It seems that when you apply Spybot’s immunization definitions, it will actually remove several items from the HOSTS file (and likely other locations as well).

I suspect that this is due to some sort false-positive white-list, but even then, it should only avoid adding those items to the list; it should not remove items that are already present because it may not have been the one to put them there in the first place. For example, google.com would ostensibly be a false positive in most cases, but if someone chooses to block it, then Spybot must not remove the entry (at least not automatically).

I tried to check the Spybot files to see if there is a list of URLs that Spybot lets through, but it uses a proprietary format so I could not find out, however here is a list of URLs that I have noticed Spybot allows:

  • -h-n7y15mc.firoli-sys.com
  • cloudfront.net
  • www.cloudfront.net
  • one2mail.com
  • www.one2mail.com
  • websearch.com
  • www.websearch.com

One or two of those have been mentioned in the forums as false-positives, a couple have not, and that first one looks outright suspicious, so it is questionable why Spybot would remove it.