Jump to content

Malwarebytes Blocking/Flagging Private Internet Access Website as Malware


gernerttl
Go to solution Solved by Zynthesist,

Recommended Posts

I keep getting an alert that Malwarebytes is blocking a website.  I have excluded the application (pia-service.exe) from all detection, but it keeps popping up after I have added the exclusion.

Alert:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 4/26/21
Protection Event Time: 6:35 AM
Log File: 7bb11e28-a6ad-11eb-93b1-8cec4b70d7a4.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.39819
License: Premium

-System Information-
OS: Windows 10 (Build 19043.928)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Private Internet Access\pia-service.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: 
IP Address: 191.101.31.13
Port: 0
(No malicious items detected)
Type: Outbound
File: C:\Program Files\Private Internet Access\pia-service.exe

(end)

Link to post
Share on other sites

  • Staff
36 minutes ago, gernerttl said:

I keep getting an alert that Malwarebytes is blocking a website.  I have excluded the application (pia-service.exe) from all detection, but it keeps popping up after I have added the exclusion.

Alert:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 4/26/21
Protection Event Time: 6:35 AM
Log File: 7bb11e28-a6ad-11eb-93b1-8cec4b70d7a4.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.39819
License: Premium

-System Information-
OS: Windows 10 (Build 19043.928)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Private Internet Access\pia-service.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: 
IP Address: 191.101.31.13
Port: 0
(No malicious items detected)
Type: Outbound
File: C:\Program Files\Private Internet Access\pia-service.exe

(end)

Hello-

There is no domain listed in the log and the IP in the log is not in our database. Please tell us the domain that's being blocked so we can re-evaluate it.

Link to post
Share on other sites

Same thing here. The service apparently "pings" or otherwise establishes contact with a large number of ip addresses in order to route vpn connections as efficiently as possible, and does so even when you don't actually have a vpn connection active. There are too many addresses being blocked by MBAM to make it practical for me to post them all, or to add exclusions for them.

The folks at PIA claim they have no idea why MBAM is flagging these addresses, and suggested adding the whole "C:\Program Files\Private Internet Access\" folder to MBAM's exclusions, as well as various sub-folders and executables individually, but this doesn't seem to have any effect on MBAM's website blocking process, it just doesn't bother scanning those folders or files for malware anymore.

It's REALLY bad today, and the only way I can get MBAM to stop is to shutdown the pia service or turn off website blocking.

Link to post
Share on other sites

12 minutes ago, TeMerc said:

Hello-

There is no domain listed in the log and the IP in the log is not in our database. Please tell us the domain that's being blocked so we can re-evaluate it.

That is because Private Internet Access doesn't use domains for its VPN routing.  It routes through different IPs as needed to keep traffic from slowing down.

Link to post
Share on other sites

There's no domain because MBAM isn't logging it, it just reports the ip address it blocked. Here's an example:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 4/26/21
Protection Event Time: 1:41 PM
Log File: b352b1ee-a6b6-11eb-a3ff-001e37255085.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.39819
License: Premium

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Private Internet Access\pia-service.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain:
IP Address: 191.101.31.36
Port: 0
(No malicious items detected)
Type: Outbound
File: C:\Program Files\Private Internet Access\pia-service.exe

 

(end)

 

I've attached a screenshot of the MBAM Detection History Screen, taken a few minutes ago. Unless there's some way to automatically aggregate all of the blocked connection attempts that's all you're getting, because I've got better things to do than sit here for umpteen hours clicking the "export" button to generate a list of the blocked ip addresses.

2021-04-26 MBAM Detection History Screen.jpg

Link to post
Share on other sites

  • 9 months later...

I am also getting them a lot recently.  Been a few updates that I don't recall which version specifically started it. 

However, the recommended solution is to turn off Web protection, which will start warning you that it is turned off and makes it look like that there is a bigger problem of Real Time Protection being turned off.   Really?

I have also tried adding using the web exclusion to slow down the messaging, but it still comes...  

The thing that concerns me a little more are the notifications that are not from PIA, but from the SYSTEM!!!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.