eamsi.dll blocked from Videogame Counterstrike Global Offensive

[Volcano 0]

Hello

 

Im using eset for years now. always happy with it. But now i, and i think everyone that uses eset smart security, has a problem with the game

Counterstrike Global Offensive

 

The game blocks ESET\ESET Security\x86\eamsi.dll
GXS:;TFL:59000000;TFC:5E000000;PVC:F8754000409E3F0068254200B04D4100

 

dont really know why but it does. I know that this is not dangerous in any was but there is a new anti cheat mode in this game and you as a company/developer have to digitally sign this blocked dlls with valve.

 

Is there any information about that??

 

THank you

[Marcos 5,074]

Eamsi.dll is loaded into browser processes as far as I can see. I assume it has no effect on games.

[itman 1,659]

1 hour ago, Volcano said:

I know that this is not dangerous in any was but there is a new anti cheat mode in this game and you as a company/developer have to digitally sign this blocked dlls with valve.

I assume the game is flagging eamsi.dll for the same reason the Win 10 OS is:

My Win Code Integrity Event log is full of these events. Time Eset finally resolved this issue that has existed for some time.

-EDIT- Believe the issue is the .dll is signed with a Symantec code signing cert.. And no one trusts Symantec certs. anymore. It is also signed with a Microsoft code signing cert. but that doesn't appear to be sufficient anymore.

Edited July 11, 2020 by itman

[Volcano 0]

2 hours ago, Marcos said:

Eamsi.dll is loaded into browser processes as far as I can see. I assume it has no effect on games.

well actually it has an effect as you can see in the error report of the game.

maybe it has something to do that the game has also a brwoser ingame that you can open.

Dont know for what this dll is really good for but it has an effect on the game so it is blocking it

[itman 1,659]

39 minutes ago, Volcano said:

Dont know for what this dll is really good

Its use from a security viewpoint is critical.

It allows AV vendors at a minimum to scan packed. encrypted, and obfuscated scripts after they load into memory and unpack, decrypt, and un-obfuscate; but prior to execution; i.e in memory sandboxing.  

Edited July 11, 2020 by itman

[itman 1,659]

Also the problem here appears to be not Eset's eamsi.dll, but CSO's new "Trusted mode" feature that is also causing issues with other running software: https://www.pcgamer.com/csgos-trusted-mode-anticheat-system-is-live-but-its-causing-problems/

Believe this is something that needs to be reported to CSO's developers. Security software mechanisms that worked prior to Trusted mode implementation should also be allowed in this new mode.

Also of note:

Quote

It is up to the software's developer to ensure their files are "digitally signed with an "Authenticode signature" in order to comply with the new system, and even then, Valve says it maintains the right to block any signed code that "interferes with the game in any way".

https://blog.counter-strike.net/index.php/2020/06/30683/

It also appears that Symantec does offer Authenticode signed certificates: https://urlssl.net/symantec-code-signing-certificate.html . Therefore the issue is not with Symantec certs. per se.

-EDIT- Believe this is the issue with CSO. Eset's cert. for eamsi.dll is not an EV cert.. However, Eset also countersigned eamsi.dll with it's Microsoft issued driver cert. which is an EV cert.. This appears to satisfy most apps requirement for an Authenticode signed certificate, but not for CSO it appears. This is also why Code Integrity errors are being thrown by some apps.

Edited July 11, 2020 by itman