# gameux.dll trying to access secure MS IP address



## NdMk2o1o (Jun 14, 2011)

I have a shed lot of logs in comodo firewall that gameux.dll is trying to access IP 65.55.162.27 << looked up as an MS IP address , over port 443 (https) this is being blocked by comodo though in the firewall logs gameux.dll is trying port after port, seems to be in order aswell, basically this dll is trying to get to that secure MS IP address for some reason and is port scanning to get out......... 

I can't find much info on this dll though it appears to be an MS one and the behaviour of it is worrying, why is it scanning all available ports to access that IP? if this was anyone but MS this would be considered virus/spyware behaviour. It's possibly harmless but still. 

Anyone came across this?

Seems this dll corresponds to MS Games Explorer that was intro'd in Vista, doesn't explain why it is trying to send information to a secure MS IP address


----------



## Thatguy (Jun 14, 2011)

NdMk2o1o said:


> I have a shed lot of logs in comodo firewall that gameux.dll is trying to access IP 65.55.162.27 << looked up as an MS IP address , over port 443 (https) this is being blocked by comodo though in the firewall logs gameux.dll is trying port after port, seems to be in order aswell, basically this dll is trying to get to that secure MS IP address for some reason and is port scanning to get out.........
> 
> I can't find much info on this dll though it appears to be an MS one and the behaviour of it is worrying, why is it scanning all available ports to access that IP? if this was anyone but MS this would be considered virus/spyware behaviour. It's possibly harmless but still.
> 
> ...



Why does the disk indexing service send out notifications to the microsoft server in redmond ? 

news flash, microsoft knows all about what you do with your computer unless you defeat these spyware features.


----------



## Kreij (Jun 14, 2011)

My guess would be that it's trying to connect to information that the game explorer wants.
What that information is could be ratings or other info to display to you in the GE.
It probably was written to try different port in the event that a specific port was busy or became unavailable.
Since you are blocking it, it is probably trying all the ports it has in it's list of valid ports.


----------



## Thatguy (Jun 14, 2011)

Kreij said:


> My guess would be that it's trying to connect to information that the game explorer wants.
> What that information is could be ratings or other info to display to you in the GE.
> It probably was written to try different port in the event that a specific port was busy or became unavailable.
> Since you are blocking it, it is probably trying all the ports it has in it's list of valid ports.



Umm, no.


----------



## cheesy999 (Jun 14, 2011)

Thatguy said:


> Umm, no.



yes

game explorer connects to the internet for age ratings/ system requirements

you can turn it off by clicking the 'options' button above the game explorer


----------



## Thatguy (Jun 14, 2011)

cheesy999 said:


> yes
> 
> game explorer connects to the internet for age ratings/ system requirements
> 
> you can turn it off by clicking the 'options' button above the game explorer



when someone can explain why disk indexer sends volume reports and registry info to microsoft. I will be all ears.


----------



## MilkyWay (Jun 14, 2011)

NdMk2o1o said:


> I have a shed lot of logs in comodo firewall that gameux.dll is trying to access IP 65.55.162.27 << looked up as an MS IP address , over port 443 (https) this is being blocked by comodo though in the firewall logs gameux.dll is trying port after port, seems to be in order aswell, basically this dll is trying to get to that secure MS IP address for some reason and is port scanning to get out.........
> 
> I can't find much info on this dll though it appears to be an MS one and the behaviour of it is worrying, why is it scanning all available ports to access that IP? if this was anyone but MS this would be considered virus/spyware behaviour. It's possibly harmless but still.
> 
> ...



Microsoft updates, sometimes they add in information in the Game Explorer folder for the individual games; for example some of my games have little age ratings and some have no information. Its a long shot but either that or its hidden secret spyware.

EDIT: Okay lol seems like everyone else managed to post while i was typing, its like fastest to the finger in this forum.


----------



## ron732 (Jun 14, 2011)

cheesy999 you are correct. I was searching on MS Technet and found this: 

"I recently encontered this problem again, and have since gathered more data about the problem, and solution.

The problem indeed lies with the game explorer. It will start when you first start a game that is not in the game explorer, and has not been installed into it by the game's installer (which most games do now). The game explorer detects it and adds the game to the list. It then attempts to gather more information about the game (rating, box art, etc). However, if it is unable to, the DLL will block in an endless loop of retries to the server to gather this information each time a game from the list is being started. This results in the game seemingly not loading. This being unable to can be due to a firewall blocking the connection on your computer.

