Windows blocks downloaded help file

[Dave Gilbert]

I downloaded this and played around with it yesterday. One thing I noticed... the F1 help files seem to be missing? The table of contents are all there, but the actual information is all blank.

[Crimson Wizard]

I downloaded this and played around with it yesterday. One thing I noticed... the F1 help files seem to be missing? The table of contents are all there, but the actual information is all blank.

:/ This is becoming a common problem for people.
Solution is this: open help file (ags-help.chm) properties and click Unblock button, as shown on this example:

[Dave Gilbert]

It worked! Apologies if the question was asked before in this thread. In my defense, the thread is up to 14 pages. Maybe make an edit on the original post?

In any case, thanks! I'm starting a new project soon so I am eager to dig into this.

[Crimson Wizard]

It worked! Apologies if the question was asked before in this thread. In my defense, the thread is up to 14 pages. Maybe make an edit on the original post?

I am not sure it is related to this version. I suspect it is related to certain files distributed in ZIP archives.
We would need to see how will it work if AGS is installed by installer program.

[morganw]

I don't think that zip files support NTFS streams, but Internet Explorer will add the zone identifier to the file when downloading it. This is what blocks the content from being opened so it shouldn't be relevant to files coming from the installer.

[Dave Gilbert]

Huh. Now the problem seems to have reverted itself, and the solution doesn't seem to work anymore. I keep pressing the "unblock" button and then "apply" but the help files remain blank. Is there a step I'm missing?

edit: this is really preventing me from working on a game, because there are a lot of obsolete commands (ProcessClick being one) and I can't look up the replacements in the manual. And since this is the only version that will let me make a game in 640 x 360 resolution (to fit modern monitors), I'm kinda stuck. Any help appreciated!

[Eggie]

edit: this is really preventing me from working on a game, because there are a lot of obsolete commands (ProcessClick being one)

I know this one at least! It changed to Room.ProcessClick

Jeeez boy howdy did that one fuck me over for a day

EDIT: That post was from two days ago. probably ignore I was here

[Dave Gilbert]

I am still having the problem, so no worries!

Is there an online version of the new manual anywhere? I don't want to have to bug the forum every time I run into another obsolete command. Or is there another way I can download the file so my computer doesn't mark it as a "file from the internet"?

[Crimson Wizard]

No, we do not have updated manual yet, sorry.
But there is a long explanation post that mentions every change:
http://www.adventuregamestudio.co.uk/forums/index.php?topic=51050.0

Also, I am explaining these changes in detail here (not complete): http://www.adventuregamestudio.co.uk/forums/index.php?topic=52499.0

[Snarky]

Or is there another way I can download the file so my computer doesn't mark it as a "file from the internet"?

If this diagnosis is correct:

I don't think that zip files support NTFS streams, but Internet Explorer will add the zone identifier to the file when downloading it. This is what blocks the content from being opened so it shouldn't be relevant to files coming from the installer.

... that suggests that downloading with a different browser might perhaps avoid the problem.

[morganw]

There is a tool to remove alternate stream data, which should show if this is the problem or not.
https://technet.microsoft.com/en-us/sysinternals/bb897440

[Dave Gilbert]

There is a tool to remove alternate stream data, which should show if this is the problem or not.
https://technet.microsoft.com/en-us/sysinternals/bb897440

THAT DID IT!!

Thank you so much.

[Monsieur OUXX]

There is a tool to remove alternate stream data, which should show if this is the problem or not.
https://technet.microsoft.com/en-us/sysinternals/bb897440

THAT DID IT!!

Thank you so much.

Dave would you mind writing a small tutorial about that (either directly in the wiki, or just here).

[morganw]

There is a tool to remove alternate stream data, which should show if this is the problem or not.
https://technet.microsoft.com/en-us/sysinternals/bb897440

THAT DID IT!!

Thank you so much.

Dave would you mind writing a small tutorial about that (either directly in the wiki, or just here).

Code: DOS

streams.exe -s -d <EXTRACTED FOLDER>

...to remove all alternate streams on all files in the folder. But this isn't AGS specific, it's specific to using Windows.

[Monsieur OUXX]

I've made a Wiki article : http://www.adventuregamestudio.co.uk/wiki/Prevent_AGS_from_triggering_antiviruses

[selmiak]

Jus wondering, you do this as a developer to your game and after that it runs everywhere you distribute it to or is it for users to use on every AGS game they download?

