hosts file is updated by some process

Question

I have a problem with C:\Windows\System32\drivers\etc\hosts file. Every half hour or so this file is updated by some process. I have this file opened in notepad++ and I see that some lines are added (entries that used to be used months ago) or it is cleared.

I run process monitor but it does not capture anything at the time the changes happen.

Some other people in my project experience the same behavior.

How to identify the process?

This is not a duplicate of questions such as "The process cannot access the file because it is being used by another process." I am able to access the file.

score 0 · Answer 1 · answered Mar 15 '18 at 08:16

Look at this similar case, both of process monitor and process explorer can be used for your situation.

Windows 10 hosts file used by another process

Run process monitor and configure the filter to watch the hosts file. Run it long enough and you will see everything that changes the file.

Also, you can Go to the hosts file’s Security tab.

Under Groups and users go to the System and edit permissions.

Deny write permissions for the System.

Press OK.

hosts file is updated by some process

1 Answers1