Microsoft now flags HOSTS files that block Windows 10 telemetry servers as ‘Severe’ security risk

0

Microsoft from the end of July 2020 has started to flag HOSTS files that block Windows 10 telemetry servers as ‘Severe’ security risk

All the Windows users know that the company provides an in-built antivirus client of the Windows 10 operating system which is known as Microsoft Defender. This service of the company has now started to flag the hosts’ file on the system as malicious if it contains redirects for certain Microsoft servers.

The hosts file is a plain text file that maps hostnames to IP addresses. This file has been in use since the time of ARPANET. It was the original method to resolve hostnames to a specific IP address. The hosts’ file is usually the first process in the domain name resolution procedure. Mainly you can find it under C:\Windows\System32\drivers\etc\hosts on any system and it is easy enough to redirect requests. It has been used for ages to block known malicious sites or advertisement sites.

Since the end of July 2020, Windows 10 users have begun reporting that the native Windows Defender has started detecting modified HOSTS files as a ‘SettingsModifier: Win32/HostsFileHijack’ threat.

According to Bleeping Computer, Microsoft Defender detecting HOSTS hijacks is not new, it was strange to see so many people suddenly reporting the detection [12345].

Going further the Lawrence Abrahams owner of BleepingComputer.com ran a few tests and discovered the following servers that Microsoft Defender flags when they are added to the hosts’ file on Windows 10 devices.

  • www.microsoft.com
  • microsoft.com
  • telemetry.microsoft.com
  • wns.notify.windows.com.akadns.net
  • v10-win.vortex.data.microsoft.com.akadns.net
  • us.vortex-win.data.microsoft.com
  • us-v10.events.data.microsoft.com
  • urs.microsoft.com.nsatc.net
  • watson.telemetry.microsoft.com
  • watson.ppe.telemetry.microsoft.com
  • vsgallery.com
  • watson.live.com
  • watson.microsoft.com
  • telemetry.remoteapp.windowsazure.com
  • telemetry.urs.microsoft.com

Modifying your hosts’ file enables you to override the domain name system (DNS) for a domain on a specific machine. DNS management is useful when you want to test your site without the test link prior to going live with SSL, verify that an alias site works prior to DNS changes, and for other DNS-related reasons.

Windows 10 tools that add entries to the hosts’ file may be affected by this negatively. Most privacy tools that manipulate the hosts’ file to block Telemetry will certainly fail to add the entries to the hosts file if Microsoft Defender is the resident antivirus solution.

Well, now the Windows 10 users who wish to modify their HOSTS file can allow this ‘threat,’ but note that it will allow all HOSTS modifications, even malicious ones. So only allow the threat if you 100% understand the risks involved in doing so.

For more news on tech and cybersecurity stay tuned on Android Rookies by subscribing to our newsletter from here.

Share.

About Author

Be Ready for the challenge

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments