Jump to content

Latest Mbam on 1909 Breaking Private Internet Access Split-Tunneling


Recommended Posts

On 1903, everything was functional.  Upon updating to Windows 10 1909, PIA can no longer split tunnel (having certain programs excluded from the VPN).  PIA and all associated files have been excluded from detection, as well as turning Potentially Unwanted Items to warn instead of automatic , yet, Web Protection is still interfering.  Mind you, not a single time have I received a notification of something being blocked or prevented from acting.

Upon disabling Web Protection, PIA Split-Tunneling is once again functional.  PIA support has directed me here, since it was determined to be an issue with Mbam.  

 

The only change between it functioning correctly, and now not functioning, was updating from Windows 10 Pro 1903, to W10 Pro 1909.  Over on the PIA reddit, someone else has stated that the latest Mbam itself has broken Split-Tunneling, but they are on Windows 7.  Mbam could of updated in the background without me realizing, but either way, the issue is Web Protection interfering somehow.  

 

TLDR; Either Mbams latest version, or Mbams functionality on Windows 1909, has broken the functionality of PIAs split-tunneling via Web Protection.

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column

    mbst_get_started.jpg
     
  7. Click the Gather Logs button

    mbst_advanced_gather_logs.jpg
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer

    mbst_getting_logs.jpg
     
  9. Upon completion, a file named mbst-grab-results.zip will be found on your Desktop. Click OK

    mbst_log_saved_desktop.jpg
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Link to post
Share on other sites

To exclude an item from Web Protection you must exclude it by selecting the Allow an application to connect to the Internet option as described in the section of the same name in this support article.  If Web Protection is blocking it, you should be able to exclude it that way and Malwarebytes should stop blocking it.

I hope this helps and if there is anything else we might assist you with please let us know.

Thanks

Link to post
Share on other sites

7 hours ago, exile360 said:

To exclude an item from Web Protection you must exclude it by selecting the Allow an application to connect to the Internet option as described in the section of the same name in this support article.  If Web Protection is blocking it, you should be able to exclude it that way and Malwarebytes should stop blocking it.

I hope this helps and if there is anything else we might assist you with please let us know.

Thanks

 

17 hours ago, Reaper511 said:

 PIA and all associated files have been excluded from detection, as well as turning Potentially Unwanted Items to warn instead of automatic , yet, Web Protection is still interfering.  

 

 

Wouldn't of made an account and this post if excluding it was functioning correctly.  The whole point of this point is literally that it's NOT excluding it, even with being allowed. 

 

On top of that, Mbam doesn't even say it's detected or prevented any modifications or tampering. 

Link to post
Share on other sites

2 hours ago, Reaper511 said:

 

Wouldn't of made an account and this post if excluding it was functioning correctly.  The whole point of this point is literally that it's NOT excluding it, even with being allowed. 

 

On top of that, Mbam doesn't even say it's detected or prevented any modifications or tampering. 

You stated in your post that you excluded from detection and as potentially unwanted; the exclusions for Web Protection are completely separate and must be created individually/separate from exclusions from other modules/components.  Your initial post never mentioned that you created exclusions from Web Protection using the Allow an application to connect to the internet which is why I instructed you to do so; that is the only way to exclude an application from Web Protection.  If you already did so, good, however if you did then it can't be Web Protection blocking it unless it is some sort of driver conflict as Malwarebytes allows all communications to/from any process excluded that way.

Link to post
Share on other sites

4 hours ago, exile360 said:

You stated in your post that you excluded from detection and as potentially unwanted; the exclusions for Web Protection are completely separate and must be created individually/separate from exclusions from other modules/components.  Your initial post never mentioned that you created exclusions from Web Protection using the Allow an application to connect to the internet which is why I instructed you to do so; that is the only way to exclude an application from Web Protection.  If you already did so, good, however if you did then it can't be Web Protection blocking it unless it is some sort of driver conflict as Malwarebytes allows all communications to/from any process excluded that way.

I stated "PIA and all associated files have been excluded from detection, as well as turning Potentially Unwanted Items to warn instead of automatic".  In addition to the folder exclusion, I did manually exclude all executables that PIA support told me to, via "Allow an application to connect to the internet". 

 

As I said before, its not excluding it from web protection.  Disabling web protection does fix it, but its non ideal to go with that mbam feature disabled.  

Link to post
Share on other sites

Yes, it must be conflicting then unfortunately.  Web Protection in Malwarebytes uses WFP; the same API's and framework as the built in Windows Firewall.  It sounds like something about how Web Protection is filtering is interfering with the Split-Tunneling feature.

If you would, please do the following so that we may gather data about the issue for the Developers and for further troubleshooting purposes:

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

Thanks

Link to post
Share on other sites

  • 4 weeks later...

Been trying to untangle what I thought was a network configuration rabbit hole for the last 2 days... and it was MB all along? 😡
Well, at least I know what the problem is now... 😪

I'm having the exact same problem. When web protection is on, it messes with PIA's ability to split tunnel an application.
When i tern web protection off, all is fine. But when i tern it back on. the split tunnel fails and the application sends all its traffic through the vpn.

