Some anti-virus, anti-sypware/malware, and firewall software lock the Windows Hosts file so no one can edit it (by maintaining an open file-handle with no write share permissions on this file).
The file is –
C:\Windows\System32\drivers\etc\hosts
The most common Hosts file locker is SpyBot Search & Destroy. Others can be: ZoneAlarm, HostsMan, WinPartol, SpywareBlaster, Ad-Aware, etc.
Try to locate the application(s) that are responsible for this, and turn off the Hosts file lock in their settings (or uninstall/remove the application).
Unlock the Windows Hosts File
Spybot S&D
With the Advanced Mode active Tools section IE Tweaks section Uncheck: "Lock hosts file as protection against hijackers"
* To make this change, you might need to start Spybot by right-clicking on it, and selecting ‘Run as admin’.
ZoneAlarm
Firewall - Main - Advanced Button - Advanced Settings Uncheck: "Lock Host File"
* You might also need to disable or configure ZoneAlarm’s OSFirewall.
* It is usually necessary to reboot after these modifications.
Exclude the Windows Hosts File From Scans
Aside from unlocking the Hosts file, you’ll also need to make sure changes to this file are not marked as malicious and then undone – by excluding the Hosts file location from scanning.
Windows Defender & Windows Security Essentials
On Windows 8, open Windows Defender.
On Windows 7 and lower, open Windows Security Essentials.
Settings - Excluded files and locations File locations: (type in...) C:\Windows\System32\drivers\etc\; Click Add, and then Save changes
Kaspersky
Settings - Threats & Exclusions - Exclusions - Settings Add - Select file or Folder: C:\Windows\System32\drivers\etc\
* This does not always work under Kaspersky… If the Hosts file is still locked or not editable, try turning off Kaspersky to see if it’s the source of the issue.
Symantec
Application and Device Control Application Control De-select rule: 'Block modifications to hosts file'
* It might be necessary to reboot after these modifications.
Allow Applications To Modify the Windows Hosts File
Some firewall, anti-virus, and anti-malware security applications will directly prevent applications and processes such as WampDeveloper Pro (and other WAMP server related applications) from changing the Hosts file.
The process these security applications block (from modifying the Windows Hosts file) should be added to their trusted list or exceptions list…
Add Trusted Process:
C:\WampDeveloper\WampDeveloper.exe
Kaspersky Application Control:
How to configure application rules and other resources protection in Kaspersky Internet Security 2014
BitDefender Business:
How to add application or process exclusions in Bitdefender Control Center
BitDefender Consumer:
How to add exceptions
Symantec Endpoint Protection:
Creating an DNS or Host File Change Exception in Symantec Endpoint Protection Manager 12.1 RU1 MP1 and above
File and Folder Lock Finders
There are free tools you can use to find out who/what is locking this file. They will show you which process is maintaining the lock, and you can infer by the process’s name/path what the application is. Then open the application and go through the application’s settings.
Handle
Run from the command-line (right click cmd.exe, select ‘Run as admin’):
handle C:\Windows\System32\Drivers\etc\
handle C:\Windows\System32\Drivers\etc\hostsWindows Sysinternals Process Explorer
Unlocker (* removed link, seems to have gone with monetizing the website and app with tricking you on clicking “download” ads or installing spyware/crapware; try older “portable” v1.9.0 download at bottom of their page)
Notes
1. If you are unable to see this file, change Folder View options to: show hidden files and folders, show known file extensions, and NOT hide protected files.
2. The true HOSTS file path (under all Windows versions) is defined in this Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath
3. Howto reset the Hosts file to it’s original default state.
4. If you can’t seem to unlock and unblock the Windows Hosts file, or not able to modify or change the Windows Hosts file, you might need to start turning off the different security software and applications on your system to figure out which one is the culprit.
If you are making edits to the Hosts file, and those changes are not producing any type of effect… It’s very likely that the Hosts file is corrupt in some way, and that is preventing the system from reading and parsing the lines and entries in it.
If this is the case, then you should delete this file (don’t just remove it’s contents), and create a new + empty file in it’s place… Or follow the “reset the Hosts file to it’s original default state” link above.
Just make sure you create and save filename ‘Hosts’ and not ‘Hosts.txt’.
its not change. because there is administrator password activated. please help me.
Right-click on notepad, select ‘Run as administrator’.
A good list of other applications that will tell you what has the Hosts file open is here:
http://superuser.com/questions/399659/how-can-i-identify-what-application-is-using-a-given-file
Oh man, thank you – tried for over an hour to figure out why I couldn’t save or update my hosts file. Turns out it was ZoneAlarm – I’d already tried shutting down the whole program, hadn’t thought to look for a specific setting…
Thanks again!
In my case Zone Alarm was blocking the hosts file. Thanks to your post I could solve it in a minute. Very useful post, thanks!
I must have something wrong. I thought Spywareblaster put many protective entries into the Hosts file, and I’ve been using Spywareblaster for years.
But, on my Win 7 Pro 64-bit machine,
C:\Windows\System32\Drivers\etc\hosts
is in its initial default state, with no effective lines after the default explanation comments.
How can this be?
Your cmd command “handle” is unknown on my system, but “attrib” shows only A, meaning archive, not protected.
What am I getting wrong?
Thanks.
what will happen if I deleted the hosts’ file that has the blocked websites in it will all the websites will be unblocked after deleting the file?
Very valuable this post, saved my life, thank you !!