Login to participate
Security IdeasRSS
2
Hosts file changes not detected by Symantec Antivirus
Miryan
September 29th, 2009
Filed under: Endpoint Protection (AntiVirus) - 11.x, Endpoint Protection (AntiVirus) - 10.x, Endpoint Protection (AntiVirus), Reporting, Security
3 Agree, 1 Disagree
Please help.
The antivirus would need to record a log of the change that takes place at the hosts file (c:\windows\system32\drivers\etc). Because this can be hacked and be used by unauthorized persons.
And the Symantec antivirus should identify these changes to the file.
THKS.
Try this..?
I'm wondering if as a temporary stopgap you can set the read-only flag on the HOSTS file. I agree that SAV/SEP should monitor this file however programs that make HOSTS file changes are generally malware that is infecting the PC. If you have malware infecting the PC then SAV/SEP has already failed.
Would you like to reply?
Login or Register to post your comment.