Post your problems, whether they be PC related or other tech woes

Limiting/Blocking Origin's Access To Your Computer

PostRe: Limiting EA's Origin Access To Your Computer by headsup

apfelsator: linked an openpipepath to every ati folder in program files, program files (x86) and programdata...didnt work (or is there any other specific graphics driver folder?). now i had the weird thing that origin didnt open firefox when i klicked on "play bf3"...dont know why, it opened automaticly within the sandbox before. so i opened firefox manually in the sandbox but playing the game didnt work...it just initialized forever and nothing happened as i klicked on "launch campaign". THEN i tried to open firefox over origin again and the same bluescreen occured....

jasper: the bluescreen occured during this "initializing" process in the bottom left corner of battlelog. so the game didnt even start...and theres no specific error message...a lot of 0000000's and smth like expected dunnow shit...couldnt write it down as the system rebooted.

*edit*

the bluescreen now occurs every time i want to start firefox (battlelog) via origin by klicking on "play bf3". the bluescreen mentions the sbiedrv.sys...found this one in the sandboxie folder.

*edit end*

my complete ini is as follows (removed ati and ea related stuff from programdata):

[Origin]

Enabled=y
ConfigLevel=7
AutoRecover=y
Template=BlockPorts
Template=LingerPrograms
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
DropAdminRights=y
ClosedFilePath=C:\ProgramData\Apple
ClosedFilePath=C:\ProgramData\AMD
ClosedFilePath=C:\ProgramData\Adobe
ClosedFilePath=C:\ProgramData\AppleComputer
ClosedFilePath=C:\ProgramData\Avira
ClosedFilePath=C:\ProgramData\Blizzard Entertainment
ClosedFilePath=C:\ProgramData\Codemasters
ClosedFilePath=C:\ProgramData\Creative
ClosedFilePath=C:\ProgramData\DiVX
ClosedFilePath=C:\ProgramData\Google
ClosedFilePath=C:\ProgramData\ICQ
ClosedFilePath=C:\ProgramData\Canneverbe Limited
ClosedFilePath=C:\ProgramData\DAEMON Tools Lite
ClosedFilePath=C:\ProgramData\Installations
ClosedFilePath=C:\ProgramData\Lavasoft
ClosedFilePath=C:\ProgramData\McAfee
ClosedFilePath=C:\ProgramData\Microsoft
ClosedFilePath=C:\ProgramData\Nero
ClosedFilePath=C:\ProgramData\Norton
ClosedFilePath=C:\ProgramData\NortonInstaller
ClosedFilePath=C:\ProgramData\NVIDIA
ClosedFilePath=C:\ProgramData\Skype
ClosedFilePath=C:\ProgramData\Solidshield
ClosedFilePath=C:\ProgramData\Sony Corporation
ClosedFilePath=C:\ProgramData\Spybot - Search & Destroy
ClosedFilePath=C:\ProgramData\Sun
ClosedFilePath=C:\ProgramData\Symantec
ClosedFilePath=C:\ProgramData\Trymedia
ClosedFilePath=C:\ProgramData\Temp
ClosedFilePath=C:\ProgramData\Trackmania
OpenPipePath=C:\
OpenPipePath=C:\Users\blah\Documents\Battlefield 3
OpenPipePath=C:\Programme (x86)\Origin
OpenPipePath=C:\Programme (x86)\Origin Games
OpenPipePath=C:\Programme (x86)\Battlelog Web Plugins
OpenPipePath=C:\Users\blah\AppData\Local\Origin
OpenPipePath=C:\Users\blah\AppData\Roaming\Origin
OpenPipePath=C:\Programme (x86)\Mozilla Firefox
OpenPipePath=C:\Programme\ATI Technologies
OpenPipePath=C:\Programme (x86)\ATI Technologies
OpenPipePath=C:\Programme\ATI
Last edited by headsup on Thu Nov 03, 2011 11:19 pm, edited 1 time in total.
User avatar
headsup
 
6 years of membership6 years of membership6 years of membership6 years of membership6 years of membership6 years of membership
User Details: Show details
National Flag:
Germany
» Thu Nov 03, 2011 11:11 pm «Top

PostRe: Limiting EA's Origin Access To Your Computer by Jasperman

DropAdminRights=y <<< remove
Signed
Jasperman


TBC Facebook Page
TBC Steam Group
Join DropBox

Raging Goblin wrote:He raged at the world,
at his family,
at his life.
But mostly he just raged
User avatar
Jasperman
Founder
 
