Microsoft antivirus change HOSTS file independently

Labels: , ·

In Windows 8 automatically deletes entries in the HOSTS file for a particular domain. Attempts are about to leave requests on Facebook.com, Twitter.com or ad server to run as ad.doubleclick.net by diverting to 127.0.0.1 into space, the entries disappear after a short time as if by magic from the HOSTS file. All that remains is an empty line. In other domains, such as heise.de the effect is not on the other hand.
Behind this phenomenon lies the antivirus, Windows Defender, which is in the new version of Windows pre-installed and active by default. After looking into the Defender course, which is reached by the start-up screen after typing "Defender" and click on the History tab, the reason is clear: The Defender suspects a potentially malicious manipulation of the HOSTS file and registered accordingly "SettingsModifier: Win32/PossibleHostsFileHijack". Incidentally, the Microsoft Security Essentials (MSE) provide for older versions of Windows that the entries are reset for these domains. This is not surprising, but Windows Defender in Windows 8 is essentially just a new name for the MSE.

The items in question are in fact often created by malware to the user of an infected system when you visit a site such as Facebook.com move them to a different server. There could, for example, a phishing version of the requested page, lurk sends the entered credentials to Internet crooks. That entries are removed for advertising server, which is used by many users as a simple but effective adblocker likely to be due to pests also use the HOSTS file to redirect requests to reputable vendors advertising on their own servers. This allows the fraudster Show own banners in his pages.

Anyone who feels patronized and the HOSTS file still would like to use for the affected domains can, his HOSTS (c: \ windows \ system32 \ drivers \ etc \ hosts) to the exception list of the MSE or Windows Defender add. You can find the appropriate item under "Settings, Excluded files and locations". This recognizes the antivirus program in an emergency malignant changes the HOSTS file but no longer.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)