[morganw]

I think the wiki article is confusing the issue. This is nothing to do with hidden malware and antivirus detections, it's the origin of a file being stored with it so that you can be warned about opening files you've downloaded from the Interent. Clearing all alternate streams is the last resort if something is blocking you from unblocking the content manually (it could be antivirus interfering at this point, but it's more likely a UAC elevation issue combined with where you've extracted the files).

The whole behaviour is client side and client specific, you cannot prepare your content to bypass it. In the context of this conversation you could say people downloading alpha builds should be aware that this can happen, but people using the current stable release of AGS will be running an installer to get the files onto the disk and so shouldn't have a problem.

[Snarky]

And isn't this specifically a problem with trying to launch the help from the AGS IDE?

Since this is a Wiki, I've taken advantage of that to edit the article (nice effort, Ouxx!) with my understanding of the issue.

[morganw]

No it's not specific with trying to open help from the IDE. It's likely you were already asked to confirm that you wanted to run the IDE itself if the help will not open (it will have the same zone identifier saved in an alternate stream). The difference is you'll be prompted to confirm you really want to run a program you've downloaded (it's handled by the shell which has a mechanism to ask you), but you aren't prompted when the help viewer tries to open the help file (it's handled by the viewer itself which just blocks without asking).

It looks like there is a registry key for the help viewer where you could permit opening content from the "internet zone":

Code: REG

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions]
"MaxAllowedZone"=dword:00000003

...but this changes behaviour for all help files and just using the unblock button should suffice. If you can't unblock it's likely you've extracted the files to somewhere like the root of the system disk where your user account doesn't have write access without running an elevated process.

I think the wiki page needs a change of title (and URL) and all mentions of malware removed. I'll do it if I have permission to do so.

[Crimson Wizard]

I think the wiki page needs a change of title (and URL) and all mentions of malware removed. I'll do it if I have permission to do so.

I believe any forum member can edit Wiki.

[Snarky]

No it's not specific with trying to open help from the IDE. It's likely you were already asked to confirm that you wanted to run the IDE itself if the help will not open (it will have the same zone identifier saved in an alternate stream). The difference is you'll be prompted to confirm you really want to run a program you've downloaded (it's handled by the shell which has a mechanism to ask you), but you aren't prompted when the help viewer tries to open the help file (it's handled by the viewer itself which just blocks without asking).

Yes, that's what I meant: the problem is specific to trying to open help through the IDE, since it's blocked silently. I think every Windows user is by now familiar with the confirmation dialog that often pops up when you're trying to open a file / launch a program downloaded from the internet; that confirmation is not a problem, even if it has the same root cause, and isn't something we need a Wiki page to explain (though it might be worth mentioning in the context of discussing this problem).

[morganw]

It would also be blocked if you tried opening it outside of the IDE.
If the wiki page specifically talks about the using alpha builds and tells you to unblock the .chm file if it won't open correctly, that would seem worthwhile. Or perhaps just supply a note with the alphas builds.

[Crimson Wizard]

If the wiki page specifically talks about the using alpha builds and tells you to unblock the .chm file if it won't open correctly, that would seem worthwhile. Or perhaps just supply a note with the alphas builds.

Alpha builds are not he only ones we distribute as ZIP archives, all final releases have alternate zip download.

[morganw]

How do you feel about the editor attempting to remove the zone identifier? The click handler for the menu is already checking that the file exists so could it also check for the zone identifier alternate stream and try to remove it? In most cases people are going to extract the file to where they have write access, so the delete should usually succeed.

[morganw]

It looks like to implement an additional check and warning isn't very much work, you can follow the existing check that the help file is actually there and read the Zone Identifier using .NET.

In HelpCommandsComponent.cs:

Code: CSharp

 using System.Runtime.InteropServices;
 using System.Diagnostics;
+using System.Security;
+using System.Security.Policy;

In the CommandClick function:

Code: CSharp

 else if (!File.Exists(_helpFileName))
 {
     _guiController.ShowMessage("The help file '" + _helpFileName + "' is missing. You may need to reinstall AGS.", MessageBoxIcon.Warning);
 }
+else if (Zone.CreateFromUrl(_helpFileName).SecurityZone != SecurityZone.MyComputer)
+{
+    _guiController.ShowMessage("The help file '" + _helpFileName + "' is restricted by a Zone Identifier.", MessageBoxIcon.Warning);
+}

I've tried it out and this doesn't display the warning if you've manually unblocked the file, or if the Zone Identifier isn't present. Maybe the message can be clearer though. Apologies if this isn't the place to be throwing code around.

