Jump to content

Private Internet Access issue


Recommended Posts

Any update on this? Last post was May 5, more than a month ago. I'm having the same issue. If I turn off Web Protection (!!) than PIA's Split Tunnel seems to work. If I enable Web Protection it doesn't. I get no notification that anything is being blocked. I added PIA apps to MalwareBytes exclusions and still same issue.

I do not want to leave Web Protection off. I bought MalwareBytes so I can have it on. 

Link to post
Share on other sites

1 hour ago, alamarco said:

I do not want to leave Web Protection off. I bought MalwareBytes so I can have it on. 

Since we have no recent Support logs in your forum history to view...

We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support xxx.xx.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

Link to post
Share on other sites

27 minutes ago, exile360 said:

Greetings,

A member of the staff will likely respond to this thread once a fix has been released.  Until then your only options are the choices provided by LiquidTension above in post #4.

Hopefully a fixed version will be available soon.

 

Those aren't very good choices. The choice is to disable Web Protection or downgrade to an earlier version of MBAM. Both of those options are insecure and in my opinion shouldn't even be recommended.

Disabling Web Protection is obviously insecure. We use MBAM to secure ourselves from threats. Why even have MBAM if we disable Web Protection so nonchalantly? I'm not browsing the web without having my system secured.

As for downgrading, what version? Depending on how far back we have to go we could be introducing vulnerabilities in MBAM that were recently fixed that allows attackers to circumvent MBAM. Just looking at the release notes I see the past few updates reference BSOD fixes. Which version should we be using?

Obviously bugs aren't fixed instantly. I was just asking for an update. It's been a month and it hasn't been fixed so I was hoping @LiquidTension or someone else could provide an update. Has it been fixed and just being tested by QA? It's not fixed yet, but it's close to being ready for QA? You won't see a fix until 2021. Just looking for information. This is a major bug where the only workaround is making our systems less secure. 

24 minutes ago, Porthos said:

Since we have no recent Support logs in your forum history to view...

We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

 

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support xxx.xx.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

 

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Are logs needed? Based on the replies before mine, it sounded like the issue has been identified. I apologize if I wasn't clear in my initial post, but I was just looking for information on the status of this issue. 

Link to post
Share on other sites

30 minutes ago, alamarco said:

but I was just looking for information on the status of this issue. 

It has not been able to be replicated in house by the Dev team. So no ETA.

30 minutes ago, alamarco said:

Are logs needed? Based on the replies before mine

Each computer is different hardware and software wise so yes logs are very important.

31 minutes ago, alamarco said:

As for downgrading, what version? Depending on how far back we have to go we could be introducing vulnerabilities in MBAM

You would still be on version 4. 4.0.4 to be exact. It is the last version before issues started to crop up with some users.

It still has full definition update just as often as the current version. Still a fully functioning product.

Link to post
Share on other sites

43 minutes ago, Porthos said:

It has not been able to be replicated in house by the Dev team. So no ETA.

Each computer is different hardware and software wise so yes logs are very important.

This is exactly why I asked for information. It's been over a month since the last post. If the dev team has not been able to reproduce the issue, why has nothing been said? This is so frustrating when developers do this. Total lack of respect. I'm a developer too. If I didn't respond back to customers who have major issues I'd get fired. I will never understand when something can't be produced the end result is to forget about it. It's been a month. No one ask for more logs. No one asked for more information. Nothing. Just silence. Complete lack of respect. I will get the logs and attach them. I would appreciate if this topic can keep being updated. If the logs don't help, say something. If more information is needed, say something.

43 minutes ago, Porthos said:

You would still be on version 4. 4.0.4 to be exact. It is the last version before issues started to crop up with some users.

It still has full definition update just as often as the current version. Still a fully functioning product.

Definition updates aren't everything. Anti-Virus applications are targets themselves. For example, if I can cause a buffer overflow and crash the AV, I'm free to infect the machine. If all that mattered were definition updates we wouldn't be getting updates to MBAM itself. Then there are other areas such as 4.1.0.56 which includes "Improved anti-exploit detection and remediation". So by going back to 4.04 I lose that improved anti-exploit detection. There is also "Addressed: Certain Ransomware protection incompatibilities with Kaspersky, iTunes and Photoshop". Those are pretty significant security issues that I lose out on by downgrading.

It's a functioning product, but it's less secure. 

Anyway, logs have been attached. 

mbst-grab-results.zip

Link to post
Share on other sites

4 hours ago, alamarco said:

I added PIA apps to MalwareBytes exclusions and still same issue.

Have you added the following folders to exclusions?

