Jump to content

War Thunder detection

Manaphy0220

By Manaphy0220
in Website Blocking

 Share
Go to solution Solved by JPopovic,

Recommended Posts

Manaphy0220

Manaphy0220

Posted
Posted

Hello again, a few days ago I've obtained free 14 days of Malwarebytes premium. When i tried launching War Thunder there were 2 notifications about blocking something malicious (it happened while launcher was opened). These blocks didn't affect the game as it could still be launched and when I tried launching it later, Malwarebytes didn't detect anything. There was also a website i tried to access for some information and again MB detected something. Is this a false positive or a legitimate detection?

Is this something dangerous or just a false positive? I'm sending logs in attachments.

BTW: when I clicked "Export" that raport, it was saved in Computer -> C: direction (I forgot to change localization) but when I tried this again there was a notification saying that I have no permission to save in this directory. Do You maybe know what happened?

PCVirusCareLogs.txt WarThunderLogs1.txt WarThunderLogs2.txt

Link to post
Share on other sites
Manaphy0220

Manaphy0220

Posted
  • Author
Posted
11 hours ago, JPopovic said:

Hello,

These are legit IP blocks, but you don't have to worry about them if they don't affect the game play.

The block will be removed from the domain (pl.pcviruscare.com).

Thank you and let us know if you need any additional help!

 

What does this mean? They (blocks) don't affect anything but I'm worried why are they happening. Is there something wrong with War Thunder?

I've got another one today (attachments). Also, do You know anything about that saving directory thing? What happened? Looks like I can save there MB log but only 1 time, later there is notification that i lack permission.

WarThunderLogs3.txt

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
1 hour ago, Manaphy0220 said:

Is there something wrong with War Thunder?

No.

As for why Malwarebytes blocks War Thunder and other games, this is because the games are Torrent based software, are what are known as Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses (this is how files are downloaded through Torrent based software) and because of this, sometimes Torrent based software will connect to a server that is also known for hosting malicious content.  This is because servers/IP addresses are often shared by multiple sites, so while what you are Playing/downloading through Torrent based software may be perfectly safe, some of the sites hosted on some of the IP addresses that Torrent based software connects to may be malicious.  Such connections are not a threat however, and you may exclude Torrent based software from the Web Protection component in Malwarebytes to stop the blocks from happening without compromising your protection (your web browser and other critical web facing programs will still be fully protected from malicious websites and other malicious content).  To do so, add the game exe to your exclusions using the method described under the Exclude an Application that Connects to the Internet section of this support article.

Link to post
Share on other sites
  • 2 weeks later...
Manaphy0220

Manaphy0220

Posted
  • Author
Posted
On 12/18/2020 at 11:36 PM, Porthos said:

No.

As for why Malwarebytes blocks War Thunder and other games, this is because the games are Torrent based software, are what are known as Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses (this is how files are downloaded through Torrent based software) and because of this, sometimes Torrent based software will connect to a server that is also known for hosting malicious content.  This is because servers/IP addresses are often shared by multiple sites, so while what you are Playing/downloading through Torrent based software may be perfectly safe, some of the sites hosted on some of the IP addresses that Torrent based software connects to may be malicious.  Such connections are not a threat however, and you may exclude Torrent based software from the Web Protection component in Malwarebytes to stop the blocks from happening without compromising your protection (your web browser and other critical web facing programs will still be fully protected from malicious websites and other malicious content).  To do so, add the game exe to your exclusions using the method described under the Exclude an Application that Connects to the Internet section of this support article.

 

Ok, I think I understand now. So there is nothing to worry about even if MB blocks some IP from War Thunder. Thank You very much.

Link to post
Share on other sites
exile360

exile360

Posted
Posted (edited)

Correct, as long as the game works and you don't have any issues playing the game or connecting to servers for online play, you don't have to do anything and can just ignore the blocks.  If the blocks do cause any problems then you may exclude the game using the method described by Porthos above to allow an application that connects to the internet which will allow all connections for your game without having to allow any potentially unsafe sites for other web facing applications such as your web browser so that you don't compromise your system's security.  The peer-to-peer nature of most online games frequently leads to them sometimes being blocked by the Web Protection in Malwarebytes as explained above.  This is because many domains/websites can be hosted on the same server/IP address, so even though a connection to a server/IP through your game may be perfectly safe and may not contain anything malicious, other websites/domains hosted on the same IP address may be used for malicious purposes, meaning visiting those sites using a web browser could be risky.

