False positive? IP 109.236.85.132

[xwhitemousex]

I keep getting a popup saying a process and IP has been blocked when I try to run a game launcher called "Six Launcher" that runs Arma2 mods (specifically the DayZ mod in my case).

See log below

2012/07/11 15:01:50 +0200 ROGER-DESKTOP Roger MESSAGE Starting protection
2012/07/11 15:01:51 +0200 ROGER-DESKTOP Roger MESSAGE Protection started successfully
2012/07/11 15:01:54 +0200 ROGER-DESKTOP Roger MESSAGE Starting IP protection
2012/07/11 15:01:55 +0200 ROGER-DESKTOP Roger MESSAGE IP Protection started successfully
2012/07/11 15:15:23 +0200 ROGER-DESKTOP Roger IP-BLOCK 109.236.85.132 (Type: outgoing, Port: 65455, Process: gslist.exe)
2012/07/11 15:15:39 +0200 ROGER-DESKTOP Roger IP-BLOCK 109.236.85.132 (Type: outgoing, Port: 65455, Process: gslist.exe)
2012/07/11 15:19:16 +0200 ROGER-DESKTOP Roger MESSAGE Starting database refresh
2012/07/11 15:19:16 +0200 ROGER-DESKTOP Roger MESSAGE Stopping IP protection
2012/07/11 15:19:51 +0200 ROGER-DESKTOP Roger MESSAGE IP Protection stopped
2012/07/11 15:19:52 +0200 ROGER-DESKTOP Roger MESSAGE Database refreshed successfully
2012/07/11 15:19:52 +0200 ROGER-DESKTOP Roger MESSAGE Starting IP protection
2012/07/11 15:19:53 +0200 ROGER-DESKTOP Roger MESSAGE IP Protection started successfully

I tried adding the gslist.exe to the Ignore list but it still drops that loginfo and the ballon with the blocked IP on me when I start up the launcher.

I don't quite understand it as it says it's blocked first, then says stopping IP protection, then starting it again?

The launcher seems to still run fine, though it takes a minute before I can see correct ping on servers (listed as 9999 ping, aka no connection, until it seems the IP protection allows the connection).

What gives?

[MysteryFCM]

I'm looking into it, thank you.

[xwhitemousex]

Any news on this or what causes it ?

The game seems to run it's just a slight annoyance to have the balloon give me warnings each time.

[MysteryFCM]

It's occurring because it's trying to reach 109.236.85.132. Without a packet capture (you can use Wireshark for this), it's difficult to tell exactly why it is trying to reach this IP. The IP itself used to belong to a name server, but not anymore (stranger still, is its still responding on port 80, but not returning content), it was also a game server for dayzmod.com for a while, but isn't responding on any of the ports they used.

The IP itself, is part of a wider range that has been blocked due to malicious content being present. I'm working with the AS owner to get it cleaned up.

[SnakeEyes]

i found this thread doing a google search for "malwarebytes dayz".

i'm having the same issue with the pop warning and block even after adding gslist.exe to ignore. it was also taking several minutes for a game to load after joining a server (at least 2 or 3 minutes). when alt-tab to desktop the malware pop-up would eventually came up indicating it blocked suspicious activity. i bought the game the first of this week and the load times were the same on every server i tried. today i disabled malwarebytes before playing and the game loaded in seconds. i tested on 6 different servers with and without the AV turned on. with it on it took on average 2 minutes to get into the game. with it off, 20 seconds...