HOSTS file blocking telemetry is now flagged as a risk
DrCaleb @ Tue Aug 04, 2020 8:33 am
$1:
Windows 10: HOSTS file blocking telemetry is now flagged as a risk
Starting at the end of July, Microsoft has begun detecting HOSTS files that block Windows 10 telemetry servers as a 'Severe' security risk.
The HOSTS file is a text file located at C:\Windows\system32\driver\etc\HOSTS and can only be edited by a program with Administrator privileges.
This file is used to resolve hostnames to IP addresses without using the Domain Name System (DNS).
This file is commonly used to block a computer from accessing a remote site by assigning host to the 127.0.0.1 or 0.0.0.0 IP address.
For example, if you add the following line to the Windows HOSTS file, it will block users from accessing www.google.com as your browsers will think you are trying to connect to 127.0.0.1, which is the local computer.
127.0.0.1 www.google.com
Microsoft now detects HOSTS files that block Windows telemetry
Since the end of July, Windows 10 users began reporting that Windows Defender had started detecting modified HOSTS files as a 'SettingsModifier:Win32/HostsFileHijack' threat.
When detected, if a user clicks on the 'See details' option, they will simply be shown that they are affected by a 'Settings Modifier' threat and has 'potentially unwanted behavior,' as shown below.
Starting at the end of July, Microsoft has begun detecting HOSTS files that block Windows 10 telemetry servers as a 'Severe' security risk.
The HOSTS file is a text file located at C:\Windows\system32\driver\etc\HOSTS and can only be edited by a program with Administrator privileges.
This file is used to resolve hostnames to IP addresses without using the Domain Name System (DNS).
This file is commonly used to block a computer from accessing a remote site by assigning host to the 127.0.0.1 or 0.0.0.0 IP address.
For example, if you add the following line to the Windows HOSTS file, it will block users from accessing www.google.com as your browsers will think you are trying to connect to 127.0.0.1, which is the local computer.
127.0.0.1 www.google.com
Microsoft now detects HOSTS files that block Windows telemetry
Since the end of July, Windows 10 users began reporting that Windows Defender had started detecting modified HOSTS files as a 'SettingsModifier:Win32/HostsFileHijack' threat.
When detected, if a user clicks on the 'See details' option, they will simply be shown that they are affected by a 'Settings Modifier' threat and has 'potentially unwanted behavior,' as shown below.
https://www.bleepingcomputer.com/news/m ... as-a-risk/
So, choosing not to participate in their information gathering exercise is now a security issue to them.
BartSimpson @ Tue Aug 04, 2020 8:40 am
Funny, I do this all the time.
Tricks @ Tue Aug 04, 2020 9:30 am
Just pihole it. Why do it on a local system when you can do it network wide? And then if you change systems or format or anything, it's still covered.
DrCaleb @ Tue Aug 04, 2020 9:40 am
^^^
I set these routes in my proxy. A proxy allows me so much more flexibility, such as SSL redirection and login black holes for script kiddies.
BartSimpson @ Tue Aug 04, 2020 12:44 pm
Tricks Tricks:
Just pihole it. Why do it on a local system when you can do it network wide? And then if you change systems or format or anything, it's still covered.
Good idea. Thank you!
Tricks @ Tue Aug 04, 2020 1:03 pm
BartSimpson BartSimpson:
Tricks Tricks:
Just pihole it. Why do it on a local system when you can do it network wide? And then if you change systems or format or anything, it's still covered.
Good idea. Thank you!
![[B-o]](./images/smilies/drinkup.gif "Drink up")