Windows 10 diagnostic data, which Microsoft collects in encrypted form, is necessary to identify security problems, as well as analyze and fix various kinds of errors. However, users often block telemetry, considering the collection of diagnostic data to be Microsoft’s espionage. Now it became known that attempts to block telemetry servers using the hosts file are diagnosed by Microsoft Defender as a serious security threat.
Network sources say that the company has made changes to the built-in Microsoft Defender antivirus used in Windows 10. It will now warn of a serious security threat if an attempt to block telemetry servers through the hosts file is recorded. Recall that the hosts file contains a database of domain names and is used when translating them into network addresses of web sites.
If you try to edit the hosts file to block telemetry servers, Windows Defender will not allow saving the changes and will display a corresponding warning “SettingsModifier: win32 / HostsFileHijack”. This is classified as a serious security risk, so the modified hosts file cannot be saved until the user rejects the antivirus message.
It looks like Microsoft is using the editing protection feature of the hosts file to prevent users from trying to disable telemetry. Additionally, hosts files can be used by attackers to infect computers with malware, and Microsoft wants the user to see when the hosts content changes.
If you notice an error, select it with the mouse and press CTRL + ENTER.