Quote

C:\Users\Alessandro\AppData\Local\Private Internet Access
C:\Program Files\Private Internet Access

And have you added the following exclusion to applications that connect to the internet and also as a file exclusion as well.

Quote

C:\WINDOWS\system32\Drivers\tap-pia-0901.sys
C:\WINDOWS\system32\Drivers\PiaWFPCallout.sys

 

24 minutes ago, alamarco said:

This is exactly why I asked for information. It's been over a month since the last post. If the dev team has not been able to reproduce the issue, why has nothing been said?

The issue is Not affecting everyone. There is only a handful out of millions of users.

Everyone is / was working from home since March and issues are harder to track down since there was not an office full of test systems to work with.

Also you jumped on someone else's topic and until now have never supplied the logs for anyone to examine.

We want nothing more than to assist you with your issues.

Link to post
Share on other sites

33 minutes ago, alamarco said:

...if I can cause a buffer overflow and crash the AV, I'm free to infect the machine. If all that mattered were definition updates we wouldn't be getting updates to MBAM itself. Then there are other areas such as 4.1.0.56 which includes "Improved anti-exploit detection and remediation". So by going back to 4.04 I lose that improved anti-exploit detection. There is also "Addressed: Certain Ransomware protection incompatibilities with Kaspersky, iTunes and Photoshop". Those are pretty significant security issues that I lose out on by downgrading.

While it is certainly true that keeping your anti-malware application(s) up to date is very important, including for the best protection, I do know that issues such as buffer overflow attacks, particularly against Malwarebytes, but also for any of the default shielded apps at minimum will be prevented/detected as such generic exploit types/attack types are behaviorally shielded (no definition updates required; in fact, as far as I know, the Exploit Protection component uses no definitions, or at least it never did in the past).  It may include generic shielding for all system memory for such attacks as well, though a member of the staff would have to provide details to know for sure as it's been a while since I was employed on the Product team and I cannot recall all the details of what is shielded by default.  That of course does not mean that newer versions are not going to provide better protection, because of course they very likely will, however the protection provided by a recent version such as the working build being suggested should still be sufficient.

The compatibility issues with Ransomware Protection have nothing to do with any sort of protection.  They were conflicts resulting in the applications listed not functioning properly, however system protection was not compromised by these issues (though system performance may be an issue with Kaspersky if installed with an affected build of Malwarebytes).

I have no idea whether the Developers have successfully reproduced the issue or not, nor do I know if they have isolated the cause within the code to develop a fix, however I do know that whenever an issue like this comes up and they do require additional info, one of the staff members will respond requesting whatever logs/info they require for analysis/troubleshooting/replication, otherwise you should expect one of the staff members to respond to this and other threads where this issue has been reported once it has been fixed in a new release to indicate it has been fixed with instructions to upgrade if affected and to let us know if any further issues are encountered.  If you are eager for the fix and comfortable with running beta software, you might keep an eye on the forums here for any new beta releases of Malwarebytes 4 and check the release notes to see if it mentions this issue being fixed.  New betas should be posted in a new topic in this area when they are made available along with a list of release notes for issues fixed and features added.

I hope that helps to clarify things a bit.

Edited by exile360
Link to post
Share on other sites

5 minutes ago, Porthos said:

Have you added the following folders to exclusions?

And have you added the following exclusion to applications that connect to the internet and also as a file exclusion as well.

Yes, I added those exclusions. Currently they are removed because they didn't work and I don't feel having a large list of exceptions that didn't do anything.

5 minutes ago, Porthos said:

The issue is Not affecting everyone. There is only a handful out of millions of users.

Everyone is / was working from home since March and issues are harder to track down since there was not an office full of test systems to work with.

Of course COVID-19 complicates things, but no reply? You said it yourself that the dev team couldn't replicate the issue. Whether your working from home or working from the office, it doesn't take much to respond to a forum asking for more information if needed.

5 minutes ago, Porthos said:

Also you jumped on someone else's topic and until now have never supplied the logs for anyone to examine.

So? I jumped in because I'm having the same issue. There has been no response to this topic in over a month when the situation was that they couldn't duplicate and needed more information. Why wasn't it posted here for the OP to get more information? I provided some just now, but there was a full month of nothing. If MB responded to this thread and said they needed more information it could have been supplied by the OP sooner.

