How does the "Protect the Hosts file" security feature work?

This discussion has a more recent version.
Customer_Care Posts: 548 F-Secure Employee


How does the Protect the hosts file security feature work with F-Secure Client Security 14 on a Windows host? 
What happens to an already modified hosts file when F-Secure Client Security is installed? 


The Protect the Hosts file security feature monitors if there have been any changes made to the hosts file in a Windows system. If the feature detects a non-default hosts file, it will alert of a redirected hosts file and replace it with a hosts file with the following content:

# Copyright (c) 2007 F-Secure Corporation 

# This is a HOSTS file created during malware removal. 
# Your original HOSTS file was infected and it was replaced 
# by this file containing only clean default entries. 
# The original HOSTS file may be restored from the product's
# quarantine feature.
#    localhost
::1            localhost

If a hosts file has been modified before the installation of F-Secure Client Security, the modified hosts file will be detected during the first system scan.

If the hosts file is modified during a time when the Protect the hosts file feature has been disabled, the modified hosts file will be detected when the feature is turned back on. 

Follow these steps to turn off the Protect the hosts file feature:

  1. Log in to Policy Manager Console
  2. Select the policy domain or host from the Domain Tree
  3. Go to the Settings tab and select Advanced view 
  4. Navigate to: F-Secure Anti-Spyware > Settings > Anti-Spyware Scanner > Real-Time Scanning > Real-Time Scanning Options > Protect the "hosts" File 
  5. Disable the setting 
  6. Distribute the policy (Ctrl + D)

Article no: 000019105