MalwareDefender why doesn't my rule work?

Discussion in 'other anti-malware software' started by bellgamin, Dec 27, 2009.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I wrote the rule shown below, but MalwareDefender (MD) still allows me to write to the HOSTS file. Why? Is there a rule that WILL prevent writing to HOSTS?
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ScrHunt01 26-Dec-09.gif
     
  2. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    There should already be a rule for this in the System Configuaration Files tree. Where have you placed this new rule?
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Try changing hosts to hosts.* and also check only the files instead of files and folders.

    I just tested a similiar simple rule for a file on my desktop and it worked.

    Pete
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    @Scoobs72 -- I didn't assign my rule to any group. It stands alone.

    There IS a rule for system32/drivers/etc in the SystemConfig group -- set for Read-permit and Write-ask. I did not modify that rule in any way. Even so, I can freely write to HOSTS file and MD does NOT ask.

    @Pete -- I did as you said. MD still allows writing to hosts with no objection. By the way, I test-write to hosts by right clicking the hosts file and doing a "send to" to notepad. I then modify hosts with notepad & save the file. MD offers no pop-ups whatsoever. Also, I verify that the change was, in fact, saved. o_O
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ScrHunt01 27-Dec-09.gif
     
    Last edited: Dec 27, 2009
  5. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    You should get a prompt as the built-in file rule covers this.

    Are there any file rules for notpade.exe which could allow the modification of the hosts file or is notepad.exe in a group, where the group rules allow this file modification?

    Cheers
     
  6. wat0114

    wat0114 Guest

    Where is the the rule located? You may have another, lower level rule, superseding yours.
     
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Yes, THAT was the problem. The rule works now. Thanks to all who offered clues, but especially to subset.

    NOTE TO XIAOLIN (Requested change) -- It would be helpful if you added a menu item to search for rules that conflict with one another.
     
  8. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    Thanks for the suggestion. :)
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    You might check other stuff. I created a test rule on a file to prevent deleting. Did block it for explorer, but I also use Xplorer2 and that was able to delete the file just fine.
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    @xiaolin -- Thanks for visiting this thread! :thumb:

    @ Pete -- Good suggestion! I checked other stuff. To wit, I did a "rule find" on "system32\drivers\etc" & examined every rule wherein that file was affected. There were two other apps, including explorer.exe, that had the okay to mess with HOSTS. I fixed them both.
     
Thread Status:
Not open for further replies.