Avoiding Windows Security Alert

#1 Josh,

I believe there is a script function, setNetPort(), which enables the net ports.
If you are looking for a more complicated method to resolve this issue, i recall there are some new firewall api's exposed in XP SP2, which should allow you to unblock ports automagically.

#2 You can tell them how to add exceptions into their rules (scary) or see about automating exceptions as part of the installer process. I'm not sure where in the group policy editor that your exceptions would be, though.

#3 I believe its called UPNP or something along those lines. It can be disabled aswell.

#4 I don't know if binding the port to 127.0.0.1 will help in all cases or not (Pref::Net::BindAddress).

As for the windows firewall itself take a look at this url:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/cc69743b-6f9e-4dde-87ae-18c82c624003.mspx
If you dig around you will find reference to this command:

netsh firewall show state verbose=enable

After poking around with this command a bit this is probably want you want to add to the installer (probably optional step)

netsh firewall add allowedprogram program = "C:\Program Files\MyApp\MyApp.exe" name = MyApp mode = ENABLE scope = ALL profile = ALL

The third option is to write a fake networking layer for single player which doesn't touch sockets at all.

-Jerry

#5 Josh, i think you and the others in this thread are missing the point.

You should not bypass the firewall, even if it is technically possible. The firewall is there for a reason, and unless you are a hacker/virus writer you should try to "play nicely" with windows security.

That means for single-player that you should probably *NOT* be talking out to localhost. Especially because 127.0.0.1 can be modified to point outside if a hacker wanted it to.

The firewall is there for the benifit of the end-user. If an end-user doesnt know what to do when prompted by this, they should click that link "When should I unblock a program" and get educated.

Also, naming your app something other than "Demo" would help, as would signing your app. (dunno if you can do it free tho)

#6 Jason is absolutely correct here...to be a socially acceptable commercial product you don't really want to be sidestepping security software such as firewalls like that.

Jerry/Josh is also correct: As a single player game, it would be great to completely avoid this. My guess is that the firewall is smart enough to not cough on internally routed sockets, but that there is an external check being used that is what the firewall is actually warning on.

There was a thread just recently that discussed this exact topic by the way, but I cannot remember what the exact event was that was causing it. Had to do with some Microsoft verification check over the internet going on however in a feature that Torque uses...not the game itself heading out to the 'net.

#7 @Jerry: I'll look into that for the install script telling the user that it's doing it.

@Jason: The screenshot is from the Torque Game Engine Demo...

Quote:That means for single-player that you should probably *NOT* be talking out to localhost.

Yes, you're probably right. Torque does this and I don't have time to write a fake networking layer. I also use a bunch of other networking software. In single player, I really want to avoid the popup in a secure manner.

-Josh Ritter
Prairie Games

#8 If anyone is interested, here's the relevant OPTIONAL section to our NSIS:

;--------------------------------
; Configure Firewall

Section "Configure Windows Firewall" SecFirewall
ExecWait '"netsh" firewall add allowedprogram program = "$INSTDIR\bin\MinionsOfMirth.exe" name = MinionsOfMirth mode = ENABLE scope = ALL profile = ALL' [[62814f5f9981e]]
SectionEnd

#9 What about having a pop-up warn the player about firewall settings the first time a single player game is started? It will save you time, and the player some aggro. Isn't there an outbound connection for single player anyway, so you can chat with online players?