Windows 10 users noticed that the security program Microsoft Defender began to respond to the system hosts file if there are registered locks for the OS telemetry servers. Moreover, if earlier this behavior was noted only in the case of viruses that changed the file, now changing the content by the user gives the same effect.
It is important to note that if you try to eliminate the threat using Microsoft Defender, the system will overwrite the hosts, returning it to its original state. And if you try to change the file with administrator privileges and add any of the addresses listed below to it, the system will generate an error.
The list of “prohibited” addresses looks like this:
- (www) .microsoft.com;
- microsoft.com;
- telemetry.microsoft.com;
- wns.notify.windows.com.akadns.net;
- v10-win.vortex.data.microsoft.com.akadns.net;
- us.vortex-win.data.microsoft.com;
- us-v10.events.data.microsoft.com;
- urs.microsoft.com.nsatc.net;
- watson.telemetry.microsoft.com;
- watson.ppe.telemetry.microsoft.com;
- vsgallery.com;
- watson.live.com;
- watson.microsoft.com;
- telemetry.remoteapp.windowsazure.com;
- telemetry.urs.microsoft.com.
It seems that Redmond wants to get telemetry from users’ computers by all means.
More on review