3 minutes ago, exile360 said:

While it is certainly true that keeping your anti-malware application(s) up to date is very important, including for the best protection, I do know that issues such as buffer overflow attacks, particularly against Malwarebytes, but also for any of the default shielded apps at minimum will be prevented/detected as such generic exploit types/attack types are behaviorally shielded (no definition updates required; in fact, as far as I know, the Exploit Protection component uses no definitions, or at least it never did in the past).  It may include generic shielding for all system memory for such attacks as well, though a member of the staff would have to provide details to know for sure as it's been a while since I was employed on the Product team and I cannot recall all the details of what is shielded by default.  That of course does not mean that newer versions are not going to provide better protection, because of course they very likely will, however the protection provided by a recent version such as the working build being suggested should still be sufficient.

The buffer overflow was just an example, that should have been clear. The entire point is applications can be exploited and updates patch those exploits.

3 minutes ago, exile360 said:

The compatibility issues with Ransomware Protection have nothing to do with any sort of protection.  They were conflicts resulting in the applications listed not functioning properly, however system protection was not compromised by these issues (though system performance may be an issue with Kaspersky if installed with an affected build of Malwarebytes).

So install the old version and I have issues with iTunes. Great.

3 minutes ago, exile360 said:

I have no idea whether the Developers have successfully reproduced the issue or not, nor do I know if they have isolated the cause within the code to develop a fix, however I do know that whenever an issue like this comes up and they do require additional info, one of the staff members will respond requesting whatever logs/info they require for analysis/troubleshooting/replication, otherwise you should expect him or one of the other staff members to respond to this and other threads where this issue has been reported once it has been fixed in a new release to indicate it has been fixed with instructions to upgrade if affected and to let us know if any further issues are encountered.  If you are eager for the fix and comfortable with running beta software, you might keep an eye on the forums here for any new beta releases of Malwarebytes 4 and check the release notes to see if it mentions this issue being fixed.  New betas should be posted in a new topic in this area when they are made available along with a list of release notes for issues fixed and features added.

I hope that helps to clarify things a bit.

Nothing needs to be clarified. This is an issue which has been ignored. Again, no response for over a month when more information was needed. If I didn't respond to this the issue would have been left in the dust. 

Link to post
Share on other sites

42 minutes ago, alamarco said:

So? I jumped in because I'm having the same issue. There has been no response to this topic in over a month when the situation was that they couldn't duplicate and needed more information. Why wasn't it posted here for the OP to get more information?

When you start your own topic the first post after is automated and asks for logs.

The OP's post was moved from another section of the forums and the op already provided logs and was given the only response available currently even though it was May 5th. There has been no new developments and when there is they will go back to all the topics about a fix when they have one. To keep posting  frequent updates that say no news is not easily done.

On 5/5/2020 at 5:14 AM, LiquidTension said:

Thank you for the report. We're aware of the issue and have a defect filed. In the meantime, you will need to keep Web Protection disabled or revert to an earlier version to use the affected functionality in your VPN software.

 

50 minutes ago, alamarco said:

So install the old version and I have issues with iTunes. Great.

Itunes had an easy workaround if I remember correctly.

 

51 minutes ago, alamarco said:

it doesn't take much to respond to a forum asking for more information if needed.

Your post was buried with some one else's post. Sorry we overlooked it. Notifications on new posts to topics that we subscribed to is been hit and miss.

 

54 minutes ago, alamarco said:

If I didn't respond to this the issue would have been left in the dust. 

Yes, since there not updates to disclose.

Link to post
Share on other sites

27 minutes ago, Porthos said:

When you start your own topic the first post after is automated and asks for logs.

The OP's post was moved from another section of the forums and the op already provided logs and was given the only response available currently even though it was May 5th. There has been no new developments and when there is they will go back to all the topics about a fix when they have one. To keep posting  frequent updates that say no news is not easily done.

You literally asked me for logs because the current status is not being able to duplicate the issue and thus needed more information. Why was the OP not asked for more logs or more information if it was needed?? How is this even an argument. If I didn't respond there would be no new logs. There would be no new information. How long would it take you to ask the OP for more information. Obviously not a month was enough. How long would it take for someone to respond saying they need more information?

You aren't posting frequent updates saying nothing new. You're posting to ask for additional information. Information that was needed because you can't duplicate the issue. As soon as it couldn't be duplicated is when this topic should have been responded to asking for additional information. By not asking it has delayed the resolution of this issue. The fact that you are arguing against this is ridiculous and is making me reconsider using MalwareBytes. If this is the level of thought that goes into making the product I should start looking at alternatives.

Ridiculous.

27 minutes ago, Porthos said:

Your post was buried with some one else's post. Sorry we overlooked it. Notifications on new posts to topics that we subscribed to is been hit and miss.

Over looked what? The issue that NO ONE responded to this topic before I did. The devs can't duplicate an issue. They need more information. Yet NO ONE asked for more information. The OP doesn't have their issue solved and is patiently waiting for a resolution has no idea that more information is needed.

