How do you undo/uninstall this script?

[bryandonmarc]

Hi! I am trying to isolate a problem with my PC wherein I cannot login to a locally installed game client app
(specifically, I can't login to the Battle.net app but I can login to their website, error code BLZBNTBGS80000011)

I'm trying to see if the script has enabled any security measures that are preventing the app from connecting to Blizzard servers or something, and was looking for a way to reverse/undo/uninstall everything that the script applied to my PC. Is there an easy way to do this? Much appreciated.

I tried the way described in the Event Viewer part in the wiki to see if it is a blocked packet but it just displays an error

Get-WinEvent: No events were found that match the specified selection criteria.

Answer

Battle.net desktop app uses a weak cipher that is disabled by the TLS Security category. Simply running this line in PowerShell from the TLS undoing script solves the issue:

Enable-TlsCipherSuite -Name "TLS_RSA_WITH_AES_256_CBC_SHA"

[HotCakeX]

Hi,
To make sure, you can use Local Group Policy Editor, navigate to this area:

then in the Inbound and Outbound sections delete all of the country IP blocking firewall rules that appear on the right side.

after that restart the system or run gpupdate /force and check again.

Btw, have you used the TopSecurity category?

[bryandonmarc]

Nope, I do not use any TopSecurity category :)

[HotCakeX]

I just made an undoing script for TLS section.

Maybe the Blizzard client uses one of the old ciphers or cipher suites that the script disables, you can run the script as administrator to re-enable the stuff that script disables during TLS category.

For Group Policies, it's very easy, just delete this folder and restart: C:\Windows\System32\GroupPolicy

For undoing other registry settings, which I don't think will have any effect on your problem, you can find their exact path in the CSV file.

Please let me know if you still have the issue with Blizzard client.

[bryandonmarc]

Thank you so much! It worked 🥳

I'm not sure which answer solved the problem, deleting the Inbound and Outbound rules for Country IP Blocking/OFAC or running the undo script for the TLS Section. I'll try to isolate the problem further, and edit my answer once I found which one was causing the problem. I'll probably send a ticket to Blizzard as well after I do so.

Again, thankyouuu!

[HotCakeX]

Anytime ^^ that's great 😊

Yes that sounds good!

[bryandonmarc]

Finally found what's causing the issue. It wasn't an issue with applying the Country IP Blocking/OFAC category but the TLS Security category. Blizzard was using the TLS_RSA_WITH_AES_256_CBC_SHA cipher suite with their Battle.net client. Simply running only this single line from the undoing TLS script you've made solves the problem:

Enable-TlsCipherSuite -Name "TLS_RSA_WITH_AES_256_CBC_SHA"

I am now submitting a ticket to Blizzard support for them to hopefully update their support page for error code BLZBNTBGS80000011. Thank you again 😊

[HotCakeX]

Great job pinpointing the exact issue and reporting it to them^^

Hopefully they will also replace that with something stronger such as TLS_RSA_WITH_AES_256_GCM_SHA384

Or TLS 1.3 cipher suites 🙂
https://www.microsoft.com/en-us/security/blog/2020/08/20/taking-transport-layer-security-tls-to-the-next-level-with-tls-1-3/

[HotCakeX]

Just a heads up, the script is enforcing a tighter TLS security settings after more careful research.

I've added a warning message to be shown before running the TLS category so that users with Battle.net client can see it and skip the category.

I've also tweeted at them about this issue: https://twitter.com/SpyNetGirl/status/1659872718806822916

If you still enable the TLS category, you can either add that TLS cipher suite manually to the end of the string in Group policy or completely disable the Group policy:

[HotCakeX]

The ability to undo/unprotect is now added to the module:
https://github.com/HotCakeX/Harden-Windows-Security/wiki/Harden%E2%80%90Windows%E2%80%90Security%E2%80%90Module