[Crimson Wizard]

It looks like to implement an additional check and warning isn't very much work, you can follow the existing check that the help file is actually there and read the Zone Identifier using .NET.

Could you post this in the Editor issue tracker?
http://www.adventuregamestudio.co.uk/forums/index.php?project=5

I find it very hard to find suggestions in forum threads after time passes.

E: Alternatively, you may make a pull request to our repository (develop-3.3.5 branch).

[morganw]

I've actually just this moment added it the tracker:
http://www.adventuregamestudio.co.uk/forums/index.php?issue=721

[morganw]

I think the blocking issue can also be partially solved by supplying a self-extracting archive for the installer-less version, and directing people towards this. If the extraction is done outside of native Windows tools (e.g. with 7-Zip), the extracted contents are not blocked even though the downloaded file itself will be.

Installer.exe       <-- for people who want an installer
Installer.7z.exe    <-- for people who don't want to run an installer

For people who want to get access on other platforms, you can make a .zip file available (in smaller print?) or p7zip can extract the .7z.exe file.

[Snarky]

Part of the reason some prefer a zip (or other archive) file to an exe is a suspicion of blindly running executables downloaded from the internet. Granted, it doesn't make that much sense in this case, since you'll still need to run the AGS exe once the file is unzipped, but I think it would be better to stick with a zip file nevertheless, just for people's ease of mind.

I'm not exactly clear on how it can make a difference whether the CHM file was originally downloaded as a zip and then unzipped, or as a zip.exe and then self-extracted. Does Windows peek into the zip file and add the extra data stream to every file inside, or what? Or is it only if you use windows built-in functionality to extract the file, rather than 7zip/WinZip/WinRar or some other app?

[morganw]

Yes I agree that the archive should be preferable but unfortunately people are getting tripped up by functionality built into Windows. Maybe it's the same reason that this decision looks to have been made for another similar project, the self extractor being the suggested download choice.

There are no alternate streams stored in the zip file contents, they are added by the extraction tool.

• If your zip file has a Zone Identifier, if you extract it with Windows tools the same Zone Identifier is applied to the extracted files
• If your zip file has a Zone Identifier, if you press "unblock" on the zip and then extract it with Windows tools the extracted files won't have a Zone Identifier
• If your zip file has a Zone Identifier, if you extract with some other program it's up to that program about how it wants to handle the Zone Identifier
• Extracting with 7-zip or using a 7-zip self-extractor doesn't create them on extracted content even though it's present on the source file, other tools may choose to act differently

Perhaps the easiest solution is to switch from supplying a CHM file to another format, it's the CHM reader that's silently refusing to read the file and something simpler like HTML content would be more accessible for people on other platforms.

[Crimson Wizard]

I've made a Wiki article : http://www.adventuregamestudio.co.uk/wiki/Prevent_AGS_from_triggering_antiviruses

Regarding this wiki article, I agree that it is confusing. Its title mentions antivirus, but the main problem we were having is that help file was marked as unsafe by Windows, not antivirus. Also, it was not any alternate data stream that caused this, but Zone identifier.
IMO this article gives too much unrelated information (file system, other platforms, etc).

Other things I noticed:

Specifically, attempts to access Help from the AGS editor may be blocked.

It does not block access from Editor; what happens is that help file is marked as unsafe, and Windows help viewing program refuses to open such file's content.
It does not matter whether you run help from Editor, or open it by double clicking in your explorer.

And since AGS has started becoming cross-platform, there will be some alternate data streams in your files.

I tried really hard, but no avail, I cannot understand what does this mean, or where this information comes from?


Also, for me it always worked if I simply clicked "Unblock" button in file properies. Dave's case could be special for some reason. I think this article must explain that solution too, because if it works, it is much easier to do than downloading extra tool, etc.

[Monsieur OUXX]

Regarding this wiki article, I agree that it is confusing. Its title mentions antivirus, but the main problem we were having is that help file was marked as unsafe by Windows, not antivirus. Also, it was not any alternate data stream that caused this, but Zone identifier.

Well originally when I started reading it was all about alternate data streams and antiviruses going paranoid for no good reason. I'm not sure if posts have been edited or what, but since then the thread went in a completely different direction. Feel free to heavily change the article.

[morganw]

I've heavily changed it, but I don't know how to rename the page to remove the references to anti-virus.