Malwarebytes suddenly blocking a connection from mudflow.exe as a trojan?

As the title says, my Malwarebytes is now blocking mudflow.exe as a trojan, but it wasn’t before the past few days.

Frankly I don’t know why. :frowning: Did you try to downgrade and test the mudfish version? The previous version is found at http://mudfish.net/releases/ link.

Yeah, I tried downgrading. It happens on all the versions as far as I can tell. If it helps, the specific IP it’s blocking is 125.212.218.98. From looking up the IP online, it seems to be pointing to a location in Vietnam, and I’m not sure why it would even be going to an IP over there. Neither I nor my destination server (US West Primal for FFXIV) are located anywhere near there, and as far as I know Mudfish is based in South Korea? Connecting to the game itself seems to still work even with it blocking that connection, which confuses me even more, as I would think it blocking a connection would prevent it from connecting to the game.

I’ve also tried with a different item (SWTOR) and it does it with that as well. It also does it both on Fastconnect mode and normal mode.

Part of me thinks it’s just a false positive, but I’d rather not risk it and have to deal with the potential disaster that would bring if it wasn’t a false positive, you know?

125.212.218.98 IP is a public IP of VN Asia (Vietnam - Viettel 2) mudfish node. :frowning: So it seems your AV program blocks RTT calculation check between your desktop and mudfish nodes.

mudflow.exe process is on duty to calculate RTT values when it starts so it’ll sends a lot of ICMP / UDP / TCP checks at very first. After 5 cycles, it’s slowed down.

Yes correct. But please note that 480 mudfish nodes are at all around world.

At this moment I think it’s a false positive. I think we should know first why Malwarebytes thinks it’s an issue.

Ah, the fact that it’s one of the nodes explains why it’s contacting that IP then, and also why the game connection works fine despite the connection being blocked. Good to know.

I’m not really sure why Malwarebytes suddenly started blocking the site. I’ve used Mudfish for a long while with no issues. I don’t suppose there’s any way to make Mudfish stop checking that specific node on my end?

Did you try to use “Setup -> Nodes” menu before? I think you can set the blacklist of mudfish nodes you don’t want to use.

I had not. I didn’t even know that menu existed! That seems to have done the trick, at least as a work-around. It also has the added benefit of making the scores populate much faster when I’m trying to pick a different node to use. Thank you!