Hosts file

@ coolcolors,
It is not that Avast is compromised.
It is the new(or fairly new module).
Self-Defense. I now have it disabled.
That might allow some malware to modify Avast but it Never did before this Self-Defense module. So I believe my OS will be OK with this disabled.
Avast only removed the blocked sites that related to Avast.
Not any others.

Next I have always kept my hosts file set to Read-Only (except when adding a site or sites to it). The back to Read-only.
Avast can uncheck & remove the blocked sites that block Avast even when I set the hosts to Read-Only.
This surprised me as I thought I as the Administrator was the only one that could do this.
Avast will only do this if Menu/Settings/Troubleshooting/Enable Self-Defense is checked.
What Avast say about this module is:

Blockquote
Prevents malware from deactivating or uninstalling your Avast antivirus.

I do run my OS as Administrator Password protected.
I don’t use a limited user account.
I know you advise to have a limited user account to run a computer most of the time. I have had no problems from running as Administrator.
I feel that Avast could make this change either way.

Do you use Avast for you anti-virus ?
If not I guess you can not test it.
That’s OK as I would not want you to go to that much effort.
To install Avast just to test this.

To review:
The Avast site blocks are now remaining in the hosts file.
As long as the Self-Defense is unchecked.
So far the original problem that was a Warning in Even Viewer is no longer being reported.
So I consider the problem fixed.
Thanks for the help.

This part gives me the willys. If it gets compromised then your in the dumps. I use Windows Defender it’s free if you own Windows O/S 10 already. I think you should go to Defender as that for me since Win7 MSE and now Defender has worked just fine with my hosts file.

No problem as long as your the sole user then it’s fine. Just like me but the family laptop I do make it Admin pswd. And they are just fine with the standard account usage. Just remember Admin doesn’t mean it needs password login to change this is another reason why it can do those changes because your in Admin mode and it doesn’t require your approval to make the change it does it automatically. That might something you keep track in future if you enable to see if that does happen. And if it does then might consider for that reason. But if disable works keep it at that as well.

Future updates will keep this avast edit in it.

@ coolcolors ,
I do a couple of things things in case the hosts gets compromised.
I save a copy elsewhere on my OS as a text file.
I also do regular backups of my OS.

I’m using Windows 7 on all my computers.
I like Avast overall.

I looked into making my hosts file more Secure.
You may already have your hosts this way.
This is for Windows 7 .I do not know if it works for Windows 10.

  1. Right-click the file in question, select Properties.
  2. Switch to the Security tab.
  3. Click Advanced.
  4. Click the Change Permissions button.
  5. Uncheck the box that says “Include inheritable permissions from this object’s parent.”
  6. Choose Remove when prompted.
  7. If any Group or User remains Remove it. Then Apply.
    You should see this message in the window:
    “No groups or users have permission to access this object. However, the owner of this object can assign permissions.”
  8. Answer 'Yes" to the 2 window boxes.
  9. OK all the way out. (This may not be necessary but it makes sue the Security Permissions are set.)
    You could stop here but even the Administrator could not add anything to the file.
    So now you need to give Permissions to the account you want to.
    Repeat steps 1 - 4.
  10. I used the Administrators (User\Administrators).
    You could use the Administrator (User\Administrator) if that is what your Account is.
    Click Add & use one of the above.
    Leave “Include inheritable permissions from this object’s parent.” Unchecked.
    Click Advanced.
    Click Find Now.
    Select one of the Accounts in 10 then OK & OK again.
    Check Allow Full Control. Then OK.
    Click Apply & Yes to the window box.
    The OK all the way out.
    Now my hosts has the Yellow padlock icon .
    I can still just Uncheck the Read-Only option & Apply when I want to add a blocked site.

This stopped Avast from removing the Avast entries.
I was able to Check the “Enable Self-Defense in Avast”.
So now it should function to stop modifications or an Uninstall of Avast by a third party.
Except for the hosts. Which is now more Secure.

I do have a backup hosts on a USB for that reason and backup on another HDD not the main NVMe drive itself. I found this as you did backup and backup. One can use the A/V they feel good using and that’s a choice one makes. But as long as you got it working then it’s all good. I only say Defender because it comes free for Windows O/S users and so far beyond updating it. It works happy with my O/S and other software and no issue so far. One can modify it from my update as it works for them. I just made this version as it became smaller and suits my needs and beyond unmarking sites that break which is far and few-it’s worked so far when I set to “Read-Only”.

The removal returned so I unchecked “Enable Self-Defense" in Avast again.
I appears Avast has access even to a locked Read-Only hosts with Administrators Permissions.

In searching for a way to block Avast better I found this:
https://www.angelfire.com/comics2/fatboy9175/MShosts.txt

I shows how Microsoft gets around the hosts file for the telemetry & other MS blocks.
There is a long list on the link.
I wonder if Avast is doing the same & using the dnsapi.dll to do this.

There are some DNS client or proxy third party software the would seem to prevent this or has another way to stop blocked sites being accessed.
I haven’t tried any of those as it would be a new process to learn & then use it correctly.

Maybe you should try when using the computer as Limited user. I think the fact your login as Admin is all the permission it needs to change it-I do know this because I had family members whom wonder what got installed when they didn’t. And when I asked which account they said the Main account so they basically give it permission without it having to ask. Try that and inform us back if that is different.

PC Windows hosts custom adblocker 6-5-22

hosts 6-5-22.zip (73.7 KB)

I have never had a limited user account on any computer I own.
I believe this is also called a Standard user account.
I don’t plan to add this to my computer.

I will just disable the one feature in Avast.
I’m not having problems with my OS & I haven’t detected any viruses with any scans.
I occasionally do a virus scan outside of Windows with an antivirus scanner for this called EEK. I run it from a flash drive.
So far no viruses for many years.

If you want to prevent Avast from doing by admin usage your going to have to do and disable like you did. The standard/limited users prevent authorized changes unless you input the Admin password. That’s what will prevent program such as Avast from doing that. Hopefully your not using Defender plus the outside scanner that will be redundant and not protect but allow virus to get past the defense. Limited/Standard computer usage is the same just require one more Admin password to install or remove program. That’s why it works for what it does.