Does this mean Defender thinks my HOSTS file is a threat?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I just installed the new version of Windows Defender. It scanned my computer,
and came up with:
----------------
Review potentially unwanted items: 1 total
Items detected
Medium/Low alerts: 1
----------------
Nowhere does it show me what it found...

It shows me:
Category
Description
Advice
and
Resources.

It does not name any threat.
Under Resources it shows the location of my hosts file
(It is a somewhat modified hosts file --has a lot of ads in it so that don't
come up in my browser...)

....does it think THAT is a threat?

If so, why doesn't it just say
Threat:
?
 
I think WD may have found an entry within your hosts file that it finds
offensive. Is it pointing specifically to an entry within the file or just to
the location of your hosts file? This should be:

C:\Windows\System32\Drivers\etc

What method do you use to update it? I have found the MVPS web site very
useful available here:

http://www.mvps.org/winhelp2002/hosts.htm

There are also some very useful free utils available for download on the
site which will update your hosts file either automatically or manually
depending on your personal preference. Either way all utils on offer will
permit you the opportunity to edit the file to suit you needs.

Stu
 
Another thought. Do you have another AS program running that `tags` your
Hosts file or is it just Defender?

Stu
 
I update it manually, from http://everythingisnt.com/hosts.html. I didn't
look to hard, but it's about the same as the MVPS site you suggested.
I have several sites I keep in it to to keep my kids out of some places (and
make them want to use the system I set up for them!)

It just pointed to C:\Windows\System32\Drivers\etc , not a specific entry in
hosts.

Stan

Stu said:
I think WD may have found an entry within your hosts file that it finds
offensive. Is it pointing specifically to an entry within the file or just to
the location of your hosts file? This should be:

C:\Windows\System32\Drivers\etc

What method do you use to update it? I have found the MVPS web site very
useful available here:

http://www.mvps.org/winhelp2002/hosts.htm

There
Click to expand...

<snip>
 
No. Just Defender.

BTW, I'm also a bit confused as to why they call a THREAT a RESOURCE.

Stan

Stu said:
Another thought. Do you have another AS program running that `tags` your
Hosts file or is it just Defender?

Stu
Click to expand...
<snip>
 
Hmm. I have had similar experiences with using hosts files loaded from
different sources which then became bloated (52 000+ entries). I`ve even had
some MS sites blocked before now because (in my case the offending entry had
used a `wildcard` entry which blocked entry to any web page associated with
the domain extension when in fact it should have been aimed at a specific
page.) I would strongly recommend MVPS. You can delete hosts and reload using
the update mechanism. I only came to realise this by cross checking thru a
free util called `Site Advisor`. If you decide to use (in particular) Google
or MSN search will give you fair warning by colour coding the links Green,
Amber, Red or Grey (don`t know yet). For just a few bucks the paid version (
Site Advisor Plus) will prevent your kids from even going there with a
warning they cannot circumnavigate - unless they are real experts ;) It also
has a reporting mechanism where you can submit your thoughts on a particular
site that hasnt been assessed yet (ie Grey). Its well worth a try .....

http://www.siteadvisor.com/download/ie.html

Stu

Available here:
 
I'll look into some of that.

My kids aren't experts, but they're close!
One of them is on call by several teachers at his school, either to fix
computers, make them work on the network, or bypass network safeguards the
school system setup so they (the teachers!) can surf where they want.

One time a couple years ago, I got a call from the branch of the public
library they frequent. They had just closed, and wanted to know if I could
bring my son back to fix whatever he did to one of the computers there.
Apparently, when he visits, he reboots it, and stops it from going into the
shell they use so he can use it without restriction. ...and forgets to put it
back. It takes more than a week for a technician from the library to come
out, figure out what he did and put it back. All that while they put an 'out
of order' sign on it.

I keep some stuff in hosts to make them not want to use my (much better)
system. My daughter spends (way to much) time at Harry Potter fan fiction
sites -- and for some reason 'they just don't work on Daddy's computer'!

Hosts makes it easy to block sites - I even think one of them knows I do it,
but he can't get into an admin account and can't do anything about it. It'd
be nice if I could block IRC clients (chat rooms) as easily.

ss
 
Back
Top