Blizzard Windows Certificate

This is a continuation of the problem I am having with repeated requests with the startup of the WoW client to make changes to protected areas in Windows. I had previously reported information but did not provide the Blizzard certificate. The certificate is shown below. The only way I could get this information was to take a picture with my phone, send the picture to myself as a Gmail attachment, and then use a text extractor to copy the text from the Blizzard certificate picture. As you may know the User Account Control Screen is completely locked even from the Windows Snipping Tool. Shown below is the certificate.

Could you verify the certificate, let me know if it is a valid Blizzard certificate, and tell me how I can prevent these repeated requests to modify Windows on startup. I have done Windows Clean Installs, but this does not correct the problem. I assume you know how serious this problem could be to the integrity of the WoW client.

Battle.net Update Agent
Verified publisher: Blizzard Entertainment,
Inc.
File origin: Hard drive on this computer
Program location: "C:\ProgramData
logle0El=4 --adminport=50026 –
session-15172168262806048799
Show information about the publisher’s
certificate
Change when these notifications appear
Hide details

Blizzard Eotevtainménti Inc.
Genetal Details C
Certifia te Information
This certificate is intended for the following purpose(s)’
• Ensures software came from software publisher
• Protects software from alteration after publicatiorw
Issued to:
Issued by:
Blizzard Entertainment, Inc.
DigiCert Trusted G4 Code Signing RSA409&
SHA384 2021 CAI
Valid 10/4/2023 to 10/0/2020
l»uec Statement

Sorry about the text extractor messing up some of the words, but the certificate picture on the screen is slanted. Note the Valid date is messed up.

You may have better luck moving the thread to tech support.

No, on this stuff they just suggest I move the thread to Bug Report. lol
If you guys aren’t concerned, then I’ll try not to be concerned.
Being born a techie, it’s not easy to ignore.

PS I am so security concerned, I have on my passwords on a minicomputer that is ‘air-gapped’. That is, it’s not connected to ethernet or wifi.

Yeah that’s completely normal. It needs to be able to verify and change files or permisisons within the WoW folder, otherwise, you’re likely to get stuck in the infinite loop updater gauntlet. It also checks various windows and ntfs logs for anticheat related reasons and likely scans for potentially modified system files that can be used as vectors for cheating.

If it’s doing it on system startup, it means you have the launcher set to open on Windows startup. Other than that, you get two options: Either you allow the launcher and game client to do the tasks they require or you don’t play the game. It’s really that simple and they aren’t going to make a magic exception for you.

Maybe try writing them down on a piece of paper? And if you’re still paranoid, make some kind of cypher or something.

Oh, wow …

If you’re getting UAC prompts then I think it’s something specific to your PC. Once Battle.net is installed, I never have to see UAC prompts. It even opens the ACLs on the wow dir from memory so that anyone can modify it.

as a security-minded person, obviously you know that there’s always a balance to be struck between security and usability. it sounds like you’ve found the border between those two lands

I been playing this game for 20 years. I’ve never seen this kind of behavior. You only see this when a new Expansion or Patch or emergency patch is applied. These prompts are asking Windows to reduce its security for changing things that Windows does not normally allow to be changed. I don’t know why I am harping on this if you guys aren’t concerned. This will be my last post on this topic unless you guys have any questions.

Oh, BTW there is nothing I am aware of specific to my computer after a Windows Clean Install.

I would be willing to do another Windows Clean Install and only install WoW to see if WoW’s behavior is still abnormal. Your call.

Define clean install… Because from the sounds of it, you’re likely also using some kind of Windows privacy/debloater app along with it, or using a pre modified Windows ISO, which are notorious for stripping out key OS subsystems or locking permissions on some things that the game could potentially require.

If you really want to see what Blizzard is trying to access, open up the resource monitor, wait a minute, then go up to monitor->stop monitoring->start monitoring to reset the list->immediately launch the launcher or WoW->wait maybe 5-10 seconds->stop monitoring->sort by image and look for things pertaining to the launcher or game.

Testing it just now by opening the launcher and I see the following locations:

• WoW related folders
• some appdata local blizzard folders
• some programdata blizzard folders
• program files/battle.net related folders
• some dlls in C:\Windows\SysWOW64 (probably checking hashes to ensure they haven’t been tampered with)
• various NTFS related logs and whatnot like $Mft / $LogFile / $Deleted / $UsnJrnl (they keep track of every single file changed on the PC and are independent of Windows itself)

Nothing looks out of the ordinary if you’ve got an online game that has a user level anticheat protection(not kernel level).

Search “Create Windows 11 Installation Media”. I use the option to place the installation media on a USB drive.

Once the installation media is downloaded onto your USB drive, you start it by holding the shift key and restarting Windows. It will go through some preliminary stuff before warning you if you proceed everything on your hard drive will be erased. In the process there is an option to delete all the hard disk partitions on the drive which I take for reasons beyond what we need to discuss here.

When the clean install is finished, the only thing on your hard drive is Windows 11. Not a single application. If you are like me and build your own gaming machines, you understand that after building a new computer there is nothing on a newly installed hard drive. You would then load Windows which you had bought separately. After loading Windows, your system would look what it looks like if you did a clean install. Not a single application is present, only Windows.

If you buy a new desktop computer, it will come preloaded with a bunch of applications that you may or may not want. A Windows clean install will get rid of all those applications, but you must retain your Windows product key to input during the clean install. Once you have done a clean install, Microsoft retains the ‘ID’ of your computer so that you can subsequently skip entering the product key on subsequent clean installs on that computer.

