The director who trusted the agent, while local admins edited the hosts file and the resolver out of the loop

A director I worked with rolled out an endpoint DNS filter, watched the block-count dashboard climb for two weeks, and reported the project closed to his board. The assumption underneath that report was the fatal one: that deploying the agent and enforcing the policy are the same act. They are not. He left every laptop with a standing local administrator account and the network adapter's DNS settings wide open, so the agent ran in plain sight of the exact people best equipped to walk around it.

The first bypass did not come from the marketing intern. It came from two senior platform engineers who needed a blocked package mirror, found the agent inconvenient, and fixed their own problem in about four minutes.

The classic bypasses: hosts file, manual resolver, agent kill

There are three moves, and every technical user knows at least one. Edit C:\Windows\System32\drivers\etc\hosts to pin a domain to a raw IP and the resolver never gets consulted. Switch the adapter's DNS servers from your filtered resolver to 1.1.1.1 or 8.8.8.8 and the agent's policy no longer governs where the query goes. Or stop the service outright with sc stop, kill the process, and disable the scheduled task that would restart it.

The encrypted variants are quieter. A browser with DNS-over-HTTPS turned on resolves names inside a TLS session to a public provider, and your network-level filter sees one more HTTPS connection to a CDN. Some clients now strip the SNI from the ClientHello as well, so even hostname-based inspection has nothing left to read. If your enforcement lives only at the resolver and the user controls the resolver, none of this is hard.

Why local admin is the enemy of enforcement

A local administrator can edit the hosts file, rewrite adapter settings, stop services, and uninstall agents. That is not a misconfiguration of your filter; it is the definition of the role. Every control you deploy on that machine is advisory to the person holding it. The honest fix is removing standing local-admin rights for daily accounts and brokering elevation through a request flow, which collapses most of these bypasses before tamper resistance even enters the conversation.

The compliance argument helps you make that case internally. The NIS2 Implementing Regulation, in force since October 2024, names DNS-level filtering as a technical measure and expects it to be operated and documented, not merely installed. "We turned it on" is not a control an auditor credits if any user can turn it off.

Tamper resistance and protected DNS configuration

Enforcement means the agent survives a motivated local user. Run the filtering service as a protected, non-stoppable process, block uninstall without an admin-issued token, and watchdog-restart it if it dies. The DNS configuration itself has to be locked too. Pin the adapter's resolver through managed policy so a manual override reverts, block outbound port 53 and DoH/DoT egress to everything except your resolver, and treat the hosts file as a monitored, ideally protected, object. A filter the user cannot stop, pointed at a resolver the user cannot change, is the difference between a control and a suggestion.

Detecting and alerting on bypass attempts

You will not block every path on day one, so instrument the attempts. These signals are specific and worth alerting on:

A bypass is rarely a one-off. The same handful of people generate the events, and the pattern tells you who to talk to before it spreads across a team.

Closing the gap without a war with power users

Your engineers are not adversaries; they are people with a real need and the skill to satisfy it themselves. Fight that with surprise blocks and you breed resentment and more creative evasion. Give them a fast, logged exception path so the legitimate package mirror gets unblocked in minutes through a request rather than a hosts-file edit. Enforce hard on the categories with no defensible business case, and stay visibly reasonable on the gray ones. Make compliance the path of least resistance instead of trying to win an arms race against your most capable staff.

ClearScreen runs as a tamper-resistant agent with a pinned resolver and alerts on stop, uninstall, hosts-file, and off-resolver events, and each customer tenant maps to its own policy group, so an Engineering Pilot can carry a lighter profile and a working exception flow while Corporate Standard stays strict. See how the enforcement and tamper controls fit together on the features page.