Kaspersky
Question

Lost ability to edit hosts file

  • 18 December 2019
  • 6 replies
  • 8233 views

I’ve lost the ability to edit the hosts file.  I suspect Kaspersky is now blocking it. 
“You don’t have permission to open this file”

Here is sequence of events. 
Open hosts file as admin with Notepad
Add  entries to hosts file
Save and Close. 
I noticed problems running ipconfig from the cmd line.
When I tried to open hosts file again, I got the following message,
“You don’t have permission to open this file” 
(note, I opened this file 5 minutes prior to this)

I noticed a message from kaspersky about a trojan horse in the hosts file. 
Kaspersky offered to quarantine the file, but not sure I should take this route. 

I’m pretty sure this is a false positive as the only lines added to hosts file were by me.
On a related note, I had a false positive on a file two weeks ago with the same Trojan horse. The sender of file ran several scans and could not find anything wrong. Others who downloaded same file had no problems.  
I had an online service run a Malwarescan and it turned up nothing.

How do I gain access to the hosts file again?


6 replies

Userlevel 7
Badge +11

Hello  @konakiko,

Welcome!

Have you tried: copying hosts file to desktop, renaming original hosts file e.g. host-old, editing (original) copied hosts file, moving edited hosts file back to etc/hosts?

May we have: 

  1. Export KTS ReportALL events, 30day report, attach:paperclip: to your Topic? 
  2. GSI & Windows Logs, upload to cloud & post link please?

Thank you:pray_tone3:

Okay, let me demonstrate my “Noob” status. 

Where do Find/how do I generate KTS report to attach?  

Regarding GSI, I saw the following message in the documentation. 

“After the installation of a Kaspersky Lab product, the operating system or the product may work incorrectly due to incompatibility of software or drivers installed on your computer with the Kaspersky Lab product.”

--How concerned should I be about this warning message?
 

Userlevel 7
Badge +11

Hello   @konakiko,

Thank you for replying!

Noob:upside_down: , anyone who reads “detailed” information is no noob:ok_hand_tone3:

KTS Report, open KTS application, select More Tools, select  Reports, select  Detailed Reports, leave ALL Events as default, change timeframe to 30days, select Export, save the report (on your Desktop) as a .txt file, upload  Report to your Topic with the :paperclip: paperclip please? 

Regarding “incompatibility of software or drivers “, Kaspersky software has core requirements, sometimes folks use other software that conflicts with Kaspersky, List of applications incompatible with Kaspersky Total Security

The “warning” msg is an explanatory advisory, giving GSI “context/purpose”, not intended to freak anyone out… 

:arrow_right: GSI&Windows logs may run for a long time, allow it to run to completion:arrow_left:

Please post back?

Thank you:pray_tone3:

Flood, Thanks for your prompt replies. I appreciate it. 

I will continue to respond until this gets resolved as I believe there is some false positive issues behind this. 

However, I found a workaround from Microsoft. I was able rename the bad.old hosts file and replace it with a new default one, which I can edit.   I am under the gun to verify 35 domains on a new server. That’s my main priority now.

 

Userlevel 7
Badge +9

I’m pretty sure this is a false positive as the only lines added to hosts file were by me.


Also, please see this article  https://support.kaspersky.com/1870

“If you suspect a false positive, check the file or the website using Kaspersky VirusDesk.
If necessary, send the file for further analysis.”


🔴 FYI , only  K-Lab Technical Support who will confirm or deny a false positive can fix this issue. 🔴
 

Userlevel 7
Badge +11

Hello  @konakiko,

You’re very welcome!

You may wish to raise a case with Kaspersky Technical Support, they will assist analysing any false postives. Providing the GSI, KTS Report, images & a detailed history will enable them to assist you.

When the case is submitted, you’ll receive an automated email with an INC#, then, within 5 business days, a KLab human will contact you, you may continue to communicate with the Lab via return email and or by updating the INC# in your MyKaspersky account.

Also, for any “possible” false positives, you may wish to submit to Kaspersky Virus Lab, the result may be “safe”, that’s a frequent outcome, KVLab & KTS appliction use different resources. 

If you need any assistance please let me know?

Thank you:pray_tone3:

Reply