Steam bypasses network lock

[Weasel 16]

Had AIRVPN running yesterday with network lock enabled, the only thing allowed through being VPN.  Started Steam in offline mode and got the message "Allow Steam through firewall" which I denied.  I then checked my firewall and sure enough eventhough Steam was denied and network lock was enabled Steam still had access to the internet.  This makes me worried, what else is doing as it pleases since the AIRVPN network lock does not seem to work 100%.

 

In this picture you can see Steam has access eventhough the lock is activated and access was denied.

 

 

[zhang888 1066]

First, it might be that you allowed it before and it was just a residue of your previous configuration.

Second, Network Lock is designed to do exactly as the name suggests, block Network Access to userspace

apps that are bound to the Windows Firewall rules.

If you run another program as a super-user (Administrator), which bypasses the Windows Firewall rules

and acting as and can generally be classified as malware - Network Lock cannot be effective in this case.

That "allow" screen is just a courtesy - if a program is granted Administrator permissions or if you allowed it's

elevation with UAC - it can add those "allow" rules with dozens of documented and less-documented techniques.

Network Lock is not a solution against malicious apps that subvert or disable the Windows Firewall.

[Weasel 16]

Thanks for the quick response.  So to reply: Steam has never been given permission before so that is not the cause.  Also Steam is not malware it is a host server for software as you most likely know.  However, as  you say maybe it is grabbing my admin and bypassing it, I will check the firewall rules and make sure it doesn't run as admin.  This is the only program that I know of that has done this, Utorrent asks but I refuse it; it shows in the firewall but without permission to access the net.

 

***Ok, so I checked and Steam is not set to run as admin, therefore it is a normal program.  I went into the firewall rules for the program and set it to only be allowed to connect through my normal IP address range.  I then enabled the lock and started Steam and once again it had full access.  So how, in laymen terms, do I stop it from making it's own rules for accessing through the VPN?***

[zhang888 1066]

The only way for it to be persistent is either when it was already installed as Admin and has an elevated process

in the system already, or when it has a driver on your system that is in charge of low-level permission handling.

 

Any search for "Steam+Windows+Firewall" lead to frustrated users with a similar issue to yours,

http://steamcommunity.com/discussions/forum/1/616187839424967229/

http://forums.anandtech.com/showthread.php?t=2396021

 

The choice of keeping persistent malware on your system is totally yours.

Other programs, however, will still be required to be bound to the Windows permission set, unless you choose

to install them as Administrator or elevate their privileges for any reason.

Once you do, that program will be able to modify your system as it wishes, and the ability of Network Lock

to help you will be very limited if that program decides to tamper with the Windows Firewall.

Such system should be treated as compromised/infected, and unfortunately cannot be covered by the VPN client.

[Guest]

Btw I'd like to empathize something, although the steam client is allowed in the firewall it's only in inbound rules with no IPs specifically specified the outbound rules which is what you are sending still only has the network lock IPs which means that the steam client can get through to you in the firewall but it can't receive traffic from you which generally means your IP wouldn't leak to Steam.

[Weasel 16]

Thanks for the responses.  I see why you call it malware, and I agree now.  I went into advanced firewall settings, limited steam to only being allowed to connect when I am connected to private network (my normal non-vpn), then enabled vpn lock and it still connected, the bugger.  Unfortunetly if I get rid of steam I get rid of the games I bought that only run via steam.  I will keep looking, but thanks once again.

 

However: I went into advanced firewall, set Utorrent to only be allowed to connect via public network (vpn) and sure enough if I disconnect from vpn my connection to utorrent drops, which is what I want.  At least that works.

 

****just FYI, I am going to try Comodo firewall****

[win8 7]

I think what you need to do is "block all" on public, "allow all" only on work =VPN" connections (https://support.purevpn.com/windows7-firewall)... It may also be that steam runs as a service, in that case it probably has elevated rights and executes them. GPO policies may have also been changed or addded during install. Delete all steam related fw rules (or disable them) and see how it works or not.... Investigate further. Use Wireshark, if indeed data leaves your network card in your current setup.

 

I know many things to do - sorry, i dont use steam - hence i can only give suggestions, what seems to be common Windows problem (tightening traffic).

[LZ1 672]

Hello !

​

​I don't know if it would help, but have you considered re-installing Steam? Maybe then you can see if it's possible to start fresh, settings wise.

​Games can be backed up easily, once you find their respective save locations.

[Weasel 16]

Interesting thing about this program (Steam).  Sure enough this program wants to run with FULL CONTROL which really sucks so I dug into the registry and took away full control from Steam and gave it only to myself as admin, the result?, Steam would no longer work and threw an error "Steam needs FULL CONTROL".  Total BS and true Malware, I am just sorry that my three games will only run with Steam connected and I can't run them from the HD.

 

Hopefully it is as previously stated, although I am connected they don't know my real IP but I can't understand that as I am connected so they would have my user, no?