Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: cholla on June 08, 2022, 06:48:42 PM

Title: hosts file entries removed by Avast Self-Defense
Post by: cholla on June 08, 2022, 06:48:42 PM

 If I check "Enable Self_Defense" then entries for blocking some Avast addresses are removed from my hosts file.
 My hosts file has Security Permissions set for Administrators only.
It even shows as a locked file with the Yellow padlock icon beside it.
I also have it Read-Only.

 So how or why can Avast remove specific entries ?
Does Avast have Administrators level on my Windows 7 OS ?

If I Uncheck "Enable Self_Defense" then no entries are removed.
I would prefer this checked as it may prevent malware from changing Avast.

Title: Re: hosts file entries removed by Avast Self-Defense
Post by: igor on June 09, 2022, 09:48:54 AM

Basically every antimalware program runs with administrator privileges (and "more", it runs in kernel).

Stripping avast addresses from hosts file is indeed part of the self-defense feature - malware can use it to disable some Avast functionality, to prevent being detected or removed.

Title: Re: hosts file entries removed by Avast Self-Defense
Post by: cholla on June 09, 2022, 05:57:15 PM

 Thank you for answering igor.
 I run my OS as an Administrator account.
If I use a Standard or Limited User account.
(I don't have a Standard user account set up)
Will that prevent Avast from access to the hosts file ?
Or will Avast still have the Administrator privileges ?
Including the "(and "more", it runs in kernel)" ?

 For me I will continue to leave  "Enable Self_Defense" unchecked.
If any malware has ever disabled any Avast functionality I'm not aware of it.

Title: Re: hosts file entries removed by Avast Self-Defense
Post by: DavidR on June 09, 2022, 06:21:48 PM

I think the route of your issue is why you need to block some avast addresses as you mentioned in your first post.

Quote from: cholla

If I check "Enable Self_Defense" then entries for blocking some Avast addresses are removed from my hosts file.

Avast and other antiviruses (as igor mentioned) operates as a very low level 'Kernel Mode' they have to do that to prevent malware at a very early stage, prevention rather than cure.

Quote from: cholla

For me I will continue to leave  "Enable Self_Defense" unchecked.
If any malware has ever disabled any Avast functionality I'm not aware of it.

Whilst the risk might be small, finding out for the first time (if it did) could be painful.