Posted: 2013-12-11 19:29:40
Some anti-virus, anti-sypware/malware, and firewall software lock the Windows Hosts file so no one can edit it (by maintaining an open file-handle with no write share permissions on this file).
The file is –
The most common Hosts file locker is SpyBot Search & Destroy. Others can be: ZoneAlarm, HostsMan, WinPartol, SpywareBlaster, Ad-Aware, etc.
Try to locate the application(s) that are responsible for this, and turn off the Hosts file lock in their settings (or uninstall/remove the application).
With the Advanced Mode active Tools section IE Tweaks section Uncheck: "Lock hosts file as protection against hijackers"
* To make this change, you might need to start Spybot by right-clicking on it, and selecting ‘Run as admin’.
Firewall - Main - Advanced Button - Advanced Settings Uncheck: "Lock Host File"
* You might also need to disable or configure ZoneAlarm’s OSFirewall.
* It is usually necessary to reboot after these modifications.
Aside from unlocking the Hosts file, you’ll also need to make sure changes to this file are not marked as malicious and then undone – by excluding the Hosts file location from scanning.
On Windows 8, open Windows Defender.
On Windows 7 and lower, open Windows Security Essentials.
Settings - Excluded files and locations File locations: (type in...) C:\Windows\System32\drivers\etc\; Click Add, and then Save changes
Settings - Threats & Exclusions - Exclusions - Settings Add - Select file or Folder: C:\Windows\System32\drivers\etc\
* This does not always work under Kaspersky… If the Hosts file is still locked or not editable, try turning off Kaspersky to see if it’s the source of the issue.
Application and Device Control Application Control De-select rule: 'Block modifications to hosts file'
* It might be necessary to reboot after these modifications.
Some firewall, anti-virus, and anti-malware security applications will directly prevent applications and processes such as WampDeveloper Pro (and other WAMP server related applications) from changing the Hosts file.
The process these security applications block (from modifying the Windows Hosts file) should be added to their trusted list or exceptions list…
Add Trusted Process:
Kaspersky Application Control:
How to configure application rules and other resources protection in Kaspersky Internet Security 2014
How to add application or process exclusions in Bitdefender Control Center
How to add exceptions
Symantec Endpoint Protection:
Creating an DNS or Host File Change Exception in Symantec Endpoint Protection Manager 12.1 RU1 MP1 and above
There are free tools you can use to find out who/what is locking this file. They will show you which process is maintaining the lock, and you can infer by the process’s name/path what the application is. Then open the application and go through the application’s settings.
Run from the command-line (right click cmd.exe, select ‘Run as admin’):
handle C:\Windows\System32\Drivers\etc\ handle C:\Windows\System32\Drivers\etc\hosts
Windows Sysinternals Process Explorer
Unlocker (* removed link, seems to have gone with monetizing the website and app with tricking you on clicking “download” ads or installing spyware/crapware; try older “portable” v1.9.0 download at bottom of their page)
1. If you are unable to see this file, change Folder View options to:
show hidden files and folders,
show known file extensions, and NOT
hide protected files.
2. The true HOSTS file path (under all Windows versions) is defined in this Registry key:
3. Howto reset the Hosts file to it’s original default state.
4. If you can’t seem to unlock and unblock the Windows Hosts file, or not able to modify or change the Windows Hosts file, you might need to start turning off the different security software and applications on your system to figure out which one is the culprit.