Just recently I ran into the following problem involving a Hosts file monitoring utility (WinPatrol) and avast:
I made and saved some changes in my Hosts file. WinPatrol, which monitors the Hosts file continually in order to detect unauthorized changes, flagged the changes (as was expected) and prompted me to accept or decline them. I, of course accepted. A few minutes later, however, WinPatrol warned me again that the Hosts file had changed. Since I had made no additional changes to the Hosts file myself, I declined the (presumably new) changes. This caused a bombardment of my pc (WinXP Home SP 2) with repeated WinPatrol warnings every two minutes or so which virtually brought my work to an end.
Seeing that obviously something was wrong, I employed a file monitoring utility (Filemon from Sysinternals) to see which programs were accessing my Hosts file. Filemon indicated that during this erratic behavior Hosts was accessed by WinPatrol (presumably for monitoring purposes) and by avast (presumably for virus scanning purposes). Seeing no danger in this case, I made copies of both the old and new versions of Hosts and I accepted the changes. This led to an error message claiming that there was some accessibility problem regarding Hosts but put an end to the series of WinPatrol warnings.
Next I employed a file comparing utility (ExamDiff) to see what changes were made to the Hosts file. However, the saved copies of the old and new versions of Hosts turned out to be identical. Referring the whole matter to the author of WinPatrol produced a suggestion from the latter that some other program was also monitoring Hosts causing in the process changes not in content but in other file attributes (creating backups, changing the time Hosts was created or modified, etc.) all of which would be seen as changes in the Hosts file by WinPatrol.
So here comes the relevant question for this forum: Were such changes (in file attributes other than content-related) caused by avast? If yes, how does avast interact with the Hosts file?
One last detail: Following the second acceptance of the Hosts file changes, Filemon indicated that Hosts was now accessed by WinPatrol and svchost.exe but not by avast anymore.
Can anyone decipher all this?