SettingsModifier:Win32/HostsFileHijack, W Defender

Discussion in 'Security and Anti-Virus Software' started by 6730b, Jul 30, 2020.

  1. 6730b

    6730b Notebook Evangelist

    Reputations:
    773
    Messages:
    605
    Likes Received:
    1,128
    Trophy Points:
    156
    Suddenly Defender finds my hosts file 'severely' dangerous. A quick google search, seems many have experienced this lately. 99.99% sure its false pos from latest definitions, triggered by many entries (lots of MS related domains... :O) Anyone else here ?

    Anyway, tested a hosts copy, very ok, see attachment.
     

    Attached Files:

    Mr. Fox likes this.
  2. Mr. Fox

    Mr. Fox BGA Filth-Hating Elitist

    Reputations:
    34,006
    Messages:
    36,807
    Likes Received:
    61,122
    Trophy Points:
    931
    That's interesting. I will have to re-enable Defender and see if it flags mine as "dangerous" since I have many things (including Micro$lop domains) blocked. It doesn't surprise me though. They have a self-entitlement mindset and are very presumptuous about many things. It is none of their business what I have in my hosts file.
     
    Vasudev likes this.
  3. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    8,997
    Messages:
    10,837
    Likes Received:
    8,140
    Trophy Points:
    931
    Just login into MS defender security intelligence platform and upload your file and await for results. https://www.microsoft.com/en-us/wdsi/filesubmission
    Within 4-8hrs you will get a reply and they'll ask you to update definitions.
     
    Papusan and joluke like this.
  4. 6730b

    6730b Notebook Evangelist

    Reputations:
    773
    Messages:
    605
    Likes Received:
    1,128
    Trophy Points:
    156
    Needs ms account, for sure ain't got that malware :O)
    It's ok in 15 scanners (see attach in 1st post) + malwarebytes, proof enough.

    Am guessing latest defender simply spots lots of entries (5.2k) vs stock hosts (0.8k) and flags it, assuming no pc owner would ever do such a thing (probably true for 99.7644% of users :O)
     
    Vasudev, Papusan and Mr. Fox like this.
  5. 6730b

    6730b Notebook Evangelist

    Reputations:
    773
    Messages:
    605
    Likes Received:
    1,128
    Trophy Points:
    156
    Vasudev, Mr. Fox and Papusan like this.
  6. Mr. Fox

    Mr. Fox BGA Filth-Hating Elitist

    Reputations:
    34,006
    Messages:
    36,807
    Likes Received:
    61,122
    Trophy Points:
    931
    Consumers that take control of the property they own are always a threat to the people that want to control and exploit them. Using Defender to scare them is just one of the scams in their deceitful bag of dirty tricks. They pull the same kind of dishonorable shenanigans with other files that are an impediment to their acts of fraud, deceit and theft. They want everyone to be deaf mute muppets, and the majority probably already are. The rest of us that are not compliant become the enemy. We are a threat because we are a defiant lot that refuse to drink their poisoned Kool-Aid.
     
    joluke, Vasudev and 6730b like this.
  7. 6730b

    6730b Notebook Evangelist

    Reputations:
    773
    Messages:
    605
    Likes Received:
    1,128
    Trophy Points:
    156
    Just a note, out of nowhere, great white father in redmond re-wiped hosts, even after it was set as allowed item (not modified since previous wipe).
    Maybe excluded files is worthy of some respect (see attach.)
     

    Attached Files:

    • def.PNG
      def.PNG
      File size:
      25.1 KB
      Views:
      29
    Vasudev likes this.
  8. jclausius

    jclausius Notebook Virtuoso

    Reputations:
    5,197
    Messages:
    3,164
    Likes Received:
    2,332
    Trophy Points:
    231
    Mr. Fox likes this.

Share This Page