Hosts file is detected as malware in Windows Defender

Article ID: 2764944 - View products that this article applies to.
Expand all | Collapse all

Symptoms

Consider the following scenario: 
  • You install Windows 8.
  • You change the Hosts file by specifying custom IP-address-to-host-name mappings to prevent users from browsing to some websites.
  • You run a scan in Microsoft Windows Defender.
In this scenario, the Hosts file is detected as a SettingsModifier:Win32/PossibleHostsFileHijack
(http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=SettingsModifier%3aWin32%2fPossibleHostsFileHijack)
 malware threat by Windows Defender.

Back to the top | Give Feedback

Cause

This issue occurs because Windows Defender may determine incorrectly that the Hosts file was changed by malware, such as adware or spyware. Typically, malware programs change the Hosts file to redirect users to malicious websites. Therefore, Windows Defender may detect the Hosts file as a security threat.
Back to the top | Give Feedback

Resolution

To resolve this issue, exclude the Hosts file from scanning in Windows Defender. To do this, follow these steps:
  1. Open Windows Defender.
  2. On the Settings tab, click Excluded files and locations.
  3. Under File locations, click Browse.
  4. Locate and then click the Hosts file.

    Note By default, the Hosts file is located in the %systemroot%\system32\drivers\etc folder.
  5. Click Add, and then click Save changes.

    Collapse this imageExpand this image
  6. Exit Windows Defender.

Back to the top | Give Feedback

References

For more information about the SettingsModifier:Win32/PossibleHostsFileHijack malware threat, go to the following Microsoft Malware Protection Center encyclopedia entry:

SettingsModifier:Win32/PossibleHostsFileHijack
(http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=SettingsModifier%3aWin32%2fPossibleHostsFileHijack)


For information about how to reset the Hosts file to the default settings, click the following article number to go to the article in the Microsoft Knowledge Base:
972034
(http://support.microsoft.com/kb/972034/ )
How can I reset the Hosts file back to the default?
Back to the top | Give Feedback

Properties

Article ID: 2764944 - Last Review: October 5, 2012 - Revision: 1.0
Applies to
  • Windows 8
  • Windows 8 Pro
  • Windows 8 Enterprise
Keywords: 
kbsurveynew kbprb kbtshoot KB2764944
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top