Jump to content

Private Internet Access is being flagged as Compromised and Malware

Recommended Posts

After I was forced to install the Premium version of Malwarebytes, yes, forced, as there is no option of being able to use it without trying it for two weeks. It kind of rubbed me the way at first but realize I didn't have to put in an email address to try it. You did grab my computer name in your history but I will live.

My issue is that Real Time Protection (RTP) is blocking my Private Internet Access  outbound calls that the program performs and labels them as being Compromised or Malware. I have been assured by PIA that neither of these is true. They also informed me that they have provided Malwarebytes with a list of IP address that should be whitelisted to avoid this problem but as I use your Premium version, have not done so. 

I have added the files and folders to the exception list (image below) at PIA's recommendation because I am not the only customer who has inquired about this issue but I still receive messages that they are Compromised or Malware. I do noticed that when I put in the exception of file location  C:\Program Files\Private Internet Access\pia-serivice.exe that Malwarebytes simply ignores because I still see the path in history. The fact that you have labeled an outbound call specially as malware, knowing that this is false, doesn't give me a lot of confidence in your software.

The new ones that I am noticing are coming from System, which is a little more concerning if they all didn't have Blocked website as an action. I am assuming every IP is a potential website? They get flagged by have no information to what System file is trying to make an outbound call. How am I supposed to decide if it is a legitimate issue or not? I don't even know what constitutes as a System file and am certainly not going to allow/block all outbound traffic for Windows 11. Since your exception list is ignoring my files and folders within PIA I am assuming you want me to add each individual IP address to the list? I am not sure if that is the case but I am only adding the IP's that have a direct path to PIA. If I wanted to be really sure, I would have to request that PIA validated each of the IP address individually because my software could be infected and allowing all traffic coming from these file and folder locations makes my computer a risk now.  Oh, a big annoyance is not being able to copy the IP address and add it immediately to the exception list. I have to type it down on notepad and double check the numbers because if i type one number incorrect that itself is a entry point.

So, after entering in the IP address individually, it doesn't appear as though they are being repeated. I hope you do know the inconvenience and annoyance this provides to customers using both software? Every VPN has multiple IP address and PIA is no exception. Because I want to feel safe I will validate the IP address I add to the exception list and remove the File and Folders. My question to you is.....do you plan on adding the IP addresses that have been provided to your by PIA as whitelisted ever? I understand both software s point of view but every VPN will have this same issue. There will be users that maliciously use software in an illegal or malicious manner not intended by the software developer. I am sure they do the best that any VPN service can do. The users who use VPN's know that some sites wont allow access to it while using a VPN. I originally had that issue when I started but even my bank allows the IP addresses from PIA.

Any information on this fix would be great because its already tiring adding what seems to be infinite IP address. I may simply disable Malewarebytes until the two week trial ends but that would put me at risk. Help.









Link to post
Share on other sites

  • Staff

***This is an automated reply***


Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.













If you are having licensing issues, please do the following: 


For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key



Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

  • 1 month later...
17 minutes ago, apbreaux said:

I'm having similar issues. It's good that malwarebytes is flagging these, but why is PIA pinging out to questionable ip addresses? Also, why is malwarebytes viewing pia-service.exe as a compromised event?

PIA seems to connect to servers that are being blocked by Malwarebytes. This is a long going issue with PIA.


Please also refer to this support article which lists several known applications which conflict with the Web Protection in Malwarebytes currently, which includes Private Internet Access.

Here is a possible workaround

Switch Private Internet Access from OpenVPN to WireGuard and enable option “Use small packets”

Update PIA to the latest version v2.7.1+

Turn VPN off

Switch from OpenVPN to WireGuard

Enable "Use small pockets"

Turn VPN on

Restart browser




Thank you

Link to post
Share on other sites

Appreciate the reply. That didn't work for me, it's still coming up with the notifications. If all this is safe - the outbound hits to the ip addresses and the "compromised" status of pia-service.exe - I'll turn off the windows notifications setting. I was using bitdefender before this and it didn't pick up on any of this. Any ideas as to why that may be?

Link to post
Share on other sites

  • 3 months later...
  • Root Admin

Because that is a very good way to get infected. You're basically saying IGNORE EVERYTHING. What purpose is there to run any antivirus if you're going to set it to ignore VPN ? ALL traffic comes in over VPN when you have it enabled except perhaps were some allow local resources to not use VPN.



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.