injection warning at the same time and playing and hosting the game online :o I need the have OA disc inserted except when playing BETA version Edited August 20, 2010 by Michael Withstand Share this post Link to post Share on other sites
Gunter Severloh 4067 Posted August 20, 2010 Quote I'm still unable to accept that Battleeye requires the game to be run on admin rights I have read about this admin thing so many times in the forums here yet I have no idea what it is, does it have to do with windows 7? as I have windows xp. Quote warning at the same time and playing and hosting the game online I can see that being a concern, especially when hosting, not sure if it would work that where one person computer can pass a virus or something to yours while your hosting the game, I'm sure Jaeger can touch on that. Share this post Link to post Share on other sites
Michael Withstand 10 Posted August 20, 2010 Günter Severloh said: I have read about this admin thing so many times in the forums here yet I have no idea what it is, does it have to do with windows 7? as I have windows xp. When you play online some servers are using battleye that checks for game hacks in order to prevent people playing from cheating their fellow gamers. This battleye now since OA requires that the game be played on admin rights otherwise that player will get kicked out of the server. Anyway it seems that the warning is not really about real shellcode injection http://forums.comodo.com/defense-sandbox-help-cis/operation-arrowheadgame-triggered-buffer-overflow-warning-t60703.0.html Share this post Link to post Share on other sites