Again, if I didn't respond when was ANYONE going to respond to the OP of this topic that more information was needed? One month went by. Looks to me like no one was going to EVER respond again. Ridiculous. 

27 minutes ago, Porthos said:

Yes, since there not updates to disclose.

You needed more information!!! You can't duplicate it!!! That's an update. Whether it being asking for the OP to provide more information or more users to submit logs who are having the same issue. If you can't duplicate an issue the first thing you do is go back to the customer and ask more questions. Again, I'm baffled at how this is even an argument. Ridiculous. This is what MalbareBytes stands for??

Link to post
Share on other sites

9 minutes ago, alamarco said:

You literally asked me for logs because the current status is not being able to duplicate the issue and thus needed more information.

We had no logs from you and I attemped to explain why you were not automatically asked for them.

 

11 minutes ago, alamarco said:

Why was the OP not asked for more logs or more information if it was needed??

Was not needed, We have his logs and nothing has changes since.

 

12 minutes ago, alamarco said:

How long would it take you to ask the OP for more information.

See above.

13 minutes ago, alamarco said:

As soon as it couldn't be duplicated is when this topic should have been responded to asking for additional information. By not asking it has delayed the resolution of this issue.

The May 5th post explained what to do until a fix is ready.

So far no new info was need from the OP... Your post was new and in someone else's topic so it wasn't noticed and was not auto-responded by the automatic response bot with the request for logs like the following screenshot shows.

We/ I  stumbled across your post a few hours ago and after looking at you post history found that you did not have any logs in your posts so I asked for them.

I am sorry you expected more. This is a very busy community and "staffed" with long time volunteers like myself and Exile who also replied. The staff are here as well but do not respond very often or to every post because those of us volunteers can handle most things and when needed we can alert the proper staff member to assist. On that note, I will end by alerting @LiquidTension to acknowledge your logs.

 

2020-06-12_18h40_57.png

Link to post
Share on other sites

10 minutes ago, Porthos said:

We had no logs from you and I attemped to explain why you were not automatically asked for them.

I shouldn't have even needed to have responded if SUPPORT had done their jobs properly.

10 minutes ago, Porthos said:

Was not needed, We have his logs and nothing has changes since.

You couldn't duplicate the issue!! More information was/is needed. As soon as you can't duplicate an issue you go back to the customer and ask more questions. That is basic support. Basic level. Are you kidding me right now. Thanks to you I am looking at alternatives. Your stubbornness is incredible.

10 minutes ago, Porthos said:

See above.

My god... 

10 minutes ago, Porthos said:

The May 5th post explained what to do until a fix is ready.

The workaround was to disable security. Again, are you kidding me right now. You needed to ask for more information and are trying to defend the fact that you didn't. What kind of support is this? Its amateur hour at MB? Ask for more information. Simple. 

10 minutes ago, Porthos said:

So far no new info was need from the OP... Your post was new and in someone else's topic so it wasn't noticed and was not auto-responded by the automatic response bot with the request for logs like the following screenshot shows.

We/ I  stumbled across your post a few hours ago and after looking at you post history found that you did not have any logs in your posts so I asked for them.

You couldn't duplicate the issue. You needed more information. Period. Any basic support worker or developer goes back to the customer if they can't duplicate an issue. Fixing code is difficult if you can't reproduce it. Not just finding where the issue is in the code, but knowing you actually fixed it. If you can't duplicate it how do you know you fixed it? So as soon as you can't duplicate you need to go back to the customer and ask for more information that will help you duplicate it. So saying no new information was needed is ridiculous. You're too stubborn to admit that MB dropped the ball. My post has nothing to do with anything and shouldn't have been needed if MB actually cared about customer issues. Seriously, you give MB a very bad look. I will no longer be recommending this software to people. 

10 minutes ago, Porthos said:

I am sorry you expected more. This is a very busy community and "staffed" with long time volunteers like myself and Exile who also replied. The staff are here as well but do not respond very often or to every post because those of us volunteers can handle most things and when needed we can alert the proper staff member to assist. On that note, I will end by alerting @LiquidTension to acknowledge your logs.

"I am sorry you expected more". Give me a break. The issue couldn't be duplicated and no one responded task for more information when it was needed. I'm sorry you don't give proper support to your paying customers.

Link to post
Share on other sites

2 minutes ago, alamarco said:

The issue couldn't be duplicated and no one responded task for more information when it was needed.

We responded to YOU for more info when YOU posted. We did not need duplicate info from the original poster. We need as many logs from as many affected systems as we can get to weed through the issue.

