Skip to main content
Just testing a screen grabber protection of the ID protect with the only screen grabber software that I have which is PunkBuster.

So I add my game tot he ID Protect under protect.  I add every .dll and every punkbuster file to the Deny portion (long list).

I run the game on my server and I attempt to perform a screen grab via my server admin command.  The server executes the screen grab command on the client machine (the webroot protected machine) and the punkbuster easily grabs the screen image without any peep from webroot.

 

I understand that punkbuster is not the regular "trojan" screen grabber.  However, it's the only screen grabber that I have and the only one I can test against.  The question is:  What if someone steals the PunkBuster .dll and methods to create a screen capture trojan?  How can webroot protect against that if it cant' prevent punkbuster screen grabs?
I use punkbuster myself but doesnt it run as a plugin from within the game (Bf3 etc) and not run as a standalone program? 
Don't know the total details but i know it spreads itself to System32 folder, the user/local/ folder, the game folder etc.

I added all the PB files, PB dll's and everything PB related to DENY and the game (also tested BF2, BF3 executable) under protected.

It made BF3 act crazy when "protected" it interfered with the keypresses, sometimes the key presses didn't work etc.  But the screen capture via PB was still possible.
I whitelisted a load a punkbuster stuff last week as well as all BF3/BF4 files I could find. Since the process is known good in our database that may explain why it was allowing screens. Although normally a local determination will override the cloud database. However I cant be sure without testing, I will give it a shot on my home PC later. 
Hello,

 

Sorry for the delay I would like you to check one setting in the the application protection. Can you set both BF3 and Punkbuster to protect and see if you can still grab screenshots? And then do the same for both set to Deny and see if there is any difference?

Reply