Symantec detects suspicious entries in the MVPS HOSTS file
Well here we go again … another security program with a poorly written detection … seems Symantec added a new update SecurityRisk.URLRedir which they describe as “detection for suspicious entries added to the hosts file“
The following entries are (falsely) detected as suspicious:
dl.jiangmin.com
ads.mcafee.com
directads.mcafee.com
sdc.mcafee.com
sdc.ca.com
sdc.mcafee.com
wdcs.trendmicro.com
om.symantec.com
tc.symantec.com
Looks like they are detecting anything related to a Antivirus program regardless of what the entry is … except for “dl.jiangmin.com” which McAfee describes as “Upon execution it connects to “dl.jiangmin.com” and adds “BaiduBar.dll” as Browser Helper Object for the Internet Explorer and installs itself as the toolbar“
The above entries are all legit and should not be removed … if these entries are the only ones detected after a scan, you should set them to Ignore. The “sdc” entries are all 3rd party tracking Cookies from WebTrends. The “om” and “tc” entries are actually 3rd party tracking cookies from Omniture. [more info]
3 Comments »
Filed under: Uncategorized
November 14th, 2007 at 11:19 am
I do not personally use anything Symantec/Norton … the post was in response to several emails I’ve had from users of my HOSTS file about this issue.
November 21st, 2007 at 12:21 am
wait a second …somethin dont make sense here. you say NOT to delete all those ominture. clarity, etc etc entries from the hosts file! #1 how do i keep em off my machine (they obviously broke in already, in order to post themselves in the hosts file. #2 why wouldnt i want to delete ALL tracking cookies, help educate me here..i got about 6 of those that you say cant be removed, what do i have to switch to linux, to fix the prob??? 🙁
November 21st, 2007 at 2:51 am
sambo,
No they did not break in … those entries already existed in the HOSTS file.
re: Tracking Cookies
I never said not to delete those …