Issue Type (Required):
Launcher
Issue Description (Required):
My antivirus (ESET Smart Security Premium) warned me this morning that the launcher was communicating with a phishing website:
Time;URL;Status;Detection;Application;User;IP address;Hash
2024-05-06 8:23:14 AM;;Blocked;Anti-Phishing blacklist;C:\Steam\Steam\steamapps\common\Warhammer 40,000 DARKTIDE\launcher\WebView2\Microsoft.WebView2.FixedVersionRuntime.116.0.1938.76.x64\msedgewebview2.exe;PCNAME\PCUSER;3.225.60.63;D62EEAF64139AE19ABFE736C365170064A0D2C66
[PC] Do You Use Mods? (Optional):
No, I don’t use mods
Reproduction Rate (Required):
Constant (100%)
Platform (Required):
Steam (PC)
I’m not sure what this is admittedly - I’ve raised this with the team, I’ll keep you posted.
2 Likes
Thanks, just to specify, this happens immediately when you launch the game with the launcher.
I’d like to suggest that certain viruses/malware try to redirect web traffic to phishing sites (admittedly it’s been like 10+ years since i last saw this happen), is it possible at all that it’s something on your computer interfering with darktide?
1 Like
Like URL switching? I’m not sure how to investigate that unless I know which URL it was originally trying to contact.
1 Like
I did a bit of investigation with pihole and it seems like the game has been contacting the same URL for a while. Also, on VirusTotal, it seems like only ESET identified this same URL as a phishing website.
I believe it is harmless and pertains to the service we use to host our launcher’s content, but I’m seeking confirmation.
I’ve also sent it to ESET for analysis. Hopefully it’s just a false positive.
I have a follow-up for today. I’ve noticed the AV doesn’t detect it anymore, so I guess the report I sent to ESET helped. Even on VirusTotal, the URL isn’t detected as phishing anymore by ESET. I think the issue can be closed now.
Thanks for the prompt reply too for yesterday!