Blocking telemetry in Windows 10 using the hosts file is now flagged as a security risk


Reaction score
It has become known that Windows Defender has begun to identify modified hosts files and identify them as a security risk if they are used to block telemetry servers. According to network sources, since the end of July, modified hosts files began to be detected by the built-in Microsoft antivirus as a threat “SettingsModifier:Win32/HostsFileHijack”.

The hosts text file can be found at C:\Windows\system32\driver\etc\hosts. It is used to resolve character domain names to IP addresses without using the DNS domain name system. To edit this file you must have administrator rights. The hosts file is usually used to block access from a computer to some remote resource by assigning the host an IP address of or

Recently, Windows Defender began checking the contents of the hosts file and notifying the user of a security risk if it is used to block Windows 10 telemetry servers. The source notes that the information received from users was verified, and Windows Defender did report the problem as soon as the file hosts telemetry servers have been added. After detecting a problem, Windows Defender offers to fix it. If the user agrees with this, then the hosts file will simply be restored to its original form and saved.

Most likely, changes to the operation of the built-in antivirus were made along with one of the recent updates. Users who intentionally modify the hosts file can skip the threat notification, agreeing to the potential risks.