Account Closure notification, "Hacking"

Hey there, got a notification for an account closure yesterday and was pretty surprised as I had just finished doing some M+ and some delves with some IRL friends, after doing some review of my activities for the day I think I may be able to contribute some understanding in what may have happened, I’m not sure if the appeals process is automated, but this seems like it may be a reasonable way to get to chat to a customer support rep.

So first and foremost I work in the cyber security section of a remote support and privilege access management company, with access and usage of tools that often flag anti virus software’s and in a previous case it flagged an automated banning system on rust.

I was doing M+ with a friend, we finished up I parked my character in Dorn and got a teams call about a Sev 1 for a local government body and told my friend I’d brb that I had something to do, that would could get back to doing some runs when I was finished, I entered the meeting completed my work and when I went to tab back to my wow it was already closed, I decided to go get some lunch and come back as the rest of my day was empty and I could play, but received an email indicating that my sub had been canceled

Assuming that I had just forgotten to move some of my funds around to my expense account I logged into my bank to see that there was in-fact adequate funds to pay for a month and then the ban email came in.

My assumption that there is correlation to my work activities is due to the timing of the ban .

“though you can still play until your current subscription expires on Sep 20 2025 11:23 AM (PST)”

The timing of the cancelation of my subscription correlates exactly with when I began assisting the customer that I was dealing with as I had a meeting that started with them at exactly 1:30 EST, which for simplicity sake is 10:30 a.m. Friday, Pacific Time (PT).

The meeting ran for around 2 hours of which there was a ton of application inspection done, remote assistance provided, traffic inspection and manipulation among other things that certainly would flag an automated cheat detection system should a game be running in the background while doing it.

It was a simple mistake that I forgot to close wow before starting these programs for work, and honestly not the first time I’ve done it.

I’d like to elaborate on the things that we utilize as to provide clarity on the possibility that this is likely what caused my account to be flagged.

Obviously for verification purposes I am more then willing and able to send application white sheets from my corporate email and since the person I was working with, were on a first name basis, I have already asked if he could verify that I was in fact utilizing these features at the given time specifically in assistance of their technical issues. Although this being a US government body, sensitive information will be withheld.

Some capabilities and functions of the software we utilize are as follows.

We do application inspection, and traffic inspection on devices we are remotely connected to.

We utilized the capability to execute script at an administrative/kernel level, including but not limited too PowerShell/ elevated CMD prompt.

We leverage application resource inspection including ram, hard drive and CPU communication to diagnose issues of appliance function.

The screensharing and remote desktop control utilize a virtualized adapter function to simulate key strokes / mouse movement and display capability for the connecting agent.

We also employ a keylogging integration to diagnose miss-inputs on endpoints when utilizing the remote desktop function.

We are not limited to only these functions with our program, but those would be something I’d assume would flag anti cheat.

We also require consistent connection with a VPN in order to do so (Cloudflare WARP)

As well as offloading of all recording and tasks to my personal on prem server, which hosts a range of virtual appliances as well as desktops, of which I utilize to practice and troubleshoot with our software in a sandbox environment, these connections go both ways sometimes I use my personal computer to connect to a virtual environment to practice and troubleshoot, sometimes I use a virtual environment to connect to my personal computer to troubleshoot and practice as the behavior of these are typically unique.

I work from home, I play a lot of wow, and since having a little girl and moving across the country 1000’s of KMs away from my friends and family, the activities that we partake in are my rare but cherished social interactions, I don’t get out much since I have a baby so this is sadly to say the only way I really get to “hang out” with my brother and dad anymore.

I obviously can’t be certain that this is what caused this, but I’m like 99% that I made a simple mistake, and I’d really appreciate someone taking a look at my account and understanding that although it appears I may have done something wrong, it was (regrettably) an oversight.

Thanks for your time I hope your day starts and ends well.

Okay, so first off…posting here about an account action will resolve nothing. They are not going to get I to any specifics as it’s generally against policy to do so.

If it was for hacking, then something triggered it.

All you can do is appeal and, no, appeals are not automated.

There is also no option to chat about account actions not has there ever been. You appeal, Blizzard looks at their logs, and determines if a mistake was made.

Generally, account actions take a bit of time. The hacks team (and/or GMs) need to investigate any potential violations.

That said, any automation on your computer can trigger Warden, which is Blizzard’s anti-cheat software.

And for your own sake (and the safety of your company’s tech assets), keep your work and private life on separate computers.

The email you received should have instructions on how to appeal. That’s the next step (and only step).

Yea sensitive interactions happen on my work computer.

But for troubleshooting how to interact with a some specific environments I maintain an onsite server. Fundamentally match the customers hardware specifications and network setup and then work through how to access it for support. We have a cloud hosted option available for VM’s and Virtual Appliance, but it’s pretty restricted as to what I can do.

EG, some customer’s utilize ARM which our cloud solution doesn’t provide an option to simulate. I picked up a bunch of pretty solid serves from some telecom company liquidation and it’s been pretty crucial in understand some customer environments.

Should probably been more vigilant to what I have open while sandboxing straight up simulated keystrokes and application inspection /facepalm

Yeah, that’s a pretty rough way to learn that lesson.

Best of luck in your appeals (should you choose to go that route).

Not looking to have this topic lead to a resolution, I don’t expect as much.

But I also work in a support network as well and we all know someone who will grab a ticket, see a sea of words, and then just send a canned response. I’m hoping to avoid that.

This is merely a means to communicate with someone on the blue side in case they have some insight into the likeliness of what I had present on my computer, and with a little luck, get an internal note or reference to this thread for some elaboration of what I included on my ticket.

