Bleeping Computer Journalists noticedthat recently Windows 10 and Windows Defender consider the hosts file (C: Windows system32 driver etc hosts) dangerous if it contains settings that block telemetry collection.
According to the publication, since the end of July, the modified hosts file has been identified as posing a threat "SettingsModifier: Win32 / HostsFileHijack". If a user clicks "More" after receiving such a warning, they don't explain anything to him, they just tell him that the file exhibits "potentially unwanted behavior".
If the user agrees to eliminate the "threat", the system will clear the hosts file and return it to its default state. It is also possible to ignore the problem, but this will allow any modifications to hosts in the future, including malicious ones.
Bleeping Computer founder Lawrence Abrams notes that the overall problem with false positives on the hosts file not new, however, in recent weeks, people suddenly began to massively complain about such warnings (1, 2, 3, 4, five).
Abrams writes that he thought it was false positives again, but still ran a few tests. As it turned out, it is enough to block the Microsoft servers collecting telemetry through the hosts file, and then the problems begin. In particular, problems arise when you try to block the following addresses.
Because of this, the specialist came to the conclusion that Microsoft apparently recently updated Defender in such a way that it would detect if the company's servers were added to the hosts file and the user is trying to block the collection of telemetry.
Microsoft has not yet commented on the situation.