Jump to content

Wargaming.net Game Center application false positive


alexwg
 Share

Recommended Posts

Wargaming.net Game Center application is used for Wargaming.net games distribution. Executable file of this app - wgc.exe. It is signed by Wargaming.net certificate, but Malware Bytes Antivirus is blocked it as Malware. Please, assist, add wgc.exe to the whitelist to make the use of Wargaming.net Game Center possible.

The latest version of Wargaming.net Game Center installer is attached or can be found here: 

https://wds.gcdn.co/wgc/releases_tTrHgLCKHBRiaL/wgc_21.00.00.3580_eu/wargaming_game_center_install_eu.exe

 

Thank you in advance.

$R94AI3I.jpeg

$RH4PEKQ.jpeg

$RS2G903.jpeg

wargaming_game_center_install_eu.zip

Edited by AdvancedSetup
disabled live hyperlink
Link to post
Share on other sites

1 minute ago, alexwg said:

we only use p2p to download 7z-archives with games binaries, for games binaries repair and for Microsoft Redists delivery.

I am guessing the blocks are due to the p2p function and it due to the nature of p2p is reaching out/connecting to blocked IP addresses.

Link to post
Share on other sites

  • 2 months later...
  • 8 months later...

I've just gotten this same problem while downloading World of Tanks from the official Wargaming.net Game Center client described by OP.

I then decided to delete it and download the game through Steam, so the only thing I'm downloading is the game and I'm NOT setting up a torrent with malicious IPs.

what is "mozi linux malware"? is that the only thing those IPs spread?

Link to post
Share on other sites

56 minutes ago, ParanoiaBoy said:

I'm NOT setting up a torrent with malicious IPs.

The Games use torrent tech to run the game.

As for why Malwarebytes blocks Steam, Epic and other games, this is because Steam is Torrent based software, are what are known as Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses (this is how files are downloaded through Torrent based software) and because of this, sometimes Torrent based software will connect to a server that is also known for hosting malicious content.  This is because servers/IP addresses are often shared by multiple sites, so while what you are Playing/downloading through Torrent based software may be perfectly safe, some of the sites hosted on some of the IP addresses that Torrent based software connects to may be malicious.  Such connections are not a threat however, and you may exclude Torrent based software from the Web Protection component in Malwarebytes to stop the blocks from happening without compromising your protection (your web browser and other critical web facing programs will still be fully protected from malicious websites and other malicious content).  To do so, add the game exe to your exclusions using the method described under the Exclude an Application that Connects to the Internet section of this support article.

Link to post
Share on other sites

to be more specific, I deleted the wargaming dedicated launcher that was using torrent tech, not Steam.

i switched TO steam to download that game because i hadn't got any issue with it. I mean, Steam was using torrent tech like 10 years ago, i remember not using it for years for this same reason. but i hadn't any issues for few years i started using it again (i don't know what changed), and i think it's safer than those dedicated launchers.

Link to post
Share on other sites

  • 2 months later...

Got the same issue while downloading a new alpha test game from wargaming center today (06.04.2022). Got the first alert already on the installation of the launcher itself, than while download of the gamefiles and after finishing download again. 
IPs are visible in the screenshot. Thanks malwarebytes for saving me. But everything was downloaded as normal, high speed, installation of the game worked. guess it used only legit/unrecognised  server-ips than? 

screenshotMWBxWGC.png

Link to post
Share on other sites

  • Staff
On 2/4/2021 at 4:06 PM, Zynthesist said:

Hello, both IPs you posted have very recent malicious activity. Domain you listed is not blocked by us. 

See here for details:

https://www.virustotal.com/gui/ip-address/125.63.70.222/relations

https://www.virustotal.com/gui/ip-address/42.61.99.155/relations

 

Both these IPs are malicious, with one Mozi related and neither can be removed from the DB, add exclusions if needed.

VirusTotal - URL - 39a4b2af19aace0d5a01fa3c3d2c054d2bfbb0fabaa3f2fc9a0c7a757ca9b614

VirusTotal - URL - f350e861b6d33399974fd873987f300659433c6b66931a11ec2456a8564c860b

Link to post
Share on other sites

  • TeMerc locked this topic
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.