Adding Processes With Non-Standardized Extensions To Process Exceptions / Black Desert Online

RPG Hacker

Hi there,

I am currently playing the MMO "Black Desert Online", which was released just some time ago, on my home PC. The game uses XIGNCODE3 as a system for cheat protection. Presumably, it scans the game process to check if it is currently being accessed by any other process. If it is, it makes the game immediately shut down. Unfortunately, this has caused the game to always shut down just a few seconds after being started on my system, even though I wasn't running any unauthorized tool. As I have quickly figured out, though, this is actually caused by Bitdefender. Disabling Active Threat Control in Bitdefender actually makes the game work without crashing.

Knowing this, I started looking for ways to add the game as an exception to Active Threat Control, since always disabling Active Threat Control isn't a long-term solution, of course. This is where it gets tricky. I added the game executable itself (called bdo.exe or something like that, I think) to the process exceptions of Active Threat Control, but this didn't work and the game still crashed. I opened Windows Task Manager and checked the Processes tab to see if any other suspicious looking process was running at the same time as the game and found one called "xm0.xem" or something like that. I looked in the game's folder and indeed found the file. I tried adding it to the process exceptions of Active Thread Control, but unfortunately this didn't work because Active Thread Control refuses to add any files without an EXE extension to the process exceptions.

At this point, I'm kinda helpless since apparently there is nothing I can do myself to make Bitdefender not crash the game (aside from disabling Active Threat Control completely). So this is where, I suppose, I need help from the Bitdefender team to get this problem solved. Here are a few possible solutions that come to my mind:

a ) Make it possible to add non-EXE files to the process exceptions of Bitdefender. I don't really understand why this is impossible in the first place. Are there any security reasons for this?

b ) Somehow add Black Desert Online to Bitdefender's whitelist to make it play nicely with Bitdefender, even with the cheat protection system in place. Don't know if this is possible, but it seems like the best solution.

I hope you can provide help for this problem.

Regards

jheard901

Hello,

I believe the game shuts down due to the Daum's anti-cheat software detecting Bitdefender as a false-positive attempt at breaching security. Specifically, Black Desert's anti-cheat software reads the Active Threat Control (ATC) process as a false-positive, because it monitors the actions of all active processes running on a computer which causes the game to disconnect the client (you) from the server since the anti-cheat software probably thinks the ATC is trying to modify data/values in the process to send to the server. Essentially, you could say the XIGNCODE3 works like an anti-virus which is why there is conflict between it and Bitdefender's ATC, and probably other AV software that hasn't been mentioned.

I tested this out by launching the game and attempting to join a server while Active Threat Control was on; seconds after I chose a character and clicked connect to server, the game crashed and displayed this error: http://imgur.com/1FsLvUt . Also, I did another test in connecting to the server with ATC off which allowed me to connect without the game crashing, and then moments later I turned ATC back on and the game continued running without any crash errors (only tested it for < 5 minutes so not sure on the longevity of it). I would of expected it to crash again since I started the ATC back up but that was not the case; it is possible the game only checks when clients attempt to connect to the server. So you could launch the game, login to it with ATC disabled, then enable ATC again after you are logged in to the game. Tedious, but it seems the issue lies with the way that Daum's anti-cheat software works. From a software engineering perspective, I would think there is nothing they can really do about it if their anti-cheat software was designed at its core to terminate the client's connection to the server when detecting any kind of generic process that attempts to read/write to their game's process - in this case ATC reads. They would need to change it to add an exception specifically for allowing specific processes to read/write - and who knows how much money that would cost them, opposed to the foregoing solution of just suggesting players disable their AV temporarily for the duration of playing the game.

Hope this information was helpful.

I found information on how Active Threat Control works here: http://www.slideshare.net/JoseLopez253/bitdefender-solution-paper-active-threat-control-56749984 . Page 5 provides the quick facts for it.