To solve this problem, I disabled my firewall. I immediately saw the boxart for all the games pop up, and the games in question subsequently loaded again."

You can read the thread here:

Starting Games

It seems that disabling the Games Explorer stops this behavior.

Personally I wouldn't disable my firewall.


----------



## cheesy999 (Jun 14, 2011)

Thatguy said:


> when someone can explain why disk indexer sends volume reports and registry info to microsoft. I will be all ears.



cause Microsoft want to know what files poeple have on their computer, besides, its not as if they can do anything by knowing what you named your word document


----------



## MilkyWay (Jun 14, 2011)

cheesy999 said:


> cause Microsoft want to know what files poeple have on their computer, besides, its not as if they can do anything by knowing what you named your word document



Legally if Microsoft found anything it wouldn't be able to act on it. If they where using spyware for non updating purposes its technically spying. I mean i doubt Microsoft would like me looking at there computer files.


----------



## Thatguy (Jun 14, 2011)

cheesy999 said:


> cause Microsoft want to know what files poeple have on their computer, besides, its not as if they can do anything by knowing what you named your word document



Its a privacy issue period.


----------



## Disparia (Jun 14, 2011)

Perhaps more people would be conviced if you could explain how Disk Indexing and Games Explorer are related?


----------



## Kreij (Jun 14, 2011)

Thatguy said:


> when someone can explain why disk indexer sends volume reports and registry info to microsoft. I will be all ears.



A link to this information or a packet dump of the data sent, please.


----------



## cheesy999 (Jun 14, 2011)

Kreij said:


> A link to this information or a packet dump of the data sent, please.



+1 to krejj, as a vista user where can i find this info

btw i think the comp needs a bump


----------



## FordGT90Concept (Jun 14, 2011)

cheesy999 said:


> yes
> 
> game explorer connects to the internet for age ratings/ system requirements
> 
> you can turn it off by clicking the 'options' button above the game explorer


This.  GameUX is Game Explorer (aka game browser in Vista/7).

I would verify though that gameux.dll is, in fact, made by Microsoft though and not some illicit spoof.  The genuine file should be C:\Windows\System32 and C:\Windows\SysWOW64 on 64-bit machines.  It is between 2.4 and 2.7 MiB, the versin number should be similar to the OS number (6.#.OS Build number), the copyright field should be Microsoft Corporation but doesn't have a year, and the product name should be Microsoft Windows Operating System.


----------



## NdMk2o1o (Jun 14, 2011)

I know what it is, i said that in my post, what I don't know is what data its collecting and the constant port scanning is behaviour of spyware, it could just be collecting data for updates etc. We shall see as I have now turned off all updates and asked it not to collect any data/art etc from the web about my games. So it has no reason now to want to gain access to that IP.


----------



## Kreij (Jun 14, 2011)

I agree, NdM, let us know if it keeps trying to connect even though you have it shut off.

I can't find any information that gameux or the indexer is doing anythin insidious.


----------



## Thatguy (Jun 15, 2011)

Kreij said:


> I agree, NdM, let us know if it keeps trying to connect even though you have it shut off.
> 
> I can't find any information that gameux or the indexer is doing anythin insidious.



Who said anything about insidious. Its just collecting registry and file system info and broadcasting it over the network. Who know what they do with it. I personally don't my personal information to be exsposed over the network. I also have no idea of what exactly is being broadcast becuase I don't have the ability to understand the output from the service.


----------



## ShiBDiB (Jun 15, 2011)

Thatguy said:


> Who said anything about insidious. Its just collecting registry and file system info and broadcasting it over the network. Who know what they do with it. I personally don't my personal information to be exsposed over the network. I also have no idea of what exactly is being broadcast becuase I don't have the ability to understand the output from the service.



Were still waiting for your proof... right now ur just being annoying


----------



## Miguel2013 (Jan 5, 2013)

@NdMk2o1o I also use comodo, even a packet dump won't reveal its content since is encrypted. I also had comodo alert me this file wanted to send data to that ip I only have this problem with Winning Eleven 8


----------



## W1zzard (Jan 5, 2013)

I've seen several games that send your gaming progress to the manufacturer's servers (using HTTPS port 443, too)


----------



## FordGT90Concept (Jan 6, 2013)

I'd say it's harmless.


----------



## OneMoar (Jan 6, 2013)

Nice threadnecro


----------