I have added a bunch of PIA's executables as exclusions, and allowing them to connect to the internet, but nothing worked.

I also did not get any pop ups from MB that indicated that it blocked any connections or applications.

Version: 4.0.4.49
Update pack: 1.0.18922
Component Pack 1.0.810

Link to post
Share on other sites

Greetings,

If you would, please do the following so that we may take a closer look at what is happening with your system and Malwarebytes installation:

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

Thanks

Link to post
Share on other sites

The issue has been resolved as far as I can tell from the update I received today that prompted me to restart Mbam.

Web Protection and all other Mbam features are active, and PIA VPN split tunneling is once again fully functional.  

Though I have no idea what the update was.

Mbam V 4.0.4.49,

Update Package V 1.0.19012, 

Component Package V 1.0.823

 

Glad to see it fixed within a month.  Though I do not know if it was intentional, or a happy byproduct of part of you guys updating something else. 

 

Link to post
Share on other sites

I am not so lucky... However, it does look like the behaviour has changed... Before. The moment web protection was turned on, the split tunnel failed and traffic was going through the VPN. However, now, if you launch the app and it is split tunnelled by PIA, web protection does not immediately clock onto it when turned on. it only interferes if the program is closed and then relaunched while web protection is on.

I have also noticed that both PIA and Malware bites use Qt for cross platform app development. May this be why PIA users are being affected? If both are using the same network API for network manipulation, then that may be causing the conflict.

@Reaper511 Can you confirm that your split tunnel is still working after doing the following?
Tern web protection on, then completely close and reopen the application you have configured to bypass the PIA VPN. Then check to see if your application is connecting through your IP or through the PIA network.

Link to post
Share on other sites

12 hours ago, Adam-P said:



@Reaper511 Can you confirm that your split tunnel is still working after doing the following?
Tern web protection on, then completely close and reopen the application you have configured to bypass the PIA VPN. Then check to see if your application is connecting through your IP or through the PIA network.

Initially it was functional as normal.  But I have found the issue again and have narrowed it down.

 

My standard use is to have only one singular application to run through the VPN.  So previously I would select multiple applications to bypass the VPN and the one to be Forced through the VPN.  By default, any non specified apps would run through the VPN. Recently I updated to the PIA Beta, which added the additional option to set "All Other Apps" to either bypass the VPN, or to use the VPN.  During my initial post I did not have All Other Apps set to bypass.  Upon setting All Other Apps to bypass (besides the specific ones i have set to run through the VPN), it becomes functional again.

 

The issue still persists if you have have AOApps set to run through VPN.  From that, it appears that some specific app or service being ran through the VPN is causing Mbam to interfere.  But while not being ran through the VPN, Mbam doesn't care, yet my specified apps that are set to run through the VPN, are appropriately running through it.

Link to post
Share on other sites

16 hours ago, Reaper511 said:

Initially it was functional as normal.  But I have found the issue again and have narrowed it down.

 

My standard use is to have only one singular application to run through the VPN.  So previously I would select multiple applications to bypass the VPN and the one to be Forced through the VPN.  By default, any non specified apps would run through the VPN. Recently I updated to the PIA Beta, which added the additional option to set "All Other Apps" to either bypass the VPN, or to use the VPN.  During my initial post I did not have All Other Apps set to bypass.  Upon setting All Other Apps to bypass (besides the specific ones i have set to run through the VPN), it becomes functional again.

 

The issue still persists if you have have AOApps set to run through VPN.  From that, it appears that some specific app or service being ran through the VPN is causing Mbam to interfere.  But while not being ran through the VPN, Mbam doesn't care, yet my specified apps that are set to run through the VPN, are appropriately running through it.

That's not the case in my VM setup.
1. Start PIA beta and set Firefox to VPN only, with everything else set to bypass.
2. Make sure web protection is off.
3. Launch Firefox and Edge and google my ip.
4. Edge shows my ip - Firefox shows VPN ip (OK)
5. Close both browsers.
6. Tern web protection on.
7. Repeat step 3.
8. Edge and Firefox show my ip. (FAIL)
9. Tern off VPN.
10. Firefox can not connect to the internet. (OK) This is intended behavior as it is set to VPN only.
11. Tern on VPN.
12. Edge and Firefox show my ip. (FAIL)

So... The VPN's split tunnel is correctly blocking traffic when turned off (as it should) with web protection on. Yet fails to split tunnel the traffic through the VPN when the connection is established.

More info i have found.

Split tunnal data route. no web protection
Local address Bypass: 192.168.0.(MY PC) (OK)
Local address VPN: 10.2.11.6 (OK)

When the VPN split tunnals data. web protection on.
Local address Bypass: 10.2.11.6 (FAIL)
Local address VPN: 10.2.11.6 (OK)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.