I am surprised no one has asked but if it wasnt agent.exe that caught everyone, how did the banwave happen? How did Blizz catch so many?
We wont ever know, and HB team has made no statement about how it was detected and if it still is or not yet.
It can be any of these methods: http://reverseengineering.stackexchange.com/questions/2262/how-can-dll-injection-be-detected Agent.exe is just a simple method to check on files.
Thanks for the Post. But what about the automatic game finding feature in the battle.net app? Does it scan the entire hard drive? And ProcMon doesnt show if the agent.exe access wow memory or? i started wow in a sandbox. agent.exe starts automatically at the login screen. After shutdown of wow. systemsurvey.exe gets started. it writes two files to disc addons.json cvars.json (dunno whats else it does collect that isnt written to disc)