Mr.Wong 2 Posted April 13, 2021 Share Posted April 13, 2021 (edited) Should I allow this from Windscribe vpn v2.02 build 10? I can't use vpn unless I am allow it. Edited April 13, 2021 by Mr.Wong Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted April 13, 2021 Administrators Share Posted April 13, 2021 With default setting HIPS would not ask you about any action. I assume that you use HIPS smart mode, do you? In such case you should know how to respond. If not, you should use default (automatic) mode without any custom ask rules. In this case since you've run a legitimate application you should allow the action and create a rule. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted April 13, 2021 Most Valued Members Share Posted April 13, 2021 6 hours ago, Mr.Wong said: Should I allow this from Windscribe vpn v2.02 build 10? I can't use vpn unless I am allow it. It seems that Windscribe are making changes in the folder that is in Target: , ESET doesn't like it when something touch the hosts folder/file But as Macros said looks like a legitmate action by Windscribe But make sure it's obtained from official website. Link to comment Share on other sites More sharing options...
itman 1,659 Posted April 13, 2021 Share Posted April 13, 2021 I would say responding properly to this Eset alert depends on where you downloaded Windscribe from: https://www.lowyat.net/2020/222527/backdoor-windscribe-vpn-installer/ Link to comment Share on other sites More sharing options...
Mr.Wong 2 Posted April 13, 2021 Author Share Posted April 13, 2021 11 hours ago, Marcos said: With default setting HIPS would not ask you about any action. I assume that you use HIPS smart mode, do you? In such case you should know how to respond. If not, you should use default (automatic) mode without any custom ask rules. In this case since you've run a legitimate application you should allow the action and create a rule. oh man, how do you know I use hips in smart mode? And yes I use HIPS in smart mode. I don't remember this popup in the old version 1.83 build 20 Windscribe. First time seeing this and it target host file so kinda make me nervous and scared a little bit like why does it need to target my pc Windows host file???? 5 hours ago, Nightowl said: It seems that Windscribe are making changes in the folder that is in Target: , ESET doesn't like it when something touch the hosts folder/file But as Macros said looks like a legitmate action by Windscribe But make sure it's obtained from official website. oh okay. I got it from official site here: https://windscribe.com/ I don't remember this notification or similar when I use Windscribe v1.83 Build 20. Kinda nervous and scared when I see this notification from Windscribe needs to write to my pc host file. 47 minutes ago, itman said: I would say responding properly to this Eset alert depends on where you downloaded Windscribe from: https://www.lowyat.net/2020/222527/backdoor-windscribe-vpn-installer/ I got it from official site here: https://windscribe.com/ And wow that is very scary. Thanks for that article you linked. Link to comment Share on other sites More sharing options...
itman 1,659 Posted April 13, 2021 Share Posted April 13, 2021 (edited) FYI: Quote Windscribe ads the following into the hosts file: xx.xx.xxx.xxx ee-001.whiskergalaxy.com #added by Windscribe, do not modify. https://www.reddit.com/r/Windscribe/comments/in4khu/hosts_file_has_been_block/ Edited April 13, 2021 by itman Link to comment Share on other sites More sharing options...
SeriousHoax 83 Posted April 14, 2021 Share Posted April 14, 2021 This is common for Windscribe VPN to do this. You have to allow it if you want to keep using Windscribe. They use IKEv2 protocol by default, and it needs to temporarily modify the host file for that reason. It restores to the previous state when you disconnect. Quote This needs to happen because IKEv2 doesn't resolve server domains on its own like OpenVPN (UDP and TCP) does. So it edits the hosts file to make a local DNS record for the server you connect to. The alternative is to connect to an external DNS server to resolve the Windscribe server domain but we won't be doing that for security reasons. Also, this must be new for HIPS smart mode. I have never seen this before. Instead, I had to create my own rule to monitor host file modification. So I don't think this happened cause the VPN was updated recently. It's probably because ESET updated their HIPS Smart mode rule. Link to comment Share on other sites More sharing options...
Recommended Posts