Pi-hole and heuristic malware detection


#1

I’m very pleased with how pi-hole performs both on my local network and with an openvpn server on my router. I also run malwarebytes and comcast-supplied norton internet security. They both employ some form of “heuristic” analysis to try to detect malware. I’m pretty uneducated about how all that works so forgive me if my question is a bit ignorant, but I’m wondering if the blocking performed by pi-hole might on occasion interfere with “heuristic” detection of malware.
For example, if the heuristic consists of watching for some program calling out to some location, but pi-hole blocks this, would the antivirus/antimalware be rendered blind to the malware? As I said, I’m quite happy with pi-hole’s performance and also haven’t seen any signs of the above concern. Just asking.
Any thoughts?


#2

There shouldn’t be any issues. The DNS lookup still happens, but for blocked domains the query returns the IP of the Pi-hole instead of the actual IP from the record. So the heuristics would still see the query happen. I’m not sure if that is part of the detection process, but if it were there would be no interference caused by using Pi-hole as your DNS server.