I highly recommend building your own gaming machines. You have to learn all the parts you need to order and how those parts relate to each other. Maybe I love this kind of thing because when I start mainframe programming on the IBM 1401/1410 series, there was no operating system. Without an operating system you may wonder how you could even compile a program. That is an interest story for another time. This was before the IBM 360 series was released.

As far as the WoW problem we have been discussing, it’s just annoying to me. I haven’t found where it is doing any obvious harm, but Malware once in your system can be very hard to detect and eliminate. I am only guessing here, but I suspect something undesirable is going on with WoW, given the way it is behaving. What that is I don’t know.

If you have any further questions, I can answer, I will be happy to answer those questions. I am not familiar with the design, coding or other internals involved in WoW development.

Well either way, this likely isn’t the problem in this situation. From what I’m seeing, this is more of just a paranoia or worry you’re having, rather than an actual problem or bug.

I’ve built/upgraded/updated too many PCs to count and have been doing so for around 25 years now… (I did a lot of IT work while in highschool in the early 2000s)

No, it’s like I said, it’s pretty normal and to-be-expected behaviour for an online game that has an anticheat engine.

One last thing, the UAC comes up multiple times a day. Is it ok if I click “Yes”?
Otherwise, I don’t know if there is a real pending update or not.

I think the updater asks for access before it knows whether there’s an available update, perhaps because it has to be able to read the installed files to validate whether a potential update will be applicable to that installation.

Certainly, the user will never know in advance whether the updater is asking for access because an update is definitely pending, and there’s no rational basis to deny access by a trusted piece of software. And if you don’t trust the updater, why are you allowing it to run at all?

Good idea. I won’t let it run.

Then you will eventually hit the point where a patch needs to update the WoW client, but you won’t be able to, so the server list will give the incompatible realm message, you won’t be able to log into a server and you won’t be able to continue playing the game.

The End

I’m not worried about that. I watch for patch announcements. If your doomsday scenario comes about, I can always uninstall and then reinstall WoW.

I believe WoW should always install with the latest patches.

In any case thanks for the heads-up.

I really don’t get the distrust here. If you don’t trust the launcher to have needed access to your computer, why are you trusting it enough to have it installed and actively in use?

I have trusted the launcher since I started playing Vanilla WoW until recently when it started appearing more than 3 times per day. Under normal circumstances the launcher does not need that kind of access.

You know this whole conversation started out that I believed something was wrong with WoW or its launcher and wanted to pass this information on to you guys. I got the impression that many of you seemed to think I had a bee in my bonnet (lol).

Tell you what. I will start letting the launcher run every time it wants to by answering “Yes”. I’ll just go on faith that Blizzard has a valid reason. The worst thing that could happen is my desktop gets infected with malware. I’m prepared for that. I do a Windows clean install probably every two months just for precaution.

Some time ago, I reported to Microsoft via the Microsoft Insider Program that my account was receiving 10 to 15 failed sign-on attempts per day from foreign countries, mostly South America countries, but it really was not South America. I was never notified about those failed sign-on attempts when they happened. One day I looked at my Microsoft account, Security, Sign-on attempts. I saw where I was getting 10 to 15 failed sign-on attempts per day from foreign countries (I use 2FA which they could not break). It took Microsoft some time to put a stop to that. Today, I don’t get any.

I am not paranoid, but even paranoid people have enemies!

And in doing so, you’re allowing it to perform those exact same operations you’re being paranoid about… It just skips the UAC prompt because it’s a trusted installer and almost everything system related already has TrustedInstaller special permissions allowed.

The WoW installer on my computer does not need to run almost every time I start WoW, i.e. 3 to 4 times a day and annoy me by asking my permission. Is this happening with all WoW subscribers. If you tell me, it is, I applaud Blizzard for tightening up their security. Just don’t ask permission of the user and upset them with all this security stuff. It’s your product.

For your information all my sensitive applications, like Fidelity Active Trader Pro, are on another computer that (1) is air gapped and (2) has 2FA at a minimum. I have a lot of assets and other stuff that needs to be well protected. If you knew what is currently going in the current active cyber war between the US, Russia, China, North Korea, and Iran, even you would be more security conscience. Serious malware, once installed, hides until called upon up to act. The cyber war is constant, very serious, and ongoing. Don’t think because you are not on the front line and have a little home computer, you are immune.

I know to you, what I do seems extreme, but it is not. When I worked in intelligence for the military at the underground at SAC Headquarters in Bellevue, Neb. in the late 60’s during the Vietnam war, I learned a lot about security. Everything, and I mean everything, was shielded and air gapped for a good reason. All vaults were separately shielded. To get in a vault you not only had to know the door lock combination, but there was a guard on the other side of the door watching you on a video camera. If he didn’t recognize you, you didn’t get in even if you knew the door combination. In fact, you got arrested by the military guards, marched to the front desk where they called your boss to vouch for you and come get you. One day a friend of mine forgot his badge when he went to cafeteria. He was arrested and force to run all the way from the underground with the guards tapping him with batons and telling him to run faster (don’t want to give them time to think). He didn’t forget his badge after that.

Anyway, I am telling you all this because we are all involve in the cyber wars currently going on, whether you are aware of it or not.

I won’t complain on this subject anymore. But I will answer any questions you have. I was on a 10-year requirement not to talk about this spy satellite program This requirement expired in the 70’s. Technology moves fast.