Symantec detects suspicious entries in the MVPS HOSTS file

Well here we go again ... another security program with a poorly written detection ... seems Symantec added a new update SecurityRisk.URLRedir which they describe as "detection for suspicious entries added to the hosts file"

The following entries are (falsely) detected as suspicious:

dl.jiangmin.com
ads.mcafee.com
directads.mcafee.com
sdc.mcafee.com
sdc.ca.com
sdc.mcafee.com
wdcs.trendmicro.com
om.symantec.com
tc.symantec.com

Looks like they are detecting anything related to a Antivirus program regardless of what the entry is ... except for "dl.jiangmin.com" which McAfee describes as "Upon execution it connects to “dl.jiangmin.com” and adds “BaiduBar.dll” as Browser Helper Object for the Internet Explorer and installs itself as the toolbar"

The above entries are all legit and should not be removed ... if these entries are the only ones detected after a scan, you should set them to Ignore. The "sdc" entries are all 3rd party tracking Cookies from WebTrends. The "om" and "tc" entries are actually 3rd party tracking cookies from Omniture. [more info]

Published Wed, Nov 14 2007 2:08 by winhelp2002

Comments

# Do me a favour - dump Symantec | Spyware News and Information

Wednesday, November 14, 2007 8:04 AM by Do me a favour - dump Symantec | Spyware News and Information

Pingback from  Do me a favour - dump Symantec | Spyware News and Information

# Do me a favour - dump Symantec [Spyware Sucks]

Wednesday, November 14, 2007 8:35 AM by Australian & New Zealand MVPs

Check this out: msmvps.com/.../1309806.aspx I ask you, can you

# re: Symantec detects suspicious entries in the MVPS HOSTS file

Wednesday, November 14, 2007 11:19 AM by Mike (aka: WinHelp2002)

I do not personally use anything Symantec/Norton ... the post was in response to several emails I've had from users of my HOSTS file about this issue.

# re: Symantec detects suspicious entries in the MVPS HOSTS file

Wednesday, November 21, 2007 12:21 AM by 'sambo' reynolds

wait a second ...somethin dont make sense here. you say NOT to delete all those ominture. clarity, etc etc entries from the hosts file! #1 how do i keep em off my machine (they obviously broke in already, in order to post themselves in the hosts file. #2 why wouldnt i want to delete ALL tracking cookies, help educate me here..i got about 6 of those that you say cant be removed, what do i have to switch to linux, to fix the prob??? :-(

# re: Symantec detects suspicious entries in the MVPS HOSTS file

Wednesday, November 21, 2007 2:51 AM by Mike (aka: WinHelp2002)

sambo,

No they did not break in ... those entries already existed in the HOSTS file.

re: Tracking Cookies

I never said not to delete those ...