Kaspersky
Question

Allow access to hosts file for one program in Windows 10

  • 31 October 2019
  • 17 replies
  • 6738 views

Hi,

 

How can I allow access for a program to edit the hosts file (C:\Windows\System32\drivers\etc\hosts)?

Kind regards
 Axthorpe


17 replies

Userlevel 7
Badge +8

Welcome.  Can you please provide more details , is Kaspersky blocking this action.

Yes, I get and error when the program tries to modify C:\Windows\System32\drivers\etc\hosts

 

I am using “Local by Flywheel” and it works fine, it is a tools for creating and running WordPress sites locally and the publishing to their hosting platform. So they need to edit the hosts file when setting up new sites locally.
This program works fine and I have not needed to anything to get it to work, Kaspersky does nothing.


But Flywheel has recently released a new version in beta and that program is being blocked when it tries to add something in the hosts-file .

So the stable version is grouped as “Trusted” and the beta is grouped in “Low restricted”, but even when I manually put it in “Trusted” I still get the “write block”.

So what I had to do to get the beta working is to turn off program monitoring for that exe; “Do not monitor application activity”, in Program Rules/Exclusions Tab. 
This feels like a very temporary solution…

 

What i really would like is to add a rule that allows the beta to edit the hosts-file, which feels like a better solution than turning off all monitoring for the program (a program that runs php-code from WordPress, plugins etc).



I have found two differences, that may or may not affect the “write block”
3.3.0 - the stable working release
https://whitelisting.kaspersky.com/advisor?lang=en-US#search/65649B07BA77BF632C21AA0BEC1BABC2
5.0.7 - the new beta
https://whitelisting.kaspersky.com/advisor?lang=en-US#search/4A1A5AC0E20C56C3A008AE99D1D2FAD2

 

 

(ops forgot a bit)

I have found two differences, that may or may not affect the “write block”

...and the beta does not have a valid certificate.

Userlevel 7
Badge +8

Kaspersky doesn’t support Beta products.

Also, please submit your issue to  K-Lab Technical Support  https://center.kaspersky.com 

Beta or no beta, my initial question still stands.

 

How can I allow access for a program to edit the hosts file (C:\Windows\System32\drivers\etc\hosts)?
 

Is this something that can be done?

Userlevel 7
Badge +9

Hello @Axthorpe,

Can you show (images) the errors? 

  1. KTS Reports, export All Events, select 24 hours or 7 days, save as a text file, attach to your post please?
  2. If there’s a certificate issue, have you checked with the Software Developers/Support? 
  3. Have you “manually” trusted the dodgy certificate?
  4. How often are the host file mods required? 
  5. Have you added a “do not scan encrypted connection” exclusion for FW5.0.7?
  6. The “beta” advice is very relevant, bc, any problems, support (for Kaspersky software) will be voided. 

Thank you. 

General information: Certificate problem notification(s) 

Userlevel 7
Badge +8

@Axthorpe Please try this  https://support.kaspersky.com/14848

Ok, apparently I was a bit unclear above ;)

And I thank you for your will to investigate this :ok_hand:


This has become two issues, but for me it is one that matters the most.

  1. Is there a possibility to allow access for one program to a specific file?
    I want to allow the beta to be able to write to the hosts-file.
    I do not know if this is possible with Kaspersky Total Security.
     
  2. The beta is getting installed with “Low restrict”, possibly have a bad certificate and do not have write access to the hosts file (see image below).
    This is not the main issue.
    I wrote this hoping to get some information to send back to Flywheel, the maker of programs.
    I have been able to get it running by setting “Do not monitor application activity” (see image below).
    I understand that this is not Kasperskys problem.
    I do no expect Kaspersky to handle beta software correctly.
    The reason I sen the two links above about the certificate differences was that I hoped that that would be a clue to why Kaspersky handled the programs differently.
    I am fine with this temporary solution, but it is for me a temporary solution until:
    • Flywheel fixes their program
    • or I can set file access to the hosts fil (point 1 above)

And I also have a ticket and some forumposts going with Flywheel about this, because it is really their problem to get their program to work as good as the first one ;)

 

--- write block history ---

 

--- image on how I got the beta to work ---

 

Userlevel 7
Badge +9

Hello @Axthorpe

You’re very welcome!

Thank you for posting back, the links and additional information:pray_tone3:

Please export the (KTS)  Report, select ALL EVENTS, select 24hrs, save as a text file, attach to your post please? 

Have you added a “do not scan encrypted connections” exclusion for FW5.0.7 (it doesn’t appear so)?

Thank you.

Before we do anything else, can you answer my main issue/questions:

  • Is there a possibility to allow access for one program to a specific file?
  • Does it in Kaspersky Total Security exist an option/function/tab/…, where I can:
    • Select one program
    • Allow this program to edit a specific file
  • Can I in Kaspersky Total Security select one file and give a specific program full acces to that file?
Userlevel 7
Badge +9

Hello   @Axthorpe,

May I look at the data (report) please?

It may help us work out what can be done..

Thank you. 


 

Can you please answer my questions?

I only want to know the feature I look for exists in Kaspersky Total Security for me as a user.

 

  • Is there a possibility to allow access for one program to a specific file?
  • Does it in Kaspersky Total Security exist an option/function/tab/…, where I can:
    • Select one program
    • Allow this program to edit a specific file
  • Can I in Kaspersky Total Security select one file and give a specific program full acces to that file?
Userlevel 7
Badge +8

@Axthorpe  Please see the exclusion procedure :

Settings > Additional > Threats and Exclusions > Manage exclusions > Add …..

Please also see Online Help : https://help.kaspersky.com/KIS/2020/en-US/68285.htm

Ok, so it is not possible to assign write access on one specific file for one specific program.

 

“let c:\programs\my.exe have read/write on the file c:\filename.txt”

This can not be done with Kaspersky Total Security, correct?

Userlevel 7
Badge +8

@Axthorpe

I am going Off Topic now , but maybe you should check the File Attributes, you will find out more about this on the Microsoft Community.

Well I added one more “checkbox” in exclusion and got it working :)

I checked these three:

  • Do not monitor application activity
  • Do not inherit restrictions from the (application’s) parent process
  • Do not monitor the activity of child applications

The boxed that I left out was “inherit parent”, which I don’t really understand. But the beta is working, and it is a beta so I can live with it for now.

 

The reason I asked about giving one program access to one file, was that I had som other AV-software years ago that could do that.

But otherwise quite happy with Kaspersky, so keep up the good work.

And thank you for quick response here in the forum. :thumbsup:

 

Kind regards
 Håkan

thanks this feed helped me with the same problem. i only checked the “Do not inherit restrictions from the (application’s) parent process”. By checking this my error went away. 

 

Reply / Ответить