Author Topic: hosts file entries removed by Avast Self-Defense  (Read 1689 times)

0 Members and 1 Guest are viewing this topic.

Offline cholla

  • Newbie
  • *
  • Posts: 5
hosts file entries removed by Avast Self-Defense
« on: June 08, 2022, 06:48:42 PM »
 If I check "Enable Self_Defense" then entries for blocking some Avast addresses are removed from my hosts file.
 My hosts file has Security Permissions set for Administrators only.
It even shows as a locked file with the Yellow padlock icon beside it.
I also have it Read-Only.

 So how or why can Avast remove specific entries ?
Does Avast have Administrators level on my Windows 7 OS ?

If I Uncheck "Enable Self_Defense" then no entries are removed.
I would prefer this checked as it may prevent malware from changing Avast.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: hosts file entries removed by Avast Self-Defense
« Reply #1 on: June 09, 2022, 09:48:54 AM »
Basically every antimalware program runs with administrator privileges (and "more", it runs in kernel).

Stripping avast addresses from hosts file is indeed part of the self-defense feature - malware can use it to disable some Avast functionality, to prevent being detected or removed.

Offline cholla

  • Newbie
  • *
  • Posts: 5
Re: hosts file entries removed by Avast Self-Defense
« Reply #2 on: June 09, 2022, 05:57:15 PM »
 Thank you for answering igor.
 I run my OS as an Administrator account.
If I use a Standard or Limited User account.
(I don't have a Standard user account set up)
Will that prevent Avast from access to the hosts file ?
Or will Avast still have the Administrator privileges ?
Including the "(and "more", it runs in kernel)" ?

 For me I will continue to leave  "Enable Self_Defense" unchecked.
If any malware has ever disabled any Avast functionality I'm not aware of it.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: hosts file entries removed by Avast Self-Defense
« Reply #3 on: June 09, 2022, 06:21:48 PM »
I think the route of your issue is why you need to block some avast addresses as you mentioned in your first post.
Quote from: cholla
If I check "Enable Self_Defense" then entries for blocking some Avast addresses are removed from my hosts file.

Avast and other antiviruses (as igor mentioned) operates as a very low level 'Kernel Mode' they have to do that to prevent malware at a very early stage, prevention rather than cure.

Quote from: cholla
For me I will continue to leave  "Enable Self_Defense" unchecked.
If any malware has ever disabled any Avast functionality I'm not aware of it.

Whilst the risk might be small, finding out for the first time (if it did) could be painful.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security