Allow access to hosts file for one program in Windows 10

[Axthorpe]

Hi,

 

How can I allow access for a program to edit the hosts file (C:\Windows\System32\drivers\etc\hosts)?

Kind regards
 Axthorpe

[Berny]

Welcome.  Can you please provide more details , is Kaspersky blocking this action.

[Axthorpe]

Yes, I get and error when the program tries to modify C:\Windows\System32\drivers\etc\hosts

 

I am using “Local by Flywheel” and it works fine, it is a tools for creating and running WordPress sites locally and the publishing to their hosting platform. So they need to edit the hosts file when setting up new sites locally.
This program works fine and I have not needed to anything to get it to work, Kaspersky does nothing.

But Flywheel has recently released a new version in beta and that program is being blocked when it tries to add something in the hosts-file .

So the stable version is grouped as “Trusted” and the beta is grouped in “Low restricted”, but even when I manually put it in “Trusted” I still get the “write block”.

So what I had to do to get the beta working is to turn off program monitoring for that exe; “Do not monitor application activity”, in Program Rules/Exclusions Tab. 
This feels like a very temporary solution…

 

What i really would like is to add a rule that allows the beta to edit the hosts-file, which feels like a better solution than turning off all monitoring for the program (a program that runs php-code from WordPress, plugins etc).

I have found two differences, that may or may not affect the “write block”
3.3.0 - the stable working release
https://whitelisting.kaspersky.com/advisor?lang=en-US#search/65649B07BA77BF632C21AA0BEC1BABC2
5.0.7 - the new beta
https://whitelisting.kaspersky.com/advisor?lang=en-US#search/4A1A5AC0E20C56C3A008AE99D1D2FAD2

 

 

[Axthorpe]

(ops forgot a bit)

I have found two differences, that may or may not affect the “write block”

...and the beta does not have a valid certificate.

[Berny]

Kaspersky doesn’t support Beta products.

Also, please submit your issue to  K-Lab Technical Support  https://center.kaspersky.com 

[Axthorpe]

Beta or no beta, my initial question still stands.

 

How can I allow access for a program to edit the hosts file (C:\Windows\System32\drivers\etc\hosts)?
 

Is this something that can be done?

[Flood and Flood's wife]

Hello @Axthorpe,

Can you show (images) the errors? 

1. KTS Reports, export All Events, select 24 hours or 7 days, save as a text file, attach to your post please?
2. If there’s a certificate issue, have you checked with the Software Developers/Support? 
3. Have you “manually” trusted the dodgy certificate?
4. How often are the host file mods required? 
5. Have you added a “do not scan encrypted connection” exclusion for FW5.0.7?
6. The “beta” advice is very relevant, bc, any problems, support (for Kaspersky software) will be voided. 

Thank you. 

General information: Certificate problem notification(s) 

[Berny]

@Axthorpe Please try this  https://support.kaspersky.com/14848

[Axthorpe]

Ok, apparently I was a bit unclear above ;)

And I thank you for your will to investigate this 👌

This has become two issues, but for me it is one that matters the most.

1. Is there a possibility to allow access for one program to a specific file?
   I want to allow the beta to be able to write to the hosts-file.
   I do not know if this is possible with Kaspersky Total Security.
    
2. The beta is getting installed with “Low restrict”, possibly have a bad certificate and do not have write access to the hosts file (see image below).
   This is not the main issue.
   I wrote this hoping to get some information to send back to Flywheel, the maker of programs.
   I have been able to get it running by setting “Do not monitor application activity” (see image below).
   I understand that this is not Kasperskys problem.
   I do no expect Kaspersky to handle beta software correctly.
   The reason I sen the two links above about the certificate differences was that I hoped that that would be a clue to why Kaspersky handled the programs differently.
   I am fine with this temporary solution, but it is for me a temporary solution until:
   • Flywheel fixes their program
   • or I can set file access to the hosts fil (point 1 above)

And I also have a ticket and some forumposts going with Flywheel about this, because it is really their problem to get their program to work as good as the first one ;)

 

--- write block history ---

 

--- image on how I got the beta to work ---

 

[Flood and Flood's wife]

Hello @Axthorpe

You’re very welcome!

Thank you for posting back, the links and additional information🙏

Please export the (KTS)  Report, select ALL EVENTS, select 24hrs, save as a text file, attach to your post please? 

Have you added a “do not scan encrypted connections” exclusion for FW5.0.7 (it doesn’t appear so)?

Thank you.

[Axthorpe]

Before we do anything else, can you answer my main issue/questions:

• Is there a possibility to allow access for one program to a specific file?
• Does it in Kaspersky Total Security exist an option/function/tab/…, where I can:
  • Select one program
  • Allow this program to edit a specific file
• Can I in Kaspersky Total Security select one file and give a specific program full acces to that file?

[Flood and Flood's wife]

Hello   @Axthorpe,

May I look at the data (report) please?

It may help us work out what can be done..

Thank you. 

 

[Axthorpe]

Can you please answer my questions?

I only want to know the feature I look for exists in Kaspersky Total Security for me as a user.

 

• Is there a possibility to allow access for one program to a specific file?
• Does it in Kaspersky Total Security exist an option/function/tab/…, where I can:
  • Select one program
  • Allow this program to edit a specific file
• Can I in Kaspersky Total Security select one file and give a specific program full acces to that file?

[Berny]

@Axthorpe  Please see the exclusion procedure :

Settings > Additional > Threats and Exclusions > Manage exclusions > Add …..

Please also see Online Help : https://help.kaspersky.com/KIS/2020/en-US/68285.htm

[Axthorpe]

Ok, so it is not possible to assign write access on one specific file for one specific program.

 

“let c:\programs\my.exe have read/write on the file c:\filename.txt”

This can not be done with Kaspersky Total Security, correct?

[Berny]

@Axthorpe

I am going Off Topic now , but maybe you should check the File Attributes, you will find out more about this on the Microsoft Community.

[Axthorpe]

Well I added one more “checkbox” in exclusion and got it working :)

I checked these three:

• Do not monitor application activity
• Do not inherit restrictions from the (application’s) parent process
• Do not monitor the activity of child applications

The boxed that I left out was “inherit parent”, which I don’t really understand. But the beta is working, and it is a beta so I can live with it for now.

 

The reason I asked about giving one program access to one file, was that I had som other AV-software years ago that could do that.

But otherwise quite happy with Kaspersky, so keep up the good work.

And thank you for quick response here in the forum. 👍

 

Kind regards
 Håkan

[Amar]

thanks this feed helped me with the same problem. i only checked the “Do not inherit restrictions from the (application’s) parent process”. By checking this my error went away. 

 

[Jumzoid]

@Axthorpe 

2yrs later and your solution to also check “Do not inherit restrictions from the (application’s) parent process” worked a treat. Thank you!

I needed to get DevKinsta to be able to update my hosts file. Tried so many different suggestions and finally your one worked.

I might also add for anyone experiencing the same issue:
When ticking “Do not monitor the activity of child applications”, make sure to also tick the sub-option, “Apply exclusion recursively”.

Not sure why, but I also needed that selected.

[Schulte]

Hello @Jumzoid, Welcome.

Thank you for your addition.

But there is now also the possibility to allow a program to access the hosts directly.
‘Do not monitor activity' is too global and not recommended.

You can create a specific exception via the Application control (see my example 'dummy.exe'):

 

 

[Jumzoid]

Awesome, thanks @Schulte !

That worked, and yes, it’s not using that global setting, so much better.

Thank you.