I’m not trying to circumnavigate the process, but it always helps to have additional eyes on a subject of complexity, I often lean on my first step agents for clarity and assistance in understanding something as they’ve had the opportunity to ask questions and gain clarity, which I don’t.

This forum serves as an Information Desk to help folks navigate the Support ticket system, explain policies, explain account services etc. It is not actually a means to reach the team that takes tickets or appeals. What you can get here is guidance, and sometimes some clarification of what tripped a ban. They can share more about Social Infractions but the Anti-Cheat related bans they never share details on.

They also have never had a means to discuss an appeal with a live person. The Hacks team who handles anti-cheat is not reachable in-person. They are not going to subject the GMs/CS team to angry customers upset that the anti-cheat software flagged their account, or that they got reported and penalized for language.

They just go off the logs they have. If yours is a false positive, hopefully it gets escalated to the Hacks team for review.

EDIT - the folks taking tickets are required by Blizzard to use templates for appeal reviews. They won’t be able to discuss anything with you.

Some clarification would be great, it would allow me to gather some logs and evidence from my work systems to at least provide some authenticity to my previous statements.

They don’t use outside evidence. Any evidence you gather would be considered after-the-fact… Very easy to remove offending programs/apps/processes etc wouldn’t it?

They will never tell you what was detected, or how. Ever.

I mean, if I was the one generating these logs that would be a likely concern, but these would straight up be logs from the company I work for , which due to requirements of local and federal government regulations, would be un-editable and 100% transparent. Also to the T of milliseconds of logging activity, gaps would be present if something was removed and blatantly obvious.

It does not matter. They will not accept anything from outside Blizzard. Period. They don’t care WHY someone broke the rules, only that they did.

If you think this is specific to certain work software you can mention it in your appeal, but don’t send a block of text, and they don’t accept any screenshots, logs, files, or anything else.

Do you think that some verification of my employment would be valuable? If they wouldn’t accept logs at least proving that I have access and utilize what I’m explaining in a non malicious method?

Nope. They rely on their own logs, and only their own logs.

I am sorry, but no. None of that matters at all. They will not accept anything from outside and what we do for work, hobbies, etc. does not matter.

They really do expect us to avoid using WoW on systems with automation programs that are used to cheat in games. Even if not used directly with WoW, if it is running they license can be flagged. You should be pretty familiar with how anti-cheat software works.

Your WoW needs to live on a safe machine away from any automation programs.

If your whole account was closed - the one thing I can say is that even if it is a true positive, they MIGHT reduce it to a 6 month license penalty instead of a full account closure. The difference being account history and if it is a purely exploitive account like those used by the criminal gold farming/selling rings.

Best of luck with your appeals.

Seems counter intuitive to not take outside factors into the possibility of a false positive, I’m familiar with how anti-cheat and malicious detection works, but I’m also familiar with the process of identifying cross-over interactions that are unintended.

Automation programs are how a significant amount of modern tech and support works, so isolating an entire substantial workforce over the concept of how they make money (to be able to play), seems rash. There’s not a single part of my job that doesn’t incorporate some form automation for the sole reason that doing it manually and by hand is not nearly sufficient enough for some required response.

Let’s be honest chat GPT is answering 60% of university papers for people now, it can’t be so un modernized that any form of automation is considered a no go on a personal computer. The concept of safety in that statement is irrelevant, because it throws in the concept that all automation is unsafe and malicious, which is objectively untrue.

It doesn’t matter to Blizzard. Any automation software on your system is a no go. Doesn’t matter what your job is, doesn’t matter who your work for, it just doesn’t matter.

If there is automation software on your system, it’s a ban. Context doesn’t matter. It’s a binary thing. Do you have automation software on your system? If yes, ban.

An appeal isn’t a court of law. You don’t get to plead your case. You don’t get to talk to the hacks team. It’s a request for a different person to go over the logs. That’s it.

You also shouldn’t be playing WoW on a work computer if that software could lead to a ban. Separate computers for those activities. It’s solves a lot of issues.

Simply put:

Blizzard doesn’t want or allow any form of auto programs, much less work PCs. Folks had, time and again, been told to not use their work PC for WoW. No amount of ‘This place allows it’, or ‘My work can prove that I work for them and this is fine’ is going to make Blizzard turn account actions related to this.

By the end of the day, if Blizzard sees something that goes against the rules, and can prove it on their end, the action is going to stand. There’s no if, an’ts, or buts about it.

A reading of the previous comments will clarify that this is done on my personal computer that I utilize with an on-site server to troubleshoot and replicate issues on a sandbox environment due to the lack of usability of our cloud solution.

Wasn’t played on a work computer.

Merely a computer where I have work stuff present for me to be able to break and fix an environment that I can standup and tear down on a whim, as to not attempt solutions that would render a customers appliance unusable. Also helps with the speed to develop solutions as tapping out my work PC that I use for implementing developed solutions would be tied up with compiling.

So based on that presumption you can’t even be a hobbyist in regards to any form of automation or development of something that blizzard thinks interacts with their software.

Neat.

That’s still a violation.

No automation software. That’s it. Bottom line. They aren’t going to single out individual use cases or other reasons why someone would be using automation software.

They don’t care. It’s a blanket no. Specifically to stop people from doing what you are now, rules lawyering.

That is correct. Because Blizzard has no way of knowing your intentions. If they detect it, they have no choice but to assume malfeasance. IF you have legitimate reason to have that on your system, make damn sure you end task/stop it from running with extreme prejudice.