What is fsecureboss.jpg?
I have a user claim's that F-secure is cleaning there hosts file.
they sent me the file fsecureboss.jpg.
The contents of the file I have attached.
I ran a scan on the file and it's clean but I'm concern that why F-secure is cleaning out all of URL out of the users host's file.
He has to put them back in every day - this is no good.
Could the directory be flagged a "Read-Only" or put into the excluded files?
Thanks you for any suggestions.
Comments
-
Hello,
Sorry for my reply. I am only an F-Secure user (their home solutions).
Modified hosts file (by F-Secure) can be the result of malware cleaning / cure process. For example, after cleaning/removing/quarantine other threats.
that why F-secure is cleaning out all of URL out of the users host's file
I think this is revert back to 'default' state of hosts system file. Perhaps, not all modifications to hosts file will trigger detection (or maybe only during certain circumstances) - but if there is a trigger - perhaps, logic is to prevent 'unknown' tricky changes (that was also there with 'known' tricks).
Maybe, it is possible to contact F-Secure Labs about subject - if content of hosts file is not too secret or whether it is possible to discuss with F-Secure Support about detection for these modifications (or, at first, check locally if 'any' change lead to detection and clean action - maybe certain IP or address is somewhat rated as suspicious).
However, there also should be an ability to exclude(?!) files from real-time scanning. One remark is that 'manual' context scan may be still with detection for modification. I am not sure whether it is possible to exclude hosts file or not, but maybe based on F-Secure solution in use.
Sorry for my opinion.
Thanks!
