Should I allow this from Windscribe vpn v2.02 build 10?

[Mr.Wong 2]

Should I allow this from Windscribe vpn v2.02 build 10? I can't use vpn unless I am allow it. 

Edited April 13, 2021 by Mr.Wong

[Marcos 5,074]

With default setting HIPS would not ask you about any action. I assume that you use HIPS smart mode, do you? In such case you should know how to respond. If not, you should use default (automatic) mode without any custom ask rules.

In this case since you've run a legitimate application you should allow the action and create a rule.

[Nightowl 202]

6 hours ago, Mr.Wong said:

Should I allow this from Windscribe vpn v2.02 build 10? I can't use vpn unless I am allow it. 

It seems that Windscribe are making changes in the folder that is in Target: , ESET doesn't like it when something touch the hosts folder/file

But as Macros said looks like a legitmate action by Windscribe

But make sure it's obtained from official website.

[itman 1,659]

I would say responding properly to this Eset alert depends on where you downloaded Windscribe from: https://www.lowyat.net/2020/222527/backdoor-windscribe-vpn-installer/

[Mr.Wong 2]

11 hours ago, Marcos said:

With default setting HIPS would not ask you about any action. I assume that you use HIPS smart mode, do you? In such case you should know how to respond. If not, you should use default (automatic) mode without any custom ask rules.

In this case since you've run a legitimate application you should allow the action and create a rule.

oh man, how do you know I use hips in smart mode? And yes I use HIPS in smart mode. I don't remember this popup in the old version 1.83 build 20 Windscribe. First time seeing this and it target host file so kinda make me nervous and scared a little bit like why does it need to target my pc Windows host file???? 

 

5 hours ago, Nightowl said:

It seems that Windscribe are making changes in the folder that is in Target: , ESET doesn't like it when something touch the hosts folder/file

But as Macros said looks like a legitmate action by Windscribe

But make sure it's obtained from official website.

oh okay. I got it from official site here: https://windscribe.com/

I don't remember this notification or similar when I use Windscribe v1.83 Build 20. Kinda nervous and scared when I see this notification from Windscribe needs to write to my pc host file. 

47 minutes ago, itman said:

I would say responding properly to this Eset alert depends on where you downloaded Windscribe from: https://www.lowyat.net/2020/222527/backdoor-windscribe-vpn-installer/

I got it from official site here: https://windscribe.com/

And wow that is very scary. Thanks for that article you linked. 

[itman 1,659]

FYI:

Quote

Windscribe ads the following into the hosts file:

xx.xx.xxx.xxx ee-001.whiskergalaxy.com   #added by Windscribe, do not modify.

 

https://www.reddit.com/r/Windscribe/comments/in4khu/hosts_file_has_been_block/

Edited April 13, 2021 by itman

[SeriousHoax 83]

This is common for Windscribe VPN to do this. You have to allow it if you want to keep using Windscribe. They use IKEv2 protocol by default, and it needs to temporarily modify the host file for that reason. It restores to the previous state when you disconnect. 

Quote

This needs to happen because IKEv2 doesn't resolve server domains on its own like OpenVPN (UDP and TCP) does. So it edits the hosts file to make a local DNS record for the server you connect to. The alternative is to connect to an external DNS server to resolve the Windscribe server domain but we won't be doing that for security reasons.

Also, this must be new for HIPS smart mode. I have never seen this before. Instead, I had to create my own rule to monitor host file modification. So I don't think this happened cause the VPN was updated recently. It's probably because ESET updated their HIPS Smart mode rule.