Latest Mbam on 1909 Breaking Private Internet Access Split-Tunneling

[Adam-P]

I also noticed that Malware bytes service listens on localhost (127.0.0.1) for web protection.
PIA tunnels bypassed traffic to your internet adapter directly by sending it to 192.168.*.*(your internet adapter).
When web protection is on. All traffic is instead routed to the VPN interface 10.7.10.6 despite the split tunnel settings.

PIA do state that using split tunneling can interfere with connections through loop back adapters such as localhost 127.0.0.1, and state that you want to connect to such interfaces using your pc's local address 192.168.*.*

So, this suggests that PIA makes some routing modification to localhost in order to do split tunneling. So now the question is. what networking modifications in windows 1909 over 1903 were made, that makes MB web protection override this modification when to listening to localhost?
 

[LiquidTension]

Hi all,

Thank you for reporting this issue. Everyone's efforts here are greatly appreciated. We have a defect filed for this.

We're currently working on various fixes and improvements to Web Protection, that we hope to make available in an upcoming update. Please standby for this. Once it's released, I'll update this topic.

[chub_rock1]

Hoping for a fix to this soon, can share logs also it that helps

[LiquidTension]

Hi @chub_rock1,

Thank you for your patience with this. Improvements to Web Protection are still being worked on. We'll provide an update on the issue as soon as possible.

[LiquidTension]

@chub_rock1, @Adam-P, @Reaper511

Hi all,

We've released a new component update with various Web Protection-related fixes. The component package version is 1.0.875.

Could you let us know if this addresses your VPN issue or not. Thank you!

[chub_rock1]

Hi, I have tested PIA with this latest component package version and it still has the same behavior of breaking the split tunneling.  As soon as I toggle web protection off it works again.

[Reaper511]

6 hours ago, chub_rock1 said:

Hi, I have tested PIA with this latest component package version and it still has the same behavior of breaking the split tunneling.  As soon as I toggle web protection off it works again.

Can confirm.  Exactly the same unfortunately.

 

Any app set to run through VPN only, still will not.  Mind you, the killswitch will work if the VPN is closed, but your IP will not change when open or not.

 

I don't recall if I mentioned it, but if said program you have set to run through VPN only, has any configuration options to bind to a specific network interface, then if you bind it to the network interface/adapter the VPN runs through  (Private Internet Access Network Adapter), it will function correctly.  Unfortunately, things like browsers and all of that don't have options to bind to a specific network interface.  If you're lucky and your program does have network interface binding, then it will function appropriately.

 

That makes me think that Malwarebytes web protection, is preventing programs from switching over to the VPNs network interface/adapter.  

[exile360]

Thanks for the additional details/theory.  I've made a note of it and will pass it on to the Product team and hopefully it will aid them in resolving this issue.

[LiquidTension]

Thank you for the feedback and your continued patience. We do have a defect filed for this issue and hope to have an update for it in the future.