Blocking MS Telemetry in HOSTS File Now Triggers Windows Defender Virus Warning


This web page may well get paid affiliate commissions from the links on this site. Terms of use.

A modern adjust to Microsoft Windows’ developed-in anti-virus scanner, Windows Defender, has remaining the OS throwing untrue positives connected to the HOSTS file. The hosts file can be applied to translate URL names like “” to a unique IP tackle and originated in the pretty early world wide web, at a time when keeping an separately-curated list of legitimate host addresses wasn’t hard to do on a for every-node foundation.

The hosts file can be employed to block malware and spyware web sites but it does so globally and it would make no try to meaningfully evaluate if a website tackle is actually serving malware or unwelcome content. It’s a go / no go filter, and web-sites on the “no go” side of factors are not obtaining accessed.

I have employed hosts file blocking before as element of my possess AV protections and I can verify that whilst you can obtain any quantity of modified hosts files from the net, you generally have to personalize it even further to avoid blocking written content that you want to see. Blocking sure websites will avoid auto-engage in video clips from activating, but it will also prevent you from seeing video you truly want to enjoy shipped around the exact same solutions. Despite the fact that the hosts file is not a widespread malware focus on, it has been made use of as aspect of malware assaults in the past, commonly to deny the finish user the skill to visit protection sites. Though there are no recent illustrations of hosts data files staying abused in this style of which I’m informed, it has transpired in the past.

Several on line resources state Microsoft has modified Home windows Defender so that it especially checks to see if a hosts file has been up-to-date to block Microsoft’s telemetry servers. What’s a little peculiar about this is that the OS has seemingly executed some stage of checking for fairly some time, as evidenced by this Windows eight tale recommending that end users exclude the hosts file from virus scans if they are going to modify it. The issue seems to have gotten even worse or resurfaced only a short while ago, but it was a recognised challenge from 4 years back.

According to BleepingComputer, they edited their personal hosts file in various strategies without the need of provoking an outcry from Home windows Defender ahead of trying to block MS’ telemetry servers. When they did, the hosts file basically refused to help you save, saying they had been infected with SettingsModifier:Gain32/HostsFileHijack:

File by BleepingComputer. Hosts documents are .TXT data files and can not incorporate a virus as these are typically described.

Though you can exclude the hosts file from currently being scanned, this would seem to be to ensure that Microsoft now exclusively checks to see if you are attempting to block its telemetry servers — even while it also bypasses the hosts file and communicates instantly with IP addresses for telemetry functions. The actuality that Home windows facts selection doesn’t count completely on the telemetry servers you can block in the hosts file implies that MS may well have tuned Home windows Defender in an attempt to protect against malware from infecting a procedure in this manner as opposed to intentionally making an attempt to prevent conclusion-buyers from manually blocking telemetry collection.

Sadly, telling a technique just not to scan the hosts file is not a foolproof answer, both. In this occasion, you can prevent MS from yelling at you — but in trade, you will not know if yet another application has modified your hosts file, possibly. Ideally, the OS would note that the hosts file experienced modified and ask the end-consumer if the modify was intentional somewhat than pressure the finish-user to select concerning defending them selves from malware in this manner or not.

The reason I’m not absolutely sure this is a shift intended to raise Microsoft’s facts collection is straightforward: Microsoft’s telemetry collection is not blocked by hosts file alterations, so it’s not crystal clear they’d modify how they take care of the hosts file to make knowledge assortment easier. Most antivirus / antimalware guides never specially suggest a hosts-file primarily based solution, because endless lists of web-sites are a inadequate way to consider to block malware and simply because it’s downright common to stop up customizing your listing to stay away from blocking internet sites you want to be in a position to access.

Both way, you should really be informed that you could see malware detections in times ahead that don’t essentially signify a malware an infection. If you have manually modified your hosts file on-reason, you should really examine to make certain the information hasn’t improved. If it has, tell Home windows Defender to exclude scanning the hosts file in the potential. Guidelines on blocking telemetry selection completely can be observed below. It involves extra than just modifying the hosts file.

Now Examine:

This internet site may well receive affiliate commissions from the links on this page. Conditions of use.

Leave a comment

Your email address will not be published.