Endpoint Protection

 View Only

  • 1.  HOSTS file being modified by SEP client?

    Posted Feb 03, 2010 02:42 PM

    I don't think it's possible, but I have to ask to be sure.  Is it possible for the SEP client to modified the hosts file?  We have a hosts file that has static entries and all of sudden they turn up missing.  A few people are claiming that the SEP client is removing the entriies.  If the file was modified, it would've changed the timestamp.  The timestamp remains the same.  Any thoughts?



  • 2.  RE: HOSTS file being modified by SEP client?

    Posted Feb 03, 2010 02:48 PM
    No, SEP wont modify the host file
    You are correct in the point, when sep scans a file it would modify the access time.
    if your file is not changing the access time, sep is not the culprit.



  • 3.  RE: HOSTS file being modified by SEP client?
    Best Answer

    Posted Feb 03, 2010 03:19 PM
    SEP doesn't doesn't do all that stuff..or else "make host file read only" wouldn't have been a template in application control policy.. 


  • 4.  RE: HOSTS file being modified by SEP client?

    Posted Feb 03, 2010 03:25 PM
    No SEP will not modify your host file.

    There could be some thing else.  Run a full scan in safe mode on the machine


  • 5.  RE: HOSTS file being modified by SEP client?

    Posted Feb 03, 2010 04:39 PM
    If nothing malicious is being added to the hosts file, but it is being blanked out, I'd look at any other security software you might be running to see if it is "protecting" the hosts file.