Either way, as long as the game is functioning normally and you aren't having any issues playing the game, you can simply leave the blocks in place and just enjoy your game, though you may want to activate Play Mode for your game in Malwarebytes as described in this support article so that you aren't interrupted by any notifications from Malwarebytes while playing your game.

If we can help with anything else please let us know.

Thanks

Edited by exile360
Link to post
Share on other sites
SteveSki

SteveSki

Posted
Posted

Ok, so we know the problem, torent, but wouldn't you guys have figured this out by now?  Why the F@ck do I spend 15-20minutes to manipulating my MB to get this game to play?  It started with the latest MB update, 3 weeks ago.  I'll ditch MB if need be, yall need to do better, we're paying customers!  thbis is some serious Bravo Sierra!!! 

 

Signed, pissed off gamer!

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Greetings,

What issue specifically are you encountering?  I ask because the issue in this thread is just that the game War Thunder is connecting to an IP address known for also hosting malicious content, hence the blocks from Malwarebytes, but the game itself continued to work perfectly fine in spite of the blocks.  That said, if you're having an issue with a particular game due to website/IP blocks from Malwarebytes and exclusions aren't working, please post logs showing the blocks and we should be able to assist you in getting it to work correctly.  To get the block reports, please refer to the information in this support article and use the Copy to clipboard function to copy/paste the log(s) here showing the blocks.

If the issue is simply that block notifications are being displayed interrupting you while gaming, you can add your game to the list of applications for Play Mode in Malwarebytes' settings as documented in this support article.

Also, once you've posted the logs showing the blocks, Malwarebytes' Researchers can review the site(s)/server(s) in question and determine if they can be safely removed from Malwarebytes' block list, and if so they will then do so which should eliminate the issue for all who play the game (assuming it's a specific server/servers being blocked every time the game is launched and not due to the game connecting to different IPs/servers through the use of peer-to-peer technology; if it's due to P2P connections, we should be able to help you to create web exclusions for the game to eliminate the blocks as mentioned above once you post the logs).

Thanks

Link to post
Share on other sites
SteveSki

SteveSki

Posted
Posted

Thanks Exile, for taking the time to address this for me.  Here's just two from recent activity.  I usually have to disable web protection, not good, then restart the comp to play the game.  Warthunder.exe is in the allowed list, but it's now a daily issue since the last MB update, very frustrating.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 1/4/21
Protection Event Time: 4:26 PM
Log File: 978c8ce1-4eec-11eb-b9d1-fcaa14adf89a.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1130
Update Package Version: 1.0.35223
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Users\Steve\AppData\Local\WarThunder\launcher.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain:
IP Address: 212.182.90.18
Port: 50093
Type: Outbound
File: C:\Users\Steve\AppData\Local\WarThunder\launcher.exe

 

(end)

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 1/2/21
Protection Event Time: 5:51 AM
Log File: a41611f8-4d01-11eb-b293-fcaa14adf89a.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1130
Update Package Version: 1.0.35169
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Users\Steve\AppData\Local\WarThunder\launcher.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain:
IP Address: 82.209.166.34
Port: 5060
Type: Outbound
File: C:\Users\Steve\AppData\Local\WarThunder\launcher.exe

 

(end)

Link to post
Share on other sites
exile360

exile360

Posted
Posted

You should be able to exclude the file C:\Users\<your user name>\AppData\Local\WarThunder\launcher.exe as Porthos mentioned above to stop the blocks from occurring.  Further info on how to do so can be found under the Allow an application to connect to the Internet section of this support article.  Just keep in mind that since the file is in AppData you may need to configure Windows Explorer to show hidden files, folders and drives as described in this Microsoft support article.

If you run into any problems please let us know, but that should allow you to run the game without it being blocked by Web Protection any more.

Link to post
Share on other sites
SteveSki

SteveSki

Posted
Posted

Ok, so this is what I'm talking about, it happened again!  SH@T! The last app was inserted into the allow list, as prescribed and spelled out, (C:\Users\Steve\AppData\Local\WarThunder\launcher.exe) exactly!  Worked great for a few days, now it's crapping again.  This is getting real old guys!

 

Should I ditch MB??  You tell me.

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted (edited)
10 minutes ago, SteveSki said:

The last app was inserted into the allow list

10 minutes ago, SteveSki said:

Worked great for a few days, now it's crapping again. 

Was it added as mentioned below? Are you receiving web blocks again??

On 1/5/2021 at 5:32 PM, Porthos said:

Has it been added to applications that access the internet?

 

2021-01-05_17h31_44.png

 

Edited by Porthos
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.