W10 Famille - 21H1 - 19043.1466 / GW Basic 2.3.374 (FW Off)
Hello,
Is it possible to find out which program modified the Hosts file?
If so, would it be possible to display it in the alert?
Unfortunately no, we don’t have a way to do that yet but I agree it would be useful!
I had this problem a while back and was getting alerts from GW that my hosts file was being changed anytime I rebooted my PC. It seems Windows Defender was changing my hosts file after each bootup because I had the remnants of a telemetry blocking tool on my PC even after uninstalling the program.
You can check if Windows Defender is modifying the hosts file by opening the hosts file in notepad and looking at the verbiage at the top of the hosts file contents. If Defender is doing this, you most likely have some sort of hardening tool installed that is modifying the hosts file on startup.
Hope this helps.
Thanks for your feedback.
This is the first time this alert has appeared since June 2021 (GW purchase).
Following this alert, I check every day the modification date of the file.
I notice that this date changes every day but I do not receive a new alert. I edited the file and it only has comment lines (#).
What is the significance of the GW alert? How should it be interpreted?
Third party AV and FW are installed on the laptop.
The reason we added the alert is because we noticed some third party toolbars for ads or search sometimes modify the host file for ads/search, or for monitoring the user. We thought it was disturbing, so we added this feature.
It’s supposed to work so when users install one of those lame toolbars they will get an alert that the file was modified, then they could change it back.
If nothing is modified for you then I am not sure what’s going on. That’s strange.
Perhaps this solution can help.
https://www.itprotoday.com/mobile-management-and-security/protecting-hosts-file-windows-systems
Perhaps an explanation.
I use Bitdefender as an AV which has a feature to check the hosts file. However, this feature is activated since the installation of BD in December 2020.
Why suddenly a GW alert, mystery? Has there been a collision?
It would be interesting to know on which criteria GW generates the alert.
I don’t believe we are able to have a collision with any other app with this feature because we watch the file, but we do not modify it. We only monitor the file to see if it’s changed.
When you write “We only monitor the file to see if it’s changed”, as the modification date of the file changes very often this would mean that GW’s control is over the content of the file.
Would GW do a comparison against a saved version of the file?
No, we don’t control the file. I believe we check the hash to see if it changed.