Think you're going to block W10 telemetry with your hosts file? Guessagain.

"Microsoft Defender flags hosts files with Microsoft server redirects as
malicious"

The native antivirus client of the Windows 10 operating system,
Microsoft Defender, has started to flag the hosts file on the system as
malicious if it contains redirects for certain Microsoft servers.

The hosts file is a simple plain text designed to redirect connections.
Users find it under C:\Windows\System32\drivers\etc\hosts on any system
and it is easy enough to redirect requests. It has been used for ages to
block known malicious sites or advertisement sites.

All you have to do is add redirects in the form of 127.0.0.1
www.microsoft.com to the hosts file to redirect requests to the site
"www.microsoft.com" in this case to the local computer. The effect is
simple: the request is blocked.
__________________________________________________ _______________________

Full article is he

https://www.ghacks.net/2020/08/04/mi...-as-malicious/

--
John C.

John C. wrote:
"Microsoft Defender flags hosts files with Microsoft server redirects as
malicious"

The native antivirus client of the Windows 10 operating system,
Microsoft Defender, has started to flag the hosts file on the system as
malicious if it contains redirects for certain Microsoft servers.

The hosts file is a simple plain text designed to redirect connections.
Users find it under C:\Windows\System32\drivers\etc\hosts on any system
and it is easy enough to redirect requests. It has been used for ages to
block known malicious sites or advertisement sites.

All you have to do is add redirects in the form of 127.0.0.1
www.microsoft.com to the hosts file to redirect requests to the site
"www.microsoft.com" in this case to the local computer. The effect is
simple: the request is blocked.
__________________________________________________ _______________________

Full article is he

https://www.ghacks.net/2020/08/04/mi...-as-malicious/


That's what the PiHole is for :-)

An external filtration solution should take care of it.

Paul

Paul wrote:

That's what the PiHole is for :-)

I thought Win10 from day one bypassed DNS lookups for the telemetry
servers and had hard-coded IP addresses in the code?

Paul wrote:

John C. wrote:

"Microsoft Defender flags hosts files with Microsoft server redirects as
malicious"
https://www.ghacks.net/2020/08/04/mi...r-flags-hosts-
files-with-microsoft-server-redirects-as-malicious/

That's what the PiHole is for :-)

In Windows 10?

An external filtration solution should take care of it.

Eh?

"John Nomen" wrote

That's what the PiHole is for :-)

| In Windows 10?

I'm guessing that was a joke. You'd need to set up
a network, add a supported Linux system, then set
up PiHole as the DNS server for the whole network.
Not an attractive option and not feasible for most.

An external filtration solution should take care of it.

| Eