Adlice forum

Software feedback => RogueKiller => Topic started by: Faergor on October 23, 2018, 08:44:32 pm

Title: Wargaming Suspicious Path found, probably false positive
Post by: Faergor on October 23, 2018, 08:44:32 pm
Hi, I downloaded new version of roguekiller 12.13.6.0, ran it in normal and safe mode and it has not found anything.
Then few hours later, I scanned with it again and it found this:

[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1239764888-2148109162-3447206424-1001\Software\Microsoft\Windows\CurrentVersion\Run | Wargaming.net Game Center : "C:\ProgramData\Wargaming.net\GameCenter\wgc.exe" --background '' [7] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1239764888-2148109162-3447206424-1001\Software\Microsoft\Windows\CurrentVersion\Run | Wargaming.net Game Center : "C:\ProgramData\Wargaming.net\GameCenter\wgc.exe" --background '' [7] -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{438D6068-C8F4-4A4D-9D25-790985B62D50}C:\programdata\wargaming.net\gamecenter\wgc.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\programdata\wargaming.net\gamecenter\wgc.exe|Name=Wargaming.net Game Center|Desc=Wargaming.net Game Center| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{9CA939D7-0F17-47D6-9DB3-25651E0CFE98}C:\programdata\wargaming.net\gamecenter\wgc.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\programdata\wargaming.net\gamecenter\wgc.exe|Name=Wargaming.net Game Center|Desc=Wargaming.net Game Center| [7] -> Deleted

This is probably safe positive,but could you verify it for me please? I am attaching a scan report as well.
Thanks

P.S. There are 4 things found, I was able to delete all 3 except the second one from above. It said error. Is it a problem and may it mean one? Thanks
Title: Re: Wargaming Suspicious Path found, probably false positive
Post by: Faergor on October 24, 2018, 10:48:09 pm
Hi,I am sorry for bothering you. Is this what I found an issue? Thank you :)
Title: Re: Wargaming Suspicious Path found, probably false positive
Post by: Curson on October 25, 2018, 07:22:46 pm
Hi Faergor,

Sorry for the delay.
Yes, this is indeed a false positive. We will whitelist it in RogueKiller next release.

Regards.