7 years of membership7 years of membership7 years of membership7 years of membership7 years of membership7 years of membership7 years of membership
User Details: Show details
National Flag:
Ireland
» Thu Nov 03, 2011 11:13 pm «Top

PostRe: Limiting EA's Origin Access To Your Computer by headsup

it opened firefox now, but without internet access (wtf?)...tried to open firefox manually within sandbox...initialized forever again....after this tried to open it over origin -> same bluescreen again (SBieDrv.sys)

maybe the sandboxie sys file isnt compatible with win7 64 bit?!
User avatar
headsup
 
6 years of membership6 years of membership6 years of membership6 years of membership6 years of membership6 years of membership
User Details: Show details
National Flag:
Germany
» Thu Nov 03, 2011 11:30 pm «Top

PostRe: Limiting EA's Origin Access To Your Computer by Jasperman

headsup wrote:it opened firefox now, but without internet access (wtf?)...tried to open firefox manually within sandbox...initialized forever again....after this tried to open it over origin -> same bluescreen again (SBieDrv.sys)

maybe the sandboxie sys file isnt compatible with win7 64 bit?!



im using windows 7 64 bit, i think you might be denying internet access (i only had a quick glance hence the lack of detail reply) I can have a more proper look come saturday (PM me the ini otherwise ill forget)
Signed
Jasperman


TBC Facebook Page
TBC Steam Group
Join DropBox

Raging Goblin wrote:He raged at the world,
at his family,
at his life.
But mostly he just raged
User avatar
Jasperman
Founder
 
7 years of membership7 years of membership7 years of membership7 years of membership7 years of membership7 years of membership7 years of membership
User Details: Show details
National Flag:
Ireland
» Fri Nov 04, 2011 1:06 am «Top

PostRe: Limiting EA's Origin Access To Your Computer by Apfelsator

Jasperman wrote:im using windows 7 64 bit, i think you might be denying internet access (i only had a quick glance hence the lack of detail reply) I can have a more proper look come saturday (PM me the ini otherwise ill forget)


Me too, and it works?
But i recognized that it only works when i start ProcessMonitor BEFORE i start the initializing progress vie Battlelog(i always start the game via the Battlelog) and then CLOSE it before i go to the game?!
When i don't do this, i get a similar problem like headsup, no bluescreen but it doesen't starts the game.
Thats weird? :?
I just recognized it now because on the beginning i wanted to know what Origins does and if the Sandbox is working correctly.

@Jasperman
I have the DropAdminRights line in my .ini and it works so far(besides this "little" error i mentioned).
(K)
all rights twisted

Founder and selfnamed Pope of the Populäre Diskordische Folksvront PDF
Keeper of the Secret from the Thing with the blue Oranges and the pink Elephants
Member of the Plenary Meeting of the Zentralkomitee einiger Diskordier ZED
User avatar
Apfelsator
 
6 years of membership6 years of membership6 years of membership6 years of membership6 years of membership6 years of membership
User Details: Show details
» Fri Nov 04, 2011 3:52 pm «Top

PostRe: Limiting EA's Origin Access To Your Computer by Jasperman

First Posted Updated Temporarily. Major update will be coming soon which I hope will give more control over what Origin will access. Need to do a few experiments on my main pc beforehand
Signed
Jasperman


TBC Facebook Page
TBC Steam Group
Join DropBox

Raging Goblin wrote:He raged at the world,
at his family,
at his life.
But mostly he just raged
User avatar
Jasperman
Founder
 
7 years of membership7 years of membership7 years of membership7 years of membership7 years of membership7 years of membership7 years of membership
User Details: Show details
National Flag:
Ireland
» Sun Nov 06, 2011 2:04 am «Top

PostRe: Limiting/Blocking Origin's Access To Your Computer by Zurechial

Hey Jasperman and others, thanks for all of the useful information that helps us paranoiacs play the game while keeping Origin's nose out of everything else. :)
I registered to post some information of my own that I hope might be helpful for some people.

Using the basic advice that first came out when people suggested using Sandboxie with Origin I forged ahead and got it working for myself a few days ago and I developed some tips to help out.

Firstly, I've noticed that most people are finding that they have to Sandbox their browser (and the Battlelog plugins) to get them to communicate with Origin, Battlelog and BF3 (instead of just getting stuck on "Joining server...").
This creates the problem of not being able to see pings in the Battlelog server browser due to Sandboxie interfering in some way with however Battlelog pings the servers for latency.

