Перейти к содержимому


Фото
- - - - -

DrWeb 8 quarantines the Host File


  • Please log in to reply
16 ответов в этой теме

#1 redp

redp

    Newbie

  • Posters
  • 10 Сообщений:

Отправлено 23 Декабрь 2012 - 06:07

Hello.
Thank you for version 8 of Dr Web, it's appreciated.
On my system I have a customised Hosts File, and DrWeb is messing this up by sending it to quarantine, which is causing me problems.

In previous versions of DrWeb there was an option to check or uncheck a box to "Protect the host system file", yet in the new version this option is not there. Is there a reason for this?

Furthermore, I have customised my spiderguard settings, and set the Hosts file to "Allow" changes. When the file becomes quarantined, it cannot be restored to it's previous state. I have also tried to restore the quarantined file back to its location and that would not work.

For the time being I have added the Hosts file as an exclusion, though it remains to be seen if this will work or not.

Is there another way to stop DrWeb from scanning and quarantining the Hosts file? Or, could the option check or uncheck "Protect the host system file" be put back?

Сообщение было изменено redp: 23 Декабрь 2012 - 06:10


#2 l.e.e.

l.e.e.

    Guru

  • Posters
  • 4 788 Сообщений:

Отправлено 23 Декабрь 2012 - 07:23

Отправленное изображение
:) Hosts file - Allow, please.

Сообщение было изменено lazarev.ee: 23 Декабрь 2012 - 07:25

Я ответил, что пришел в эти горы, чтобы "остановить мир". Койот сказал: - Qua bueno!

drweb.png


#3 pig

pig

    Бредогенератор

  • Helpers
  • 10 486 Сообщений:

Отправлено 23 Декабрь 2012 - 19:43

Preventive Protection does not quarantine hosts file. It is affected by Background Rootkit Scan. Add hosts file to SpIDer Guard excluded paths.
Почтовый сервер Eserv тоже работает с Dr.Web

#4 redp

redp

    Newbie

  • Posters
  • 10 Сообщений:

Отправлено 23 Декабрь 2012 - 19:48

As mentioned in the original post, the Hosts file is selected to "Allow" in the custom setting. See screen shot below.

Additionally, adding the Hosts file as an exclusion is not preventing DrWeb from quarantining the file. Please advice, as this is becoming seriously tedious. Thank you.

Прикрепленные файлы:



#5 userr

userr

    The Master

  • Moderators
  • 16 310 Сообщений:

Отправлено 23 Декабрь 2012 - 20:00

redp,
It's not the Preventive Protection that causes problems, it's been already mentioned in post 3.

Furthermore, I have customised my spiderguard settings, and set the Hosts file to "Allow" changes.

Please let us see screen shot of this - spider guard settings, Exclusions. Put Hosts file there.

Сообщение было изменено userr: 23 Декабрь 2012 - 20:02


#6 redp

redp

    Newbie

  • Posters
  • 10 Сообщений:

Отправлено 23 Декабрь 2012 - 20:09

Spider Guard Exclusion screen shot.

Прикрепленные файлы:



#7 redp

redp

    Newbie

  • Posters
  • 10 Сообщений:

Отправлено 23 Декабрь 2012 - 20:11

Please note, that the exclusion was added before I created this thread, and to show that the file was quarantined after adding the exclusion here is a screen shot of the quarantine manager.

edit: better clarification added.

Прикрепленные файлы:


Сообщение было изменено redp: 23 Декабрь 2012 - 20:14


#8 userr

userr

    The Master

  • Moderators
  • 16 310 Сообщений:

Отправлено 23 Декабрь 2012 - 20:26

Spider Guard Exclusion screen shot.

Thank you. How do you update Drweb on your comp? Standard automatic update, as it set by default?
Would you please give us info about drweb Program modules (Drweb Agent--About--"copy to clipboard", then post here)

#9 redp

redp

    Newbie

  • Posters
  • 10 Сообщений:

Отправлено 24 Декабрь 2012 - 03:22

Hi,
Please fiind below the information requested.

