The hosts file is an old acquaintance for those who have been using Windows for years. This file, located in the path C: \ Windows \ System32 \ driver \ etc \ hosts \ allows many modifications to be made in Windows 10, including blocking telemetry in Windows 10 to prevent Microsoft from spying on your activity within the operating system (always in a manner anonymous). However, now Microsoft has started blocking modifications to the hosts file .
The operation of the hosts file is quite simple. This file, which requires administrator permissions to be edited, is used to resolve domains to IP addresses without using the DNS system. Thanks to this, we can assign an IP address such as 127.0.0.1 or 0.0.0.0 to a web address to prevent our computer from making a connection to it.
For example, if we add the line 127.0.0.1 www.google.es to the hosts file, we will not be able to access Google because our browser will be trying to connect to the address 127.0.0.1, which is the local IP of our computer.
Windows Defender blocks any address with the word “microsoft”
Since the end of July, many users have started to see that Windows Defender detects the modified hosts files as if they were a threat called « SettingsModifier: Win32 / HostsFileHijack «. When you look at the details of the threat, only the degree of alert is shown, the date, and that there is a modification of settings.
The problem is that this is only detected when certain IP addresses are entered. When we introduce some as innocuous as Google.com or similar, there is no problem. However, if we enter 0.0.0.0 www.microsoft.com , then that’s when the alert pops up with Windows Defender.
Thus, it appears that Microsoft has updated Windows Defender to detect when a user has made changes to block addresses that contain the word Microsoft or that are related to Microsoft. From Bleeping Computer they state that entering the following URLs makes Windows Defender jump:
In the event that you tell Windows Defender that you want to eliminate the threat, it will return to the default hosts file without the modifications we have added. If we want to keep the modifications we have made, we can give “allow” this threat, although with this we would be allowing any modification to the file; even malicious ones.
Use a better antivirus
Microsoft appears to be doing this to avoid what programs like O&O ShutUp10 do , which modify the hosts file to block Microsoft’s telemetry addresses. Blocking this type of modification makes sense against malware, since for example an attacker can substitute the IP address of our bank and put one controlled by it so that, when we visit the website, we access the one he controls and not the real one . However, that the antivirus only skips when we enter Microsoft addresses is a pretty dirty move by the company.
Therefore, although Windows Defender has been improving its protection in recent years, it is recommended that you use a better antivirus that does not perform this type of arbitrary blocking to prevent the company from spying on you.