The reason for people finding that they have to sandbox their browser + plugins ordinarily is that when you click to join a server in Battlelog what it's actually doing is telling your computer to access an Origin URL which points to BF3 and the IP&Port of the server you're joining.
It's in the format of something roughly like this:
Code: Select all
origin://LaunchGame/[DETAILS TO LAUNCH BF3 + SERVER INFORMATION]


If you open Origin in your Sandbox you'll notice that it shows in Task Manager as Origin.exe - No surprises there.
If you try to join a server from an un-sandboxed browser with Origin already open in Sandboxie, you'll notice that it tries to start a new instance of Origin.exe (and you can see the origin URL in task manager if you enable the "Path" pane). This instance fails to start because of the other (sandboxed) instance already open; hence leading people to think that it's doing nothing.

The problem here is that your unsandboxed browser is trying to start an unsandboxed instance of Origin through the URL handler, and the unsandboxed Origin is stalling and doing nothing (which is arguably better than it successfully opening unsandboxed, even if it prevents the game from opening; since we can fix that!).

=====================

When Origin is installed it creates Registry entries to tell Windows how to handle "origin://" URLs. These entries are written to the following locations on my system:
Code: Select all
Computer\HKEY_CLASSES_ROOT\eadm\shell\open\command
Computer\HKEY_CLASSES_ROOT\ealink\shell\open\command
Computer\HKEY_CLASSES_ROOT\origin\shell\open\command


The above may vary from one machine to another, but searching for "\Origin\Origin.exe" in regedit should turn them up. The first two entries appear to be legacy entries to ensure that older EA Download Manager links are now passed to Origin instead.

The contents of these entries are strings containing the text:
Code: Select all
"H:\Origin\Origin.exe" "%1"

The absolute path to Origin will vary depending on where it has been installed. H:\Origin in my case.

=====================

Changing the text in those entries allows us to change how Windows responds to an origin:// URL.
The following command-line allows me to start Origin inside my Sandbox named Origin:
Code: Select all
"F:\Program Files\Sandboxie\Start.exe" /box:Origin "H:\Origin\Origin.exe"


Again, the absolute paths will depend on where Sandboxie and Origin are installed and on the name of the sandbox you set up to run Origin in.

Placing that line into the origin:// URL handler registry entries didn't seem to work for me (probably a syntactical issue due to the number of arguments or paths involved) so instead I changed the line to the following:
Code: Select all
"H:\Origin\SandboxShell.bat" "%1"


SandboxShell.bat is a Batch file I wrote which contains the following:
Code: Select all
"F:\Program Files\Sandboxie\Start.exe" /box:Origin "H:\Origin\Origin.exe" %1


Now what happens when I click to join a server in battlelog from an unsandboxed browser? It passes the origin URL to my batch file as an argument, which passes the URL to Origin as an argument (which is in turn being passed as an argument to Sandboxie!).

Ridiculous, I know - But it only took a couple of minutes to set up and now I can enjoy BF3 without having to deal with any of the downsides of Sandboxing (such as the lack of pings in Battlelog) nor the downsides of an unsandboxed Origin.
I can access Battlelog through my normal browser Window and it does the work of opening a Sandboxed instance of Origin, which in turn opens a sandboxed instance of BF3.

I haven't noticed any performance issues or problems from running BF3 inside a Sandbox whatsoever, so I haven't made any real attempt to get BF3.exe itself loading unsandboxed; and since it spawns seemingly as some sort of a child process of Origin.exe I don't see how it would be possible anyway.

=====================

Some other tips that could be useful in configuring your Sandbox to get everything working are as follows:

+ Instead of writing just ClosedFilePath= in your Sandbox configuration you can write ClosedFilePath=origin.exe, PATH where PATH is the file path you want to restrict.
What this does is to only restrict those paths to Origin, which leaves Battlefield 3 itself free to access whatever files it needs (such as the path to the settings directory in your user folder where it stores your game settings).
You may find this helpful if you have trouble in getting BF3 itself running under the Sandbox after Origin.

+ Putting the following inside your Sandbox configuration (right above or below the ClosedFilePath stuff) tells Sandboxie to allow programs running inside the Sandbox to communicate with programs running outside of it.
Code: Select all
OpenWinClass=*

The advantage of this is that it allows Origin (in the Sandbox) to communicate with your browser and battlelog plugins outside of the Sandbox.
Without this, I found that I had to kill Origin.exe if I left BF3 and later wanted to play again, or if I wanted to change server. The reason for this is that once Origin is running in the sandbox, calling an origin:// URL from Battlelog seems to be essentially the same as trying to send a message from your unsandboxed browser to your sandboxed Origin, which sandboxie would ordinarily not allow.