Прикрепленные файлы:



#10 Bogdanus

Bogdanus

    Newbie

  • Members
  • 1 Сообщений:

Отправлено 10 Январь 2013 - 03:25

I have also this issue! It's really annoying :/
Is there a solution?

My Enviroment:
Win7 Ultimate SP1 32
Dr.Web Anti-virus 8

#11 Rolf Copter

Rolf Copter

    Newbie

  • Members
  • 2 Сообщений:

Отправлено 01 Февраль 2013 - 17:35

This sucks hardcore !!

 

Neuther Spider Guard exclusion works,

nor does

the Preventive Protection setting work on this.

 

I need my HOSTFILE customised, for i have a local development-server on my machine !

 

If this annoying behaiour goes on, i will have to deinstall Security Space 8, cuz it's unbearable !

 

Solution please !!!



#12 Rolf Copter

Rolf Copter

    Newbie

  • Members
  • 2 Сообщений:

Отправлено 02 Февраль 2013 - 00:21

OK the following seems to work :

 

The solution is to exclude it with the whitelist in SpiderGuard, but not to enter the real path but :

 

%SystemRoot%\System32\drivers\etc\hosts

 

;)

 

 

Well, if i don't repost anything tomorrow, that means that it works in general.

 

 

Cheers guys

 

www.lab5.ch - Webdesign Schweiz



#13 SergM

SergM

    Guru

  • Moderators
  • 9 387 Сообщений:

Отправлено 02 Февраль 2013 - 00:34

1. We put the hosts in the exception in SpIDer

2. In the setting of preventive protection, select permission to edit the file hosts.

3. Pens are making arbitrary changes to hosts.

 

http://forum.drweb.com/index.php?showtopic=312286&page=10#entry647754



#14 qfox

qfox

    Newbie

  • Members
  • 2 Сообщений:

Отправлено 02 Июль 2013 - 11:02

Stop touching my hosts file retarded drweb!

And seems like there is no real solution ;-( I'm feels like I install a virus by self. Who the hell thinking he smarter the user? Dr.web only.



#15 duncan3

duncan3

    Newbie

  • Posters
  • 12 Сообщений:

Отправлено 08 Ноябрь 2013 - 21:51

I would like to thank DR Web for blocking   the hosts file from hacker intrusion .As someone who posts on news websites  of a political nature and I am a very outspoken person apt to tell the truth about World events I was attacked by =xxx/xxxx this was high power stuff. The only protection programme that put up the biggest resistance  was Dr.Web. I tried EVERY well known programme all failed.This was basic programme attack to block me from the internet. They still try using a programme not belonging to but used by MS to stop me. So God Bless .Dr.Web and long may it flourish.   



#16 jeron@cox.net

jeron@cox.net

    Newbie

  • Members
  • 1 Сообщений:

Отправлено 16 Сентябрь 2015 - 02:44

I'm a web developer and NEED to change my HOSTs file. Ever since I bought Dr Web and installed it, I can't change it.

 

So am I to understand from this thread that it is time to uninstall Dr Web and re-install one of the other 3 anti-virus software that actually allow me to do my work? I've NEVER had this problem where anti-virus software was so stubborn and wouldn't let me do what I need to do to get my work done.

 

I've told preventative protection to allow HOSTS changes - THAT SHOULD BE ALL I HAVE TO DO - but I've also listed it as an exception to the "guard" component as well.

 

No matter what I do, it either won't allow me to save, saying I need to be an administrator (and I am) or it keeps rewriting the file with this as the last line...

 

# This HOSTS file cured by Dr.Web Anti-rootkit API



#17 Dmitry_rus

Dmitry_rus

    Massive Poster

  • Helpers
  • 2 701 Сообщений:

Отправлено 16 Сентябрь 2015 - 11:17

It should be better to set Preventive Protection to "Ask" mode - viruses/trojans also can modify your HOSTS.

As mentioned above, you should

1. Add HOSTS in SpiderGuard's exclusions.

2. Reboot (strictly obligatory! Don't power off, reboot!)

Then you may change your HOSTS as you wish...




Читают тему: 1

0 пользователей, 1 гостей, 0 скрытых