MalwareBytes Anti-Malware blocking gamelauncher getting to an IP

Demanufacturer · 2013-07-10 16:14:05 UTC

Hey, first post. Long time splash damage game player…

Anyway, just bought VIP pack, installed launcher. After about an hour, malwarebytes anti-malware popped up with “blocked access to potentially malicious website” - Could easily be a false positive…

In any case here are the details from the log… *** blocking out personal info name…

2013/07/11 01:09:17 +1000 ****** ****** IP-BLOCK 89.28.15.135 (Type: outgoing, Port: 58523, Process: gamelauncher.exe)

Known issue? I haven’t investigated the IP… my guess is it has to do with analytics/advertising??

jRAD · 2013-07-10 16:32:36 UTC

It’s definitely a false positive, but there’s not much we can do about it. It’s up to your anti-malware manufacturer to update their definitions or heuristics to allow for the necessary network traffic. The launcher only communicates with Fireteam services and our content network to get assets such as images.

Volcano · 2013-07-10 16:33:33 UTC

wasn’t expecting to see you again d-man, i haven’t seen or had this problem before and I use malwarebytes as well

Demanufacturer · 2013-07-10 18:57:47 UTC

Thanks for the reply, figured it’s something worth flagging. Not sure how your IP ended up in their db.

In my time with malwarebytes anti malware pro (about a year) I haven’t been entirely happy with the product. But you have to run something nowadays… can’t go bareback in this big bad internet world.

Volcano - sent you a PM! Surprised you recognized me. I didn’t realize the Warchest name would just be Dman and not by big bulky name… might ask a question about that later…

Mustang · 2013-07-10 19:53:02 UTC

Firewall + Brainpower >>>>>>> Antivirus

Perhaps it just flags all Moldova IP’s

Demanufacturer · 2013-07-10 20:28:09 UTC

2013/07/11 03:20:15 +1000 ****** ****** IP-BLOCK 219.153.96.2 (Type: outgoing, Port: 60115, Process: gamelauncher.exe)
2013/07/11 03:53:12 +1000 ****** ****** IP-BLOCK 219.153.50.6 (Type: outgoing, Port: 61550, Process: gamelauncher.exe)
2013/07/11 04:16:57 +1000 ****** ****** IP-BLOCK 213.186.118.137 (Type: outgoing, Port: 61550, Process: gamelauncher.exe)
2013/07/11 04:20:01 +1000 ****** ****** IP-BLOCK 213.186.115.236 (Type: outgoing, Port: 61550, Process: gamelauncher.exe)
2013/07/11 04:44:49 +1000 ****** ****** IP-BLOCK 213.55.114.199 (Type: outgoing, Port: 61550, Process: gamelauncher.exe)

Some more. Does the launcher use a torrent like system??

Firewall + Brainpower >>>>>>> Antivirus

Yeah I used to operate that way. Not sure how to phrase this without sounding condescending but, brainpower doesn’t protect you against drivebys and zero days. Not that antivirus/antimalware is necessarily going to stop a zero day, but if you run into an exploit a month after it came out, maybe your program will help you.

I’m not in the tinfoil hat/noscript/incognito camp (way too lazy) but yea… if something piggybacks on your permitted ports and exe’s somehow, your firewall and common sense isn’t going to help you -_-

Also if you’re not running any antivirus, I’d like to suggest you be careful with any USB’s you plug into your PC! Hilarious as it sounds, my flash memory on my android phone got infected with a windows virus by using it as storage - after being plugged into a PC in an enterprise - that had “enterprise grade” antivirus! I wouldn’t have known about it unless I had MS Security Essentials running on Win7 on my home PC. The company was running TrendMicro (never been a fan of that product, at work or home.) But still, something is better than nothing

Nail · 2013-07-10 20:48:17 UTC

launcher uses torrent system

Mustang · 2013-07-10 21:05:29 UTC

http://www.rasterbar.com/products/libtorrent/

maxxxxlol · 2013-07-11 10:52:25 UTC

Wtf is this the real dman

skepticalhippo.jpg