Can Symantec please re-evaluate why NIS is removing rads.mcafee.com from my HOSTS file.
Why is Symantec wishing to remove an entry I purposely have in my HOSTS file for BLOCKING access to this site?
I have this address BLOCKED in my HOSTS file and NIS 2011/NIS2012 continues in wishing to remove the entry altogether from my HOSTS file whenever it scans. I realize I can exclude/remove the entry from my HOSTS file so NIS stops detecting it, or I can just have NIS ignore the HOSTS entry. I have this HOSTS file entry pointing to a non-existant IP address "127.0.0.1"so access to "rads.mcafee.com" is blocked.
Norton scans the Hosts file and appears to be mistaking this entry for a malicious redirect designed to prevent access to security vendor, McAfee. These detections are classified as SecurityRisk.URLRedir. If you want to exclude scans for this class of threat, open Norton Computer Settings, Antivirus and SONAR Exclusions and click Configure [+] for Signatures to Exclude from all Detections. Click Add to populate the Signature Exclusions box. Once the list appears, select Security Risks in the dropdown box, scroll down and select SecurityRisk.URLRedir and click the Add button.
A word of caution: On my machine populating the list, and getting a usable dropdown box and buttons takes a very long time for some reason (NIS 2011 was nowhere near this slow). Everything you click will seem unresponsive, but if you are patient, and don't doze off, the selected stuff eventually shows up.
So could or should this be classified as a bug? I do understand completely on just how to go about excluding this one item... but I don't understand why Symantec isn't looking into this. Can someone at Symantec chime in?
I'm just not understanding WHY NIS is identifying this one SINGLE entry out of the thousands of other HOSTS entries I have in my HOSTS file. Shouldn't Symantec look into this?
"The entries typically redirect security or operating system related URLs to the local host or to a malicious IP address. This technique is used to prevent access to security-related and operating system update sites."
I'm guessing Norton is considering the attempt to thwart a connection to McAfee as most likely malicious, rather than a user preference. In order to detect malicious tampering involving security-related sites in the Hosts file, you really can't make a global exception in the detection keywords for a biggie like "mcafee.com."
In my screen shot... should I not just be able to click on options and simply exclude that one single detection for rads.mcafee.com only and then restore it? Or, would this in turn exclude the whole SecurityRisk.URLRedir category the same way you mentioned excluding detection in Sonar Exclusion settings?
If you want to block this site there is much easier way to do it, if you use a domain name service you can set which sites you want to block and actually set this up at the router level so that all machines on your network will not have access to it. There are a lot of domain name services that are free, one of which is Norton DNS. You can find out more about it here https://dns.norton.com
I'm not sure if you can just exclude rads.mcafee.com or whether you would need to exclude the whole threat category. I'm guessing that just excluding the one site may not work, but you can certainly give it a try and see.
Can Symantec please re-evaluate why NIS is removing rads.mcafee.com from my HOSTS file.