Symantec detects suspicious entries in the MVPS HOSTS file

Well here we go again … another security program with a poorly written detection … seems Symantec added a new update SecurityRisk.URLRedir which they describe as “detection for suspicious entries added to the hosts file


The following entries are (falsely) detected as suspicious:


dl.jiangmin.com
ads.mcafee.com
directads.mcafee.com
sdc.mcafee.com
sdc.ca.com
sdc.mcafee.com
wdcs.trendmicro.com
om.symantec.com
tc.symantec.com


Looks like they are detecting anything related to a Antivirus program regardless of what the entry is … except for “dl.jiangmin.com” which McAfee describes as “Upon execution it connects to “dl.jiangmin.com” and adds “BaiduBar.dll” as Browser Helper Object for the Internet Explorer and installs itself as the toolbar


The above entries are all legit and should not be removed … if these entries are the only ones detected after a scan, you should set them to Ignore. The “sdc” entries are all 3rd party tracking Cookies from WebTrends. The “om” and “tc” entries are actually 3rd party tracking cookies from Omniture. [more info]



3 Responses to “Symantec detects suspicious entries in the MVPS HOSTS file”

  1. I do not personally use anything Symantec/Norton … the post was in response to several emails I’ve had from users of my HOSTS file about this issue.

  2. wait a second …somethin dont make sense here. you say NOT to delete all those ominture. clarity, etc etc entries from the hosts file! #1 how do i keep em off my machine (they obviously broke in already, in order to post themselves in the hosts file. #2 why wouldnt i want to delete ALL tracking cookies, help educate me here..i got about 6 of those that you say cant be removed, what do i have to switch to linux, to fix the prob??? 🙁

  3. sambo,
    No they did not break in … those entries already existed in the HOSTS file.

    re: Tracking Cookies
    I never said not to delete those …