SysInspector v12026

[Cosmo32]

Is there a bug in SI v12026? Does SI v12026 no longer care for the action of the MVPS Host File protection I use?

I just test ran v12026. The results lit up the "Critical Files" section bright RED!
And, most of the log lists stuff shown in the Hosts File that all focus to 127.0.0.1. Yes. Confused I am...........

Yes, I still use the V2.7 BE A/V; just because it runs so well.

[agoretsky]

Hello,

Could you provide a screenshot of the problem? Thank you.

Regards,

Aryeh Goretsky

[Cosmo32]

Aryeh,
Thank you. I am trying to provide small captures of what I see. Found/loaded FSC v5.3 and am learning to use it. As soon as I learn to cull the excess blank screen space, I will attempt to upload a pair of views using the directions from Bubba and GroverH.
I suppose my basic observation is:
SI v120210 appears to ignore the MVPS Host file.
SI v120260 appears to see the MVPS Host file and code it critical.

[Cosmo32]

Aryeh,
Here is an attempt to share two small screen shots. They show how the latest version of System Inspector 12060 is working here.....




I hope these pix help.

[agoretsky]

Hello,

I spoke with one of ESET SysInspector's principals about this, and he explained that the increased Risk Level for localhost redirections in the hosts file is the result of concerns about malicious software using this method to block or redirect access to sites.

Please keep in mind that the heuristics used in ESET SysInspector are not the same as those in ESET NOD32 Antivirus and also evaluate things differently because the purpose of the programs is different, e.g., ESET SysInspector's focus is on troubleshooting installations of ESET's software as well as evaluating infected systems versus ESET NOD32 Antivirus' task of protecting your system from threats. As a result, ESET SysInspector may flag something as suspicious or risky while ESET NOD32 Antivirus does not report anything.

ESET does provide some blocking of malicious sites, however, there is nothing wrong with taking a defense-in-depth approach and providing an additional layer of protection with tools like the MVPS HOSTS File, Pyrenean's eDexter and so forth.

Since you initiated the hosts file blocking yourself, have evaluated the source of the block, provenance of its entries and so forth and understand the reasons for doing so, it is safe for you to ignore this section of the ESET SysInspector log report.

Regards,

Aryeh Goretsky

[Cosmo32]

Aryeh,
Thank you for your reply and the research. Yes, I do use the MVPS Hosts file logic as part of my layered approach to protection. I do see the distinction mentioned between ESET A/V and the System Inspector. NOD32 runs 24/7. System Inspector is used when I notice odd behavior that does not trigger NOD32.

I do now understand the increased scrutiny of SI toward local host redirection. I was unaware that malicious code was also copying this activity. I may test your suggested Pyrenean's eDexter also now.

Please share my appreciation with your "white hats!" They do an excellent job keeping the bad guys at bay!

Best of the Season!