[SOLVED] False Positive or Compromised ?

[Johntron1]

I don't usually torrent files but when I do it's for a gamepatch of 'Koikatsu'.
I decided to head to the Patreon page of the developer, like many times before, and copy/pasted his magnet link into qBittorrent.
Magnet Link (Patreon)

Almost straight away upon downloading or even opening the client Malwarebytes started blocking website IPs like crazy.

I looked these up on AbuseIPDB and it doesn't look good. (I understand that these IPs are not static addresses and even reported IPs with a 'high likelihood of danger' can be false flags.)
Further research brought me to a page that describes Malwarebytes' web security as 'unique' from other security programs making P2P networking interesting. Even if the files of the torrent are safe. As of now I'm using the Premium version, described here as 'unique'.
Malwarebytes Thread

So what's going on here, what's your opinion? Is it Malwarebytes' laziness, my ignorance on the subject, or something completely different?

 

[COLGeek]

Are there no other (safer) sources for these patches/mods?

The explanation in the cited thread describes what is happening. But, that was 5 years ago (2020). Things evolve and threats change. Why accept the risk?

 

[Johntron1]

Illusion, the developer went out of business so their page for patch updates has been removed as of a few years ago. Patches and mods are completely community run.
I have just never experienced Malwarebytes premium react like this before, it's a known issue after further research.
Qbittorent is the culrpit not the torrented files themselves. Malwarebytes and the client don't get along apparently / Malwarebytes and torrent clients don't get along.

 

[COLGeek]

Have you used another app to confirm the behavior?

 

[USAFRet]

Illusion, the developer went out of business so their page for patch updates has been removed as of a few years ago. Patches and mods are completely community run.
I have just never experienced Malwarebytes premium react like this before, it's a known issue after further research.
Qbittorent is the culrpit not the torrented files themselves. Malwarebytes and the client don't get along apparently / Malwarebytes and torrent clients don't get along.

These files are available only via torrent?

 

[Johntron1]

I've used Windows Defender to do a full scan of the drives and nothing malicious was detected. As well as a Malwarebytes scan when Windows Defender was turned off (vice versa) with no internet connection and nothing was detected. Unless you can provide me with something better. *edit

I've been using this magnet link for years since Marco started hosting it (when Illusion went under and removed their official link). This is the only place to find the link. You can check the Steam forum - it's officially the community vetted link.
My guess is that Malwarebytes is detecting a 'malicious' or 'not trusted' host where the files are or seeded from. It's blocking the host, so there's no issue I'd assume. Who even knows where Malwarebytes finds this information, it could be pinging it from abuseipdb for all I know.

All of these come from Qbittorrent.exe so I'd also assume they're the seeders.

These do not pop up unless Qbittorrent is active and running. As I said they all come from that exe.


*edit
I'm going to try a few more tools like norton power eraser, hitmanpro and ESET.
Of course all of these will be scanned offline and with other security programs turned off to prevent conflicts or false positives.

 

[Johntron1]

Nothing detected on all scans and secondary scanners.
Safe to say this is Malwarebytes Premium overreacting using it's Real Time Protection to block Qbittorrent's hosts or seeders. Their RTP is overly sensitive to torrenting programs.
Regardless, I'm still looking for opposing opinions on this.

 

[williamjeremiah]

False positives. If you trust the content you're downloading, there's no threat being connected to the seeders providing the pieces.
White List the Torrent Client.
I seed everyday

 

[Johntron1]

False positives. If you trust the content you're downloading, there's no threat being connected to the seeders providing the pieces.
White List the Torrent Client.
I seed everyday

I don't understand what you posted, I see torrents. Did you personally check these files from my torrent?
Also thank you for the input. It's and overly protective security suite as I figured.

 

[williamjeremiah]

I don't understand what you posted, I see torrents.

The photo is merely there to show my experience with torrenting.

 

[williamjeremiah]

Did you personally check these files from my torrent?

But Yes, that magnet is legit.

 

[Johntron1]

Thanks. I learned something today.