Jump to content

Malwarebytes Blocking/Flagging Private Internet Access Website as Malware


Go to solution Solved by Zynthesist,

Recommended Posts

I keep getting an alert that Malwarebytes is blocking a website.  I have excluded the application (pia-service.exe) from all detection, but it keeps popping up after I have added the exclusion.

Alert:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 4/26/21
Protection Event Time: 6:35 AM
Log File: 7bb11e28-a6ad-11eb-93b1-8cec4b70d7a4.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.39819
License: Premium

-System Information-
OS: Windows 10 (Build 19043.928)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Private Internet Access\pia-service.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: 
IP Address: 191.101.31.13
Port: 0
(No malicious items detected)
Type: Outbound
File: C:\Program Files\Private Internet Access\pia-service.exe

(end)

Link to post
Share on other sites

  • Staff
36 minutes ago, gernerttl said:

I keep getting an alert that Malwarebytes is blocking a website.  I have excluded the application (pia-service.exe) from all detection, but it keeps popping up after I have added the exclusion.

Alert:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 4/26/21
Protection Event Time: 6:35 AM
Log File: 7bb11e28-a6ad-11eb-93b1-8cec4b70d7a4.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.39819
License: Premium

-System Information-
OS: Windows 10 (Build 19043.928)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Private Internet Access\pia-service.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: 
IP Address: 191.101.31.13
Port: 0
(No malicious items detected)
Type: Outbound
File: C:\Program Files\Private Internet Access\pia-service.exe

(end)

Hello-

There is no domain listed in the log and the IP in the log is not in our database. Please tell us the domain that's being blocked so we can re-evaluate it.

Link to post
Share on other sites

Same thing here. The service apparently "pings" or otherwise establishes contact with a large number of ip addresses in order to route vpn connections as efficiently as possible, and does so even when you don't actually have a vpn connection active. There are too many addresses being blocked by MBAM to make it practical for me to post them all, or to add exclusions for them.

The folks at PIA claim they have no idea why MBAM is flagging these addresses, and suggested adding the whole "C:\Program Files\Private Internet Access\" folder to MBAM's exclusions, as well as various sub-folders and executables individually, but this doesn't seem to have any effect on MBAM's website blocking process, it just doesn't bother scanning those folders or files for malware anymore.

It's REALLY bad today, and the only way I can get MBAM to stop is to shutdown the pia service or turn off website blocking.

Link to post
Share on other sites

12 minutes ago, TeMerc said:

Hello-

There is no domain listed in the log and the IP in the log is not in our database. Please tell us the domain that's being blocked so we can re-evaluate it.

That is because Private Internet Access doesn't use domains for its VPN routing.  It routes through different IPs as needed to keep traffic from slowing down.

Link to post
Share on other sites

There's no domain because MBAM isn't logging it, it just reports the ip address it blocked. Here's an example:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 4/26/21
Protection Event Time: 1:41 PM
Log File: b352b1ee-a6b6-11eb-a3ff-001e37255085.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.39819
License: Premium

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Private Internet Access\pia-service.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain:
IP Address: 191.101.31.36
Port: 0
(No malicious items detected)
Type: Outbound
File: C:\Program Files\Private Internet Access\pia-service.exe

 

(end)

 

I've attached a screenshot of the MBAM Detection History Screen, taken a few minutes ago. Unless there's some way to automatically aggregate all of the blocked connection attempts that's all you're getting, because I've got better things to do than sit here for umpteen hours clicking the "export" button to generate a list of the blocked ip addresses.

2021-04-26 MBAM Detection History Screen.jpg

Link to post
Share on other sites

I wanted to add myself to the PIA impacted list as I too have been adding the IP's each time they are flagged to the Exclusion list.  I have had the full path to pia-service for some time, so this IP blocking is new to me too.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.