We responded for that info in a timely matter and IF any thing else is needed you will be asked but for now we have what is needed. I thank you for the logs and they have been reported to those responsible for the research.

Link to post
Share on other sites

3 minutes ago, Porthos said:

We responded to YOU for more info when YOU posted. We did not need duplicate info from the original poster. We need as many logs from as many affected systems as we can get to weed through the issue.

We responded for that info in a timely matter and IF any thing else is needed you will be asked but for now we have what is needed. I thank you for the logs and they have been reported to those responsible for the research.

Did you seriously just delete all the posts? It just keeps getting worse. Seriously. I'm so glad I posted today and found out how seriously unprofessional this company is. Incredible really. 

You needed more information. When you can't duplicate an issue you need to ask the customer for more information. Period. If you needed more logs from other users you should have posted asking so. Stubborn. Deleting the proof of how unprofessional you really are. I'm done with MB. Uninstalling and going with your competitors. Thank you again for showing how MB is not to be trusted with security.

Link to post
Share on other sites

3 minutes ago, alamarco said:

Did you seriously just delete all the posts? It just keeps getting worse. Seriously. I'm so glad I posted today and found out how seriously unprofessional this company is. Incredible really. 

You needed more information. When you can't duplicate an issue you need to ask the customer for more information. Period. If you needed more logs from other users you should have posted asking so. Stubborn. Deleting the proof of how unprofessional you really are. I'm done with MB. Uninstalling and going with your competitors. Thank you again for showing how MB is not to be trusted with security.

An admin  gave you your own topic. It seems a few posts were missed and will be fixed soon.

 

Edited by Porthos
Link to post
Share on other sites

Porthos does not work for Malwarebytes so he has no first-hand knowledge as to whether or not Malwarebytes' Developers and/or QA staff has successfully replicated this issue or not; it is simply standard procedure to request the logs here on the forums for diagnostics and troubleshooting purposes (for virtually all issues, especially related to the Malwarebytes product).  Had additional information been required by Malwarebytes, LiquidTension would have requested them rather than just indicating what your options are at this point until it is resolved.  When LiquidTension stated that they had a defect filed for the issue, this means that they are already tracking it in their backlog of items being worked on for a future release.  This along with the fact that he requested no logs indicates there is no further need for info/logs from affected customers for this particular issue.

The issues with iTunes did not impact all users; if it had the forums would be full of users complaining about it as iTunes is a very commonly installed application, both by users as well as coming preinstalled on many systems.  There are only a handful of threads about the issue, even if you look back at the time that the most recent version of Malwarebytes which was available was impacted by this issue.  I realize the brief entry in the release notes does not indicate this, but it is true based on testing as well as the support requests that came in when the issue was still active; it was an obscure bug only impacting a relatively small number of iTunes users.  The Kaspersky issue was much more prevalent, however it initially occurred due to a change in one of the most recent Kaspersky product updates, not due to any change in Malwarebytes, though Malwarebytes' Developers were able to isolate the cause/trigger for the issue and correct it on their end.

At this point there are no updates about this issue to share because the company does not publish their roadmaps or the status of items which are to be fixed in the future since release dates are always subject to change and new priorities and issues may arise in the meantime which take precedence over other existing issues which may shift development resources, thus changing when a new version or particular fix may be available; this is also why I indicated that once the issue is fixed a staff member will respond to the threads of affected users to inform them.  The timeframe is unknown and ETAs are generally not provided as mentioned, so I would recommend watching your email at this point for notifications about responses to this thread, or simply watch the forums here for news on new releases.

Link to post
Share on other sites

  • 6 months later...

Any update to a possible fix?  This is the first time I've tried to use Split Tunnel with PIA and since it didn't work, I went through PIA support to troubleshoot.  The only fix that worked was to disable/close MBAM.

I am on the latest updates to everything incl Windows, MBAM, PIA etc.

Link to post
Share on other sites

  • 1 month later...

I am seeing errors from Malwarebytes that PIA is riskware. I have been using them for more than a year now. Is this a problem with their services or is it a false positive?

Here is the message I am seeing.

image.png.63d737c86b89f5e26629bc120cce8708.png

When I look up that address on ipqualityscore.com, I see that it's a location in the UK.
image.png.fb8e274ecdbb68f6fce54ef94fd1ffbf.png

My VPN is currently TURNED OFF. I can't explain why it would be connecting to someplace in the UK as I don't use that location in any case.

Link to post
Share on other sites

4 minutes ago, Underdog said:

I have contacted Private Internet Access and submitted a ticket about this. In the meantime, I thought that since this appears to be a consolidation of messages about Private Internet Access I should post here with the information I have.

You already posted in the other topic so let this one die.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.