Windows Defender now flagging modified HOSTS files as PUPs

by Don Sharpe
Don Sharpe
Don Sharpe
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been... read more
Affiliate Disclosure
  • Windows is now flagging modified HOSTS files that block telemetry as potentially unwanted programs (PUPs).
  • This behavior is probably the result of a recent Windows Defender update.
  • If you'd like to learn more about protecting your PC from different types of threats, go to the Windows Defender section.
  • Don't hesitate to bookmark the Windows 10 page and be among the first to discover feature improvements, security fixes, and more updates available for the OS and Windows 10 applications.
HOSTS files security alert

If you’re considering tinkering with your HOSTS file on Windows 10 to block Microsoft’s telemetry, you may want to reconsider. Otherwise, you may have to deal with a Windows Defender security warning each time you boot your PC or perform a quick virus scan.

Hosts files blocking Windows telemetry flagged as a bug

Windows 10 telemetry helps to improve the user experience. But the technical data has to reach Microsoft servers first. So, it makes sense that Microsoft may not like it when you block the transmission of the diagnostic data by modifying your HOSTS file.

Unsurprisingly, Windows Defender is now flagging modified Hosts files that block telemetry as potentially unwanted programs (PUPs). It appears that the antivirus tool may have started this behavior as recent as July, to the disappointment of many users.

According to one of the affected users on the Microsoft Answers forum, Windows Defender now detects telemetry-blocking HOSTS files as a SettingsModifier:Win32/HostsFileHijack bug.

It even rates the threat as severe.

In addition, the user laments that they keep getting the security warning each they boot their PC.

I keep getting this severe threat detected message on my Windows 10 Pro PC. Windows defender catches it at boot up, says it is quarantined. Then next boot up, it does the same thing.

On the Ten Forums, another user reports that they’re getting the same PUP security alert. The user did modify their HOSTS file as recent as June 15, 2020, by their own admission.

To get to the bottom of the matter, the folks at Bleeping Computer tried modifying the HOSTS file to block Microsoft’s telemetry servers. They couldn’t save the file though.

Instead, they got an error that the specific file contained a bug or potentially unwanted program.

In case you recently modified your Windows 10 HOSTS file, are you getting any security warnings? Let us know via the comments section below.

This article covers:Topics: