-1

I have an 192.168... address (local VMware) written in the local host file on Windows (administrator mode).

Windows change that file after one hour and put the line with "#" as follow : 

before 
192.168.72.128  dev.local

after
\# 192.168.72.128 dev.local

Do you know a way to prevent this?

I'm under windows 10 Family (version 1511)

Thanks

Bikee
  • 1,157
  • 8
  • 20
juvaone
  • 11
  • 4

3 Answers3

0

There are two great SysInternals utilities that can be used for detecting who is doing that:

(find => find handle or dll, enter your filename)

Alex Belotserkovskiy
  • 3,854
  • 1
  • 10
  • 9
  • Thanks Alex, there is just svhost.exe and sihost.exe that is used by the system. This behavior has happened since the last update windows. – juvaone Apr 22 '16 at 09:15
  • Can you try to temporarily disable windows defender and see how it's going? – Alex Belotserkovskiy Apr 22 '16 at 11:15
  • idem, here is last installation since windows update : bitdefender Antivirus 2016 (just update software), lync basic 2013, office 365, microsoft visual c+ 2012, visual studiooo tool 2010, vmware, adobe creative cloud (trial), visual c++ 2005 and 2008, githubclient – juvaone Apr 22 '16 at 16:05
  • Antiviruses often do that. Did you try to test it with the disabled defender? And disabled antivirus. If that will not work and hosts file will be rewritten, let's try to brainstorm further. My bet is on antivirus. – Alex Belotserkovskiy Apr 22 '16 at 16:09
  • Thanks Alex, same symptoms after take off bitdefender. – juvaone Apr 22 '16 at 20:12
  • @juvaone, i meant Windows Defender as well. Your last answers did not mention that you did this. Is that turned on or off? See here - https://habrastorage.org/files/19e/aa1/6c0/19eaa16c0adb49989f33d2b70abbc12a.PNG – Alex Belotserkovskiy Apr 22 '16 at 20:14
  • Sorry Alex, yes I have disabled Windows Defender – juvaone Apr 22 '16 at 22:02
  • Ok, i discussed the issue with my colleagues. Can you try to disable for a time being task scheduler? Run => services.msc => disable Task Scheduler. Check if that works after an hour, and enable it again regardless of the result - it's doing a lot of useful actions. And the question - is your machine in the corporate domain? – Alex Belotserkovskiy Apr 24 '16 at 10:20
  • I cannot disable Task Scheduler (access denied). Even in administratror mode. My machine is in private domain (windows 10 family). I disable maximum app on windows start (from task panel) and restart windows : same symtom. – juvaone Apr 25 '16 at 10:17
  • @juvaone that is weird. Could you please use Process Monitor again and click twice on the svchost? Window should be opened where you can go to Services pane. Here, should be services that use the file. – Alex Belotserkovskiy Apr 26 '16 at 13:35
0

I finally found the problem. This is the local IP address 192.168.72.128 disrupting windows (assigned by vmware player).

Since I put the address 192.168.1.186, the hosts file is not modified. That said, I have no explanation for this behavior.

Thank you to everyone for your help!

juvaone
  • 11
  • 4
0

BitDefender has an option to protect the hosts file that is on by default. To disable that setting, open the bitdefender application, choose 'Settings', 'Advanced' and disable the option 'Scan hosts file' ('Gastbestand scannen' in Dutch as it was called on my PC)

Marc Selis
  • 763
  • 7
  • 15