"Always offline" problem in EA's Origin due to antivirus
Heine Fri, 2013/04/05 - 21:30
Whenever my brother and I have an appointment to play some multiplayer game, the evening invariably devolves into a debugging session, where we pore over Wireshark capture files to solve his usually self-inflicted problem with network connectivity.
Yesterday, the game of choice was Mass Effect 3 (ME3), in order to increase my "Galactic Readiness Rating" and eek out the few more points in Effective Military Strength that would allow Cmdr. Shephard to try and liberate Earth.
Now, Mass Effect 3 requires you to go online with EA's Origin client in order to play with others. That's where the snag of this evening hit: Whatever my brother did, he'd always be marked "offline" in the Origin client and thus unable to play. This problem is known on the desperation-soaked EA support forum as the "Always offline", "Cannot go online" or "Stuck in offline mode" problem.
To make a long story short, the root cause of this was him setting his antivirus program to scan encrypted connections. Specifically, Kaspersky's "Scan encrypted connections" and "Always scan encrypted connections" on the Proxy Server and Network Traffic Control Settings. The Origin client uses https to access EA's service, which means it is also subject to this setting.
To scan such connections, Kaspersky basically attempts to perform a Man in The Middle attack on the connection. Because either the Origin client or the Origin service DO perform certificate validation (unlike a lot of other programs), they weren't having with this.
You can either disable the scanning of encrypted connections, or opt for a more targeted approach, where only Origin is excluded. We've assembled some steps to do this in Kaspersky PURE 3.0. If you are not using Kaspersky, but another anti-virus program with similar functionality, try to add an exclusion rule for the application OriginClientService.
Double click on the Kaspersky icon in the taskbar.
Go to Settings > Protection > Firewall.
Go to the Network rules settings
Under Application rules find OriginClientService, right click on it and pick Application Rules from the menu. Switch to the Exclusions tab.
Click on "Do not scan network traffic" and make sure you change the sentence "do not scan all network traffic" in the box to "do not scan encrypted network traffic". You can change this by clicking on the word all for several times until you get the word encrypted.
PHEW!
You should now be able to sign-in to Origin and go online again. Before you can have fun blasting those Cerberus bastards to bits, you need to repeat these steps for the Mass Effect 3 executable.