My hosts file uses IP 0.0.0.0 as a redirect for known bad sites to an unresolvable address as a security measure. CIS 2011 Pro scan appears to have picked up each referenced/redirected line in the hosts file as TrojWare.Win32.Qhost.~1459@116242354. Is there a way to prevent this from occurring as this is intended not a virus infection. Complicates the log and makes it more difficult to use the log or clean it up before acting on it’s recommendations.
False positive when using IP 0.0.0.0 as known bad site redirect
If you prefer to watch the hosts file settings yourself, you can add the files to exclusion list or to trusted files list.
Simple solution, I will see how next scan goes.