Jump to content
chillicane

host file - leave it alone!

Recommended Posts

Our business uses the host file to limit the domains some of our computers can access. It is a very effective and cheap way to restrict internet access.

 

In order to have kaspersky update though i've added the IPs of kaspersky update servers into the host file but of couse, it thinks its a virus trying to hijack the host file to PREVENT updating!

 

How can i adjust my policy in the Admin kit to make sure the hosts file gets left alone!

 

And yes, ive already added it as trusted - doesnt help

Share this post


Link to post

Hi - Open the Windows workstation policy > properties > Protection tab > Trusted zone > exclusions rules > select object >add host file > click selected (change to any)

Apply and ok all settings and ensure the policy is enforced.

Does this help at all? cheers Scott

 

Share this post


Link to post

Thanks for replies, unfortunatley i have tried both things already

 

i have %SystemRoot%\system32\drivers\etc\hosts for any component in the trusted zone and proactive defense is compeltely disabled.

 

 

Share this post


Link to post
It might be worth disabling each protection components individually to see which one is causing the detection?

 

This is what ive determined - if i run a full scan task on the local machine, either via running the task via the admin kit (but still the local machines full scan task) or on the machine itself - it stops at the host file and asks to skip or disinfect. I have to remote into the machine to tell it to skip every time.

 

Another oddity is i cant seem to override the full scan settings on each computer via policy - i had 1 random machine which disinfected automatically rather than asking.

 

Its specifically complaining about the kaspersky lab dns entries in my host file and if i disinfect it removes them. I need those in there so our 130+ remote retail locations dont try and update from our admin kit source.

 

Any other suggestions would be greatly beneficial at this point ive spent many hours fiddling with the settings with no luck.

Share this post


Link to post
This is what ive determined - if i run a full scan task on the local machine, either via running the task via the admin kit (but still the local machines full scan task) or on the machine itself - it stops at the host file and asks to skip or disinfect. I have to remote into the machine to tell it to skip every time.

 

Another oddity is i cant seem to override the full scan settings on each computer via policy - i had 1 random machine which disinfected automatically rather than asking.

 

Its specifically complaining about the kaspersky lab dns entries in my host file and if i disinfect it removes them. I need those in there so our 130+ remote retail locations dont try and update from our admin kit source.

 

Any other suggestions would be greatly beneficial at this point ive spent many hours fiddling with the settings with no luck.

 

You said "I need those in there so our 130+ remote retail locations dont try and update from our admin kit source."

 

Why don't you change the update tasks to only update from the Internet?

Share this post


Link to post
You said "I need those in there so our 130+ remote retail locations dont try and update from our admin kit source."

 

Why don't you change the update tasks to only update from the Internet?

 

 

To recap - we have added the IP addresses of the kaspersky update servers to the host file to ensure that internet updating works as we use the host file to LIMIT what sites can be visited.

 

So i have got the policy set to update straight from kaspersky but this will fail if the host file doesnt have those entries, but kaspersky tries to clobber those entires at the same time.

 

 

Using the host file to limit internet access is definetly a 'nasty hack' but it serves our purposes very well as its free and very easy to deploy changes to.

Share this post


Link to post
To recap - we have added the IP addresses of the kaspersky update servers to the host file to ensure that internet updating works as we use the host file to LIMIT what sites can be visited.

 

So i have got the policy set to update straight from kaspersky but this will fail if the host file doesnt have those entries, but kaspersky tries to clobber those entires at the same time.

Using the host file to limit internet access is definetly a 'nasty hack' but it serves our purposes very well as its free and very easy to deploy changes to.

How are you limiting access to a site if the site does not have an entry in the Hosts file? I am curious.

Share this post


Link to post
How are you limiting access to a site if the site does not have an entry in the Hosts file? I am curious.

 

 

It only blocks DNS resolution but luckily our store staff arent likely to be able to work around it.

 

We set the DNS servers in network config to

1.0.0.0

1.0.0.1

 

then the only DNS names that resolve at all are the ones in the host file! That combined with limited user security so they cannot change the host file or the DNS settings and its quite effective - certainly a great cost saving compared to expensive filtering software.

 

Ive even got a few 'traps' set up where certain DNS names point back to one of our webservers and a vhost on that server logs access so we can tell if our staff are being naughty. Dont particularly like that one but our GM is quite paranoid about time theft.....

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.