Skip to main content

XYREX Guard Anticheat - Interface

Русский

Danger Levels (DangerLevel)

The system classifies packets according to the following danger levels:

  • SAFE 🟢 - Safe packets that are part of standard gameplay
  • UNKNOWN 🟡 - Packets with unknown structure or new format that require analysis
  • SUSPICIOUS 🟡 - Potentially dangerous packets, false positives occur often
  • WARNING 🟡 - Malicious activity packets, false positives occur less frequently
  • DANGEROUS 🔴 - Malicious activity packets, false positives occur rarely
  • BLOCKED 🔴 - Automatically blocked packets identified as malicious

Event Types (EventType)

Each packet belongs to a specific event type:

Basic Game Actions

  • ARMY - Army management
  • NAVY - Navy management
  • AIR - Air force management
  • PRODUCTION - Production
  • CONSTRUCTION - Construction
  • TRADE - Trade operations
  • FOCUS - National focus research

Management and Diplomacy

  • LOBBY - Lobby actions
  • DIPLOMACY - Diplomatic actions
  • LEADERS - Leader management
  • IDEAS - National ideas
  • EVENTS - Events

Special Mechanics

  • AGENCY - Intelligence actions
  • MARKET - Market operations
  • SPECIALPROJECTS - Special projects
  • RESEARCH - Research
  • OCCUPATION - Occupied territory management

System Events

  • TECHNICAL - Technical packets
  • CONNECTION - Connection parameters
  • CUSTOMISATION - Icon settings, unit colors
  • SECURITY - Security events
  • HEADER - Packet headers
  • CHEAT - Suspicious actions
  • UNKNOWN - Unclassified events

Interface Description

Control Panel

Action Buttons

  • WinDivert Status - glows green, yellow, or red depending on the WinDivert driver status. Must glow green for the anti-cheat to work.
  • REFRESH - refresh player list and events. Interface updates automatically every 5 seconds
  • Mark All - mark all players to display their events
  • Unmark All - unmark all players
  • Export State - save current state (player list, blocklist, events) to a file
  • Import State - load state from JSON file
  • Clear All - clear player list and events (locally). A backup of the current state will be created (or the previous backup will be overwritten)
  • ENGLISH - switch interface language

Protection Toggles

  • Block New Connections - block new connections to the server. Enable after all players have joined. Disable when opening the lobby or enabling hotjoin.
caution

May cause already connected players to disconnect if their connection port or IP address changes (often happens when using VPN)

Restriction Level

Dropdown list with protection levels:

  • None (5) - no restrictions, passes all packets.
  • Weak (4) - blocks dangerous (DANGEROUS) packets (recommended). These include autosave, country buffing, one variation of DLC disabling (and crash), one of the game start packets, speed changes, some actions for controlling another country (not the one you selected in the lobby). False positives are unlikely.
  • Medium (3) - blocks suspicious (WARNING and DANGEROUS) packets. These include packets sent when using cheats, however false positives occur among these packets (i.e., you need to check and compare with what actually happened in the game).
  • Strict (2) - blocks all non-standard (SUSPICIOUS, WARNING and DANGEROUS) packets. These include packets that often come from all players, however these packets have also been observed when using cheats, enabling this option will likely lead to mass player disconnections.
  • Very Strict (1) - blocks all suspicious and previously unknown (UNKNOWN, SUSPICIOUS, WARNING and DANGEROUS) packets, enabling this option will likely lead to mass player disconnections.
caution

May cause player disconnections and freezes. However, in this case you can check which packets were blocked using the event log (filter by packet danger level).

Interface Sections

Players

Table with information about connected players:

  • Show - checkbox to mark players whose events should be displayed
  • Suspicious packet ignore checkbox (when enabled, will pass all traffic without blocking it)
  • Steam name, game name, country tag
  • Destination ports
  • Number of warnings
  • Connection time and last packet time
  • Number of received packets
  • Player state management buttons:
    • Alive/Dead - toggle player state
    • Ban - block/unblock player by port and name
    • IP Ban - block IP (and all players from this IP)

Blocked IPs

  • List of blocked IP addresses
  • Add to Blacklist button to add new IPs
  • Delete button for each IP

Events

  • Display events only for marked players
  • Event Filter - field for entering regular expressions Regular expressions work on the hex representation of the packet, player properties, and events
  • Filter - apply event filter
  • Invert Filter - invert filtering results
  • Number of Events to Display - limit the number of displayed events (for optimization)