HOSTS file monitoring

Discussion in 'Prevx Betas' started by m00nbl00d, Aug 9, 2012.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    According to my relative, to whom I installed the beta version, since the last two upgrades, everytime my relative enters session (after reboot, I think), WSA nags my relative with a warning about some entries in the hosts file. I checked it, and all those entries that WSA warns about are in fact malicious domains being black-holed; not good domains.

    I'm not sure if it's due to the fact that the hosts file has 9 entries per line and followed by 0.0.0.0, instead of 127.0.0.1.

    Every session start, WSA nags my relative and asks to clean it, but my relative wisely always chose NO.

    Anyway, I was wondering if you folks could add an option in WSA to instead of having these visual alerts in the middle of the screen, which sound a bit intimidating I must say, WSA would present a ballon in the notification area saying WSA detected some entries in the hosts file, and also allow the user to specific a file to where WSA could append those warnings, such as what domains are in question and all that. Then, the user (in this case me) could simply check that log and see what the heck it's all about.

    I'd prefer to have that kind of more "silent" warning than the somewhat intimidating prompt.


    Thanks
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Could you send me your hosts file's text via PM? The logic is very specific but it would be helpful for me to see exactly what's flagging it.

    Thanks!
     
  3. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    As a side note, blackholing things by modifying the hosts file is generally a bad way to do it. It's like trying to get rid of a field of gophers by sticking a fake gopher in every gopher hole you can find and hope the gophers think the hole is occupied so won't use it. I'd expect creating IP transport errors by using 0.0.0.0 would also help make a mess of anything trying to parse the file too.
     
Thread Status:
Not open for further replies.