What is fsecureboss.jpg?

Jhedge
Jhedge Posts: 1 New Member

I have a user claim's that F-secure is cleaning there hosts file.

they sent me the file fsecureboss.jpg.

The contents of the file I have attached.

I ran a scan on the file and it's clean but I'm concern that why F-secure is cleaning out all of URL out of the users host's file.

He has to put them back in every day - this is no good.

Could the directory be flagged a "Read-Only" or put into the excluded files?

Thanks you for any suggestions.

Comments

  • Ukko
    Ukko Posts: 3,768 Superuser
    edited June 2020

    Hello,

    Sorry for my reply. I am only an F-Secure user (their home solutions).

    Modified hosts file (by F-Secure) can be the result of malware cleaning / cure process. For example, after cleaning/removing/quarantine other threats.

    that why F-secure is cleaning out all of URL out of the users host's file

    I think this is revert back to 'default' state of hosts system file. Perhaps, not all modifications to hosts file will trigger detection (or maybe only during certain circumstances) - but if there is a trigger - perhaps, logic is to prevent 'unknown' tricky changes (that was also there with 'known' tricks).

    Maybe, it is possible to contact F-Secure Labs about subject - if content of hosts file is not too secret or whether it is possible to discuss with F-Secure Support about detection for these modifications (or, at first, check locally if 'any' change lead to detection and clean action - maybe certain IP or address is somewhat rated as suspicious).

    However, there also should be an ability to exclude(?!) files from real-time scanning. One remark is that 'manual' context scan may be still with detection for modification. I am not sure whether it is possible to exclude hosts file or not, but maybe based on F-Secure solution in use.

    Sorry for my opinion.

    Thanks!

This discussion has been closed.
Feedback on New Design