+ In the Sandbox settings under "Restrictions" you may find that you need to tick the following option to get Origin and BF3 working seamlessly inside the Sandbox:
Code: Select all
Low-level access:
+ Permit programs inside this sandbox to load application (Win32) hooks into other programs.

The game runs fine for me without this option ticked, so in general I'd recommend leaving it alone, but if you find that BF3 is crashing at startup this might solve it in case the crashes are being caused by BF3 trying to hook into Origin for verification - But that's just a guess on my part.

One final observation is that I found that Origin.exe could be killed once I was in-game and on a server. Other people reported crashes from ending Origin.exe while BF3 was running, but I suspect that having cloud storage and the Origin overlay enabled for BF3 may be the cause of that.
As far as I can tell BF3 doesn't rely on Origin at all except as a form of DRM and a pass-through for the initialization arguments and server details from Battlelog.

=====================

I could have just said "Screw it, Origin probably isn't doing anything that bad." but I'm geeky enough to spend the time figuring this out. :D
There may have been other, simpler ways around the ping issue such as changing some other Sandboxie settings or changing the location of the Battlelog plugins or something like that; but I failed to nail down just which process/application handled the pings sent to servers, nor could I see the expected list of ICMP requests when watching my connection; so I gave up on trying to figure that out and just worked on getting my browser unsandboxed instead.

Hopefully this is helpful for anyone else still eager to keep this thing Sandboxed and under control and apologies if some of the technical stuff is a bit heavy.
User avatar
Zurechial
 
6 years of membership6 years of membership6 years of membership6 years of membership6 years of membership6 years of membership
User Details: Show details
National Flag:
Ireland
» Tue Nov 08, 2011 11:03 pm «Top

PostRe: Limiting/Blocking Origin's Access To Your Computer by Jasperman

Super post Zurechial and even more Super your irish too :D
Signed
Jasperman


TBC Facebook Page
TBC Steam Group
Join DropBox

Raging Goblin wrote:He raged at the world,
at his family,
at his life.
But mostly he just raged
User avatar
Jasperman
Founder
 
7 years of membership7 years of membership7 years of membership7 years of membership7 years of membership7 years of membership7 years of membership
User Details: Show details
National Flag:
Ireland
» Tue Nov 08, 2011 11:28 pm «Top

PostRe: Limiting/Blocking Origin's Access To Your Computer by iceberg

Zurechial, I have read your post but I'm a little confused, what should I type to be able to see pings of servers while sandboxed
User avatar
iceberg
 
6 years of membership6 years of membership6 years of membership6 years of membership6 years of membership6 years of membership
User Details: Show details
» Thu Nov 17, 2011 12:32 am «Top

PostRe: Limiting/Blocking Origin's Access To Your Computer by sirKungen

Hi,

Great post, I just have a question that would really make it a lot easier for me if it works. (Havn't installed BF3 on my totally new bought PC though I have a copy on the table.)

What happens if I put:
ClosedFilePath=C:\
ClosedFilePath=(any other driver letters)

And "then" open what I want in "C:\" with for example(taken from above post):

OpenPipePath=C:\ProgramData\Origin
OpenPipePath=C:\Users\blah\Documents\Battlefield 3
OpenPipePath=C:\Programme (x86)\Origin
OpenPipePath=C:\Programme (x86)\Origin Games
OpenPipePath=C:\Programme (x86)\Battlelog Web Plugins
OpenPipePath=C:\Users\blah\AppData\Local\Origin
OpenPipePath=C:\Users\blah\AppData\Roaming\Origin
OpenPipePath=C:\Programme (x86)\Mozilla Firefox
OpenPipePath=C:\Programme\ATI Technologies
OpenPipePath=C:\Programme (x86)\ATI Technologies
OpenPipePath=C:\Programme\ATI

Wouldn't that mean I don't have to add lines when I create new folders (install new programs) cause they are all closed as default with:
ClosedFilePath=C:\

Trying to figure this one out so I only have to do one .ini file one time and then it works.
Thanks all, again great post.
User avatar
sirKungen
 
6 years of membership6 years of membership6 years of membership6 years of membership6 years of membership6 years of membership
User Details: Show details
National Flag:
Sweden
» Sat Nov 26, 2011 9:31 pm «Top