[Functions as Designed] Hosts File Being Changed Hourly

Hello,


since I installed BD TS 2016 the tool GlassWire alerts me hourly that the file HOSTS is being changed. At least it's annoying but maybe it's a problem? Does anybody know anything about this?


Thanks,


Michael


post-194211-1442742139_thumb.png

Comments

  • I no longer use GlassWire, but I have noticed the same thing, because I frequently check the hosts file in a text editor. I typically see carriage returns (basically, empty lines) at the end of the hosts file, which I know were added by BDTS 2016. I also noticed that BDTS 2016 makes sure that metrics.bitdefender.com is commented out ... apparently, one of the lists I subscribe to (using HostsMan) added that. On one occasion, I noticed about 20 carriage returns in the middle of the hosts file. It's annoying for sure.

  • BD 2016 also comments out any lines that begin with 192.168.0.******


    it would be great to disable this (as far as i can tell) undocumented behavior...

  • Georgia
    Georgia ✭✭✭

    Hello,


    This behavior is according to product specifications. Bitdefender scans the hosts file for redirects of URLs and others to either invalid or malicious locations. If it finds an URL, let's say Yahoo that is redirected to localhost or some 3rd party IP/URL, it will add it as a comment.

  • Hello,


    This behavior is according to product specifications. Bitdefender scans the hosts file for redirects of URLs and others to either invalid or malicious locations. If it finds an URL, let's say Yahoo that is redirected to localhost or some 3rd party IP/URL, it will add it as a comment.


    Hello,


    1.Please provide the product specification with this information. I cannot found this infomration


    2.Please provide the way how i can change my Hostsfile.

  • Hello,


    This behavior is according to product specifications. Bitdefender scans the hosts file for redirects of URLs and others to either invalid or malicious locations. If it finds an URL, let's say Yahoo that is redirected to localhost or some 3rd party IP/URL, it will add it as a comment.


    Same issue here. Every change I made to the hosts file will be reset by Bitdefender. I am a software developer and using the hosts file to map host names to local IPs (192.*). Could you please provide a way how to stop Bitdefender reseting the hosts file?

  • Hi,


    Bitdefender modifies hosts if the file contains:


    Target::BitdefenderHostNames - the hostnames contain "bitdefender" or "8f8fb293be49781da3e3229cd4469a18.da3e3.net"


    Target::BankHostNames - the hostnames are scanned in cloud and if they are "bank" then they are commented


    Target::SuspectIpAddresses - the hostnames are scanned in cloud and if they are found as "fraud", "malware", "phishing", "spam", "untrusted" then they are commented


    Target::PrivateIpAddresses - the addresses specified in hosts belong to these intervals:


    10.0.0.0 - 10.255.255.255


    172.16.0.0 - 172.31.255.255


    192.168.0.0 - 192.168.255.255


    As a workaround you can change the 'hosts' Attributes to Read-only.

  • So this is by design.

    Are BitDefender seriously saying that there can be no valid local LAN IP Addresses in the file?

    I would also say that any product that was this serious in protecting my hosts file would be equally competent to turn off the Read-Only attribute to protect it.

    Or are they assuming that no malicious entity would be capable of modifying the hosts file and turning Read-Only on as well.

    Why is there no configuration option to turn this functionality off?

    There very well could be but how would one find it, given that the basic product has at least six different configuration areas rather than one easy to use settings dialog like pretty much every other program in existence

    I know there is no way of disabling this because I raised a ticket complaining about this and received instructions on how to disable all the modules by navigating all over the product to achieve that.

    With all the modules off, bitdefender is still changing the file. I know it is bitdefender because I turned object auditing on and the process C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe changes the file every hour