Unlogged events

Mike2001
Mike2001 Posts: 9 Explorer
edited January 2022 in Web Browsing

Hi,

I've been trying to run a game demo through the Steam platform today, and kept getting hit with a steam error (steam application load error 3:0000065432). A quick web search shows that this error can be caused by AV software. So I go to look in the fsecure logs, and there's nothing recorded.

On a fairly obvious hunch, I disable Deepguard, and re-run the game demo - it works without a problem. So I quit, re-enable Deepguard, and add the Steam library folder to the exclusion list (which is most certainly not the solution I want to implement, creating small holes in protection). Re-running the game demo now, with Deepguard active and the folder excluded, and the game works fine.

But my question is this - as it's pretty plain that Deepguard blocked something (an .exe?), why isn't the action it took logged anywhere? Or logged in a place visible from the fsecure interface? And logged in a way that would quickly and easily allow me to permit the single blocked item to run, without having to allow an entire folder/subfolder structure?

Thanks,

Mike

Accepted Answer

  • Ville
    Ville Posts: 741 F-Secure Product Expert
    Answer ✓

    Hi,

    The problem is a bit more complex than that. Sometimes DeepGuard needs to inject code to another process to monitor it. Some games think that this is some cheat engine or an exploit and refuse to start, even if that injected code does not block anything. So, end result is that game refuses to start, but we did not block anything. Since we don't block anything, we can't show a message about it either.

    Like you noticed, excluding it will prevent this code injection and will also make the game work. You can also submit the game executable as sample here: https://www.f-secure.com/en/business/support-and-downloads/submit-a-sample and descibe the problem with DeepGuard.

    Ville

    (F-Secure R&D)

    Ville

    F-Secure R&D, Desktop products

Answers

  • FSafe_UserDW
    FSafe_UserDW Posts: 16 Enthusiast

    Mike --

    I'm just another SAFE user, so I'm not sure if detailed logs exist (or if they do, if they are in a user-readable form). Hopefully someone else can give definitive answer. I've had similar issues in the past trying to figure out exactly what file(s) or website URLs F-Secure was blocking.

    Sometimes (but not always) I find answer under Viruses & Threats --> View Quarantine, or by Right-clicking the F-Secure SAFE icon , then "View Recent Events" --> Show All Events.

    For now, have you tried running F-Secure in "Gaming" mode? And if so does that let you play Steam games withOUT disabling DeepGuard? This has worked for me on at least some games.

    To use Gaming Mode: On taskbar, Right mouse click F-Secure icon, then select "Gaming Mode."

    Hope you get definitive solution soon.

    PS: Some other users with Steam issues commented here in the past: https://community.f-secure.com/en/discussion/117436/f-secure-seems-to-be-blocking-a-game

  • Mike2001
    Mike2001 Posts: 9 Explorer

    Thank you both for answering.

    Game Mode... that's an idea I didn't consider. I rarely have issues like this one, so I never remember that game mode is an option. I will have to try that in future!

    Regarding an exploit or cheat engine, that's a good suggestion. Some games utilise Denuvo anti-cheat or similar, which would operate as you say. I checked the details for this game (Warhammer 40k Battlesector demo), but it doesn't say anything about such a system. I guess I'll chalk this one down simply to "one of those things".


    Thanks,

    Mike

This discussion has been closed.
Feedback on New Design