search

winsiderss / systeminformer

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com
https://systeminformer.sourceforge.io
MIT License
10.52k stars 1.36k forks source link

Issue with newly implemented EA Anti Cheat Service Error code 117 #1874

Open fansteven7 opened 8 months ago

fansteven7 commented 8 months ago

Brief description of your issue

Hi, I know this is like an age old issue/question. And this has nothing to do with this amazing project, being perceived as cheating tools is a joke.

Been trying to play the game, Battlefield 2042, saw the update of Season 6. Had no issue with the game or the anti cheat service before this very season while having System Informer installed. So my guess is that the newly implemented EA Anti Cheat Service has something to do with it.

I've tried verifying game files, reinstalling, closing every software including MSI Afterburner, System Informer, even Nvidia's Geforce Experience. Still getting the Error code 117, which is as I quote from the prompt: "EA anticheat has detected an unacceptable configuration. Please ensure no cheat-related or tampering software is active and restart the game." And from the official Q&A section, it wrote: "EA anticheat will shut down the game and our services if you use cheat tools. Turning off or uninstalling conflicting software can help you get back in the game."

So... after I finally decided to uninstall System Informer, the game boot up just fine. No disconnection, no error prompt messages, things back to where it was.

I was wondering if there's any way to hide or at least making System Informer undetectable from the Anti Cheat service, or is it because that there are still codes or hash of former Process Hacker still remains in it? So it got picked up by the anti cheat service?

Steps to reproduce (optional)

1) Boot up EA Destop App or Steam 2) Boot up games which has the newly implemented EA Anti Cheat Service 3) After the splash screen, the error prompt would show up, Error code 117: "EA anticheat has detected an unacceptable configuration. Please ensure no cheat-related or tampering software is active and restart the game." 4) Game got disconnected, unable to join or play any match

Expected behavior (optional)

No response

Actual behavior (optional)

No response

Environment (optional)

System Informer Nightly Build - v3.0.7270
Windows 10 Pro - Build 22H2(19045.3570)
Masamune3210 commented 8 months ago

Do you have SI's kernel driver enabled?

fansteven7 commented 8 months ago

@Masamune3210 Yeah, I'm having the kernel-mode driver on, and also IP, DNS resolve, plus digital signature check. Just something to check and see should there be any suspicious activities, services, exe running in the background.

However, the game is still able to detect System Informer even when it's completely closed. Would the kernel-mode driver still be running in the background when the whole program is closed?

Masamune3210 commented 8 months ago

Probably. If I'm not mistaken, most kernel drivers don't ever completely unload.

fade2gray commented 8 months ago

Just an FYI.

If you have 'Fast Startup' enabled in power options, selecting Shutdown from the power menu will perform a 'Hybrid Shutdown' causing kernel-mode drivers to be stored in memory for next boot and preventing them from being fully removed - this is why SI is still being detected.

So, when uninstalling the anti-cheat, to prevent the kernel-mode driver being kept in memory, use Restart instead of Shutdown/Reboot - if you disable 'Fast Startup', this shouldn't be an issue.

Edit: Apparently, Windows can sometimes re-enable Fast Startup without informing you.

fansteven7 commented 8 months ago

@fade2gray Thanks for the reminder. I'm aware of that long ago(cold & warm reboot as I'd call it), and had that feature off for quite some time(via registry, more reliable that way). Since I'm having a M2 SSD for booting up OS, which would run faster than having it on.

As of now, in order to keep System Informer on my gear and being able to run the game. A temporary fix so to speak. I'll switch that Kernel mode driver off then reboot to play the game, turn it back up when I'm done. Just realize that without the kernel mode driver, you wouldn't have control over some programs or games, like setting up different level of priorities, I/O. Kinda annoying, but it'll have to suffice for the time being.

Again, none of this is the fault of System Informer. I'd blame EA for that, screwing its player over and still fail to prevent or punish real cheaters/hackers. Guess this might also having something to do with the issue of high CPU usage(90%) while having the game running.