HostsFileHijack : Microsoft Defender falsely reports you are infected if you try and block Microsoft telemetry and ads

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Editing your host file is one way to block Microsoft telemetry and Microsoft-delivered ads on Windows, and it turns out Microsoft is not too happy with it.

The latest versions of Microsoft Defender for Windows 10 will detect if you are adding entries to your host file which would block Microsoft’s servers and refuse to allow you to save the file, claiming it is a severe security risk.

In fact Microsoft will claim you are infected with “SettingsModifier:Win32/HostsFileHijack”, which a Google search reveals has caused several users to panic and believe they have a virus.

e.g.:

I do not have Malwarebytes installed, just Windows Security Defender complaining about SettingsModifier:Win32/HostsFileHijack.

I also do not know if it’s related or not, but I got the popup right after launching the game SUPERHOT MIND CONTROL DELETE.

I actually know what is the HOST file (a bunch of DNS to IP forwarding), so I was curious how the infection was modifying it which could give me information on what is wrong. So I “allowed” the threat via Windows Defender and strangely the file remained the same (with just the default 127.0.0.1 and ::1 to localhost lines). I then asked it to “clean” the threat again, and the HOST file content never changed.

With Microsoft weaving Microsoft Defender ever more deeply into Windows, it does bring to mind the question of who actually controls the PC you are using.

What do our readers think of this development? Let us know below.

via WindowsLatest

User forum

0 messages