Jump to content

warthunder showing as malicious?


Recommended Posts

I started to download a legit game called warthunder and then Mbam went blocking it as you can see

 
Detection, 16/11/2014 12:44:32, SYSTEM, NUTHATCH-PC, Protection, Malicious Website Protection, IP, 159.224.150.104, 49736, Outbound, C:\Program Files\WarThunder\launcher.exe, 
Detection, 16/11/2014 12:46:08, SYSTEM, NUTHATCH-PC, Protection, Malicious Website Protection, IP, 217.23.187.92, 27032, Outbound, C:\Program Files\WarThunder\launcher.exe, 
 
Also my firewall stopped 102 inbound network intrusions at the same time, my question is something wrong with warthunder or is this all just FP.
I've checked for malware can't find a thing, scanned and looked with various tools all so checked outbound connections can't see any signs of malware.
I stopped downloading warthunder and deleted it from my system to be safe.
 
Here is another topic on warthunder from another user of mbam, no answers did I find in it
 
Great full for your help and assistance
P.Allen
Link to post
Share on other sites

Hi:
 
Some games behave like P2P programs.
The behavior you describe while using such a game is explained in the following help desk topics:
https://helpdesk.malwarebytes.org/hc/en-us/articles/202325608-What-does-it-mean-when-I-get-an-alert-that-Malwarebytes-Anti-Malware-has-blocked-a-malicious-site-
https://helpdesk.malwarebytes.org/hc/en-us/articles/201948317-Why-does-Malwarebytes-Anti-Malware-block-BitTorrent-or-other-Peer-to-Peer-Programs-
 
You might try adding the game process to the WEB exclusions, as explained in the MBAM User Guide:
https://www.malwarebytes.org/support/guides/
 

Add Process to Web Exclusions
Clicking the Add Process button allows you to exclude a process which would otherwise be blocked from accessing an internet address. Please note that this option is only functional on Windows Vista Service Pack 2, Windows 7, and Windows 8.x. This is typically of value to users who need to access filesharing and/or peer-to-peer applications. On occasion, IP addresses used by these applications may be blacklisted, so that Malwarebytes Website Protection blocks access to the website as a whole. Excluding the IP address makes the user more vulnerable, as would exclusion of the domain (if the website uses a domain name). Excluding the process — providing that the process is not an internet browser — would allow the P2P application to function without increasing risk.

 
and in this help desk topic:
https://helpdesk.malwarebytes.org/hc/en-us/articles/201948337-How-do-I-stop-Malwarebytes-Anti-Malware-from-blocking-scanning-a-file-or-program-that-I-trust-

 

However, it might be safer first to post your inquiry over in the website blocking False Positive section.

To do so, please start with the instructions here: https://forums.malwarebytes.org/index.php?/topic/20806-important-please-read-before-reporting-a-false-positive/

Then, please post the requested information here: https://forums.malwarebytes.org/index.php?/forum/123-website-blocking/

 

Thanks,

Link to post
Share on other sites

Hello thanks for the reply.

Ive been looking at all the ip's that tried to connect to me when downloading this game (the ones that triggered the network attacks on my firewall) it is in my personal opinion a tad weird that they come from Russia, France, Sweden and there was a few more counties too so I think I will leave this game as most games download from a single location they may have a few different ips but normally the same country same location this doesn't feel right to me, thanks for your time.

Should I still post in the False pos section for you to look at or not?

 

P Allen

Link to post
Share on other sites

Should I still post in the False pos section for you to look at or not?

That's entirely up to you. :)

 

It sounds to me as if MBAM is doing its job.

But please review the articles for which I provided the links in my earlier reply, and then decide whether you would like to report the IP blocks for review as possible False Positives.

The MBAM staff would be the only ones to make that determination.

 

Thanks again,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.