How do I prevent the EIS from isolating the modified hosts file?

[fufuchao 0]

Please forgive me for using translation software.

Whenever I modify the hosts file using any software, including Notepad, it will be isolated. The hosts file is very important to me.

log:

2021/9/21 22:21:14; Real-time file system protection; File; C:\windows\system32\drivers\etc\hosts; Win32/Qhost Trojan; Cleared by deletion; PC\pc; An event occurred on a file modified by the application: C:\Windows\System32\notepad.exe

[Marcos 4,189]

Please provide logs collected with ESET Log Collector so that I can check your exclusions.

[itman 1,362]

I just manually added two entries to my Win 10 hosts file using notepad. See below screen shot.

I received no alerts from Eset real-time protection. So something else is going on in regards to your EIS installation.

 

Edited September 22, 2021 by itman

[Marcos 4,189]

What records are you trying to add to the hosts file?

[itman 1,362]

2 minutes ago, Marcos said:

What records are you trying to add to the hosts file?

Interesting.

Does Eset check IP address/domain name added for malicious status?

[Marcos 4,189]

33 minutes ago, itman said:

Interesting.

Does Eset check IP address/domain name added for malicious status?

Not necessarily malicious but yes, the IP addresses/domains are checked.

[peteyt 284]

3 hours ago, itman said:

Interesting.

Does Eset check IP address/domain name added for malicious status?

I do know a lot of cracks for programs will change host files, to try and block specific things from connecting, probably to prevent the program realising it is cracked or something similar. Not claiming that the OP is using cracked software.