Hi All,
Been a little busy lately taking care of other items of interest.....................
..
@Vulcan, FYI the Anti-virus Removal Tool I mentioned earlier has "all" of the dedicated manufacturer tools included. They can be started either from the dropdown menu or from the Tools\<brand> folder. Apart from that it does a scan so you know which tools to choose. Further, a new scan will also tell if there's any leftover after using the removal tools.
I have done this....the included Webroot uninstaller did wipe all leftover traces of WebRoot directories but also as Bizman has stated it didn't touch the registry at all......and am still seeing AHIII being blocked (inbound traffic from the AHIII servers to my box only). All AHIII outbound traffic goes thru as it should (traffic from my box to the AHIII servers & have verified all this thru running Command Prompt). I had tested Webroot before I deleted it to see if it would block AHIII if it wasn't set up to allow it to pass thru & it would (outbound traffic...verified thru Command Prompt) so I kinda don't think that the Webroot AV was the culprit here......I can be wrong but from all that I have tested\checked to date prior it doesn't point to Webroot.
TC,
#1--Yes using the default firewall settings as set up by Centurylink (using 1 of their ADSL modem\Gbit LAN routers since I can't get these locally anymore) & haven't had any issues from it outside of overheating it once due to cooling air access restriction.....rectified & operating fine since.
#2--Yes...the Windows 10 Security suite includes Windows Defender so it's all 1 complete fully native AV suite package now
#3--Yes I did. When I installed Webroot SecureAnywhere it sets itself up in tandem w\ WSF so they were intergrated....Webroot handled all outbound traffic itself (remember WSF sets outbound traffic to allow all) while monitoring the inbound traffic (WSF sets inbound traffic to block all & only allows any inbound traffic if there exists a rule in Inbound Rules that allows individual processes to pass thru) thru the WSF. In this config Windows Defender resorts to the usual malware detection routines. Now w\ Webroot removed Windows Defender is now doing malware AND AV detection\quarantining\removal as well.
Yes w\ both Webroot removed & Windows Security disabled (working w\ Hitech personally) AHIII was still getting blocked from the AHIII servers to my box. Hitech then had me to go thru my web browser (MS Edge), connect to his servers that download the game patches and the terrains\arenas to download the very same stuff that the game client is requesting (thus removing the game client as the front man & using MS Edge web browser as the front man) to the game client then the game will start up & run just fine & the game will then patch up & run just fine. MS Edge is a web browser that will usually traffic thru the default HTTP TCP port 80.
Since Hitech knows that his servers are set up to use the default HTTP TCP port 80 to send any data from them to the game client then he (thus now me) knew that this port is somehow being blocked on my end. All outbound traffic from my box to AHIII servers is going thru over different ports (would need to so that his servers can support all the players outbound traffic to them).
I've checked all (AHIII is set up in the WSF inbound rules to be allowed passage & I have tested WSF to see if it would intercept AHIII if it wasn't set up.....it did so the inbound firewall shows to be working) so from this my issue either has to 1. be Windows OS itself blocking the TCP port 80 access to AHIII specifically for some reason or 2. be Windows OS has become infected w\ a virus\trojan--ransomware--that got thru both Webroot & Windows Security and has attached itself to AHIII & blocking TCP port 80 access to AHIII specifically holding the client ransom. I can't see any AV software doing that to a known, archived program. Also can't see this happening from my router's end (have also checked my router's logs....no instances of any traffic being blocked or stopped across any ports, much less TCP port 80) or my NIC (have checked here as well...couldn't find anything out of sorts & have updated the NIC drivers to the latest drivers to use their default settings....all works just fine).
All other processes that generate outbound\inbound IP traffic thru WS operate just fine.....only AHIII is blocked & only AHIII inbound traffic is being blocked--not AHIII outbound traffic..........
While checking the active connections thru Command Prompt after trying to run AHIII I kept seeing a consistent IP outbound just after I start up AHIII from my box's IP address establishing to an unknown IP network later identified as ntwk.MSN.net which is the same network that hosts Win 10 telemetry.....later when I remembered what WHOIS Lookup was for I then ran these IP addresses that the -f command in CP couldn't identify thru WHOIS & found that they are registered to MS Azure....their cloud services. I don't use MS Azure for anything (used when a Microsoft account is created\setup & I haven't created 1 on my box) so this is weird unless some part of Windows Security accesses\operates thru Azure....thus was suspecting some rogue behavior of Win 10 involving MS Azure.....I found there was a Windows Update that came out after my issue had occurred that addressed some found security concerns within Win 10 but after running it it didn't resolve this either.
I also found several rule entries in the WSF outbound\inbound rules that were tied to my box's computer name (TEAM RED) for allowing passage that I didn't make so this also points to either Win 10 going rogue or some virus\trojan infection. I removed all of them, reset the WSF firewall then tried AHIII w\o success so this didn't clear the blockage either (but indicates the existence of some malign process within the OS).
I also have reset\reinstalled Win 10 2 times to date on my box....1st time I still had Webroot installed & active, 2nd time I had deleted Webroot & had ran the Webroot uninstaller within the Antivirus Tool prior running it. Both times the issue w\ AHIII still persisted after the reinstall thus indicating that the reinstall won't touch this issue as long as it is setup to keep files & programs intact during the reinstall so the problem is located strictly within the OS proper on the C:\ drive thus also indicating that this issue is either 1. a rogue Windows OS issue created by a rogue Windows update specifically attacking AHIII client only or 2. a virus\trojan infection acting as ransomware that has hijacked AHIII client only.....from my perspective.
In the video I posted in this thread you can clearly see the dialog that shows up right after clicking to start up AHIII is a registered Windows 10 graphic stating that I needed to check w\ the publisher of the software being blocked for an updated version thus is indicating that the Win 10 OS is the 1 doing the blocking.....why it's doing this is the question.....to software that has been installed\operating on it just fine for quite some time prior to this.
I have always known that a drive format then OS fresh install\program reload would have rectified the issue initially (will also "clean out" the registry as it will be in virgin state), was for once trying to track down, find the source & resolve it w\o going thru the hassle of a full blown clean install since I have the time to devote to doing the legwork but it's looking more likely that I'm going to have to wipe her out & reinstall all fresh to stop all this foolery around AHIII.........
I haven't started this yet as I have been busy doing other things but will get around to this at some point.
PS--I also have a tendency to type a lot of text as well so I have to pay attention to not blow myself up, too.
