Microsoft Defender flags hosts files with Microsoft server redirects as malicious

The native antivirus consumer of the Windows 10 working system, Microsoft Defender, has began to flag the hosts file on the system as malicious if it accommodates redirects for sure Microsoft servers.

The hosts file is a straightforward plain textual content designed to redirect connections. Users discover it underneath C:WindowsSystem32driversetchosts on any system and it’s simple sufficient to redirect requests. It has been used for ages to dam identified malicious websites or commercial websites.

All you must do is add redirects within the type of 127.zero.zero.1 www.microsoft.com to the hosts file to redirect requests to the location “www.microsoft.com” on this case to the native laptop. The impact is straightforward: the request is blocked.

With the discharge of Windows 10 got here an elevated Telemetry server blocking utilization. Privacy tools would add identified Telemetry servers to the hosts file to dam connections and thus the transmission of Telemetry knowledge to Microsoft.

As of July 28, 2020, it seems that Microsoft Defender is flagging hosts files as malicious in the event that they include sure redirects. According to Günter Born, the next variations launched the brand new conduct:

  • Antimalware-Clientversion: four.18.2006.10
  • Modulversion: 1.1.17300.four
  • Antiviren-Version: 1.321.144.zero
  • Antispyware-Version: 1.321.144.zero

Microsoft Defender Antivirus flags sure hosts file adjustments as a risk. An try so as to add telemetry.microsoft.com and microsoft.com redirects to 127.zero.zero.1 to the hosts file resulted in Microsoft Defender flagging the file and restoring the unique model.

hosts file microsoft defender

Attempts to avoid wasting the file could show the next notification by Microsoft Defender:

Operation didn’t full efficiently as a result of the file accommodates a virus or doubtlessly undesirable software program.

Restoring of the file didn’t restore the itemizing. Bleeping Computer’s Lawrence Abrahams ran just a few checks and found the next servers that Microsoft Defender flags when they’re added to the hosts file on Windows 10 gadgets.

www.microsoft.com
microsoft.com
telemetry.microsoft.com
wns.notify.home windows.com.akadns.internet
v10-win.vortex.knowledge.microsoft.com.akadns.internet
us.vortex-win.knowledge.microsoft.com
us-v10.occasions.knowledge.microsoft.com
urs.microsoft.com.nsatc.internet
watson.telemetry.microsoft.com
watson.ppe.telemetry.microsoft.com
vsgallery.com
watson.dwell.com
watson.microsoft.com
telemetry.remoteapp.windowsazure.com
telemetry.urs.microsoft.com

It is feasible that different servers can even be seen as a risk by Microsoft Defender. Windows 10 customers could permit the risk in Microsoft Defender, at the least for now, so as to add these redirects to the file once more. The downside with the strategy is that it’ll permit all modifications, even these by malicious software program. Another choice is to show off Microsoft Defender and to begin utilizing a distinct safety answer for Windows.

A false optimistic appears unlikely contemplating that the record of servers contains largely Telemetry servers.

Windows 10 instruments that add entries to the hosts file could also be affected by this negatively. Most privateness instruments that manipulate the hosts file to dam Telemetry will definitely fail so as to add the entries to the hosts file if Microsoft Defender is the resident antivirus answer.

Now You: do you utilize Microsoft Defender or one other safety answer on Windows?

Check Also

VLC 3.3 for Android introduces a massive list of new features

VideoLAN, the maker of the favored VLC Media Player, has launched VLC 3.3 for Android …

Leave a Reply

Your email address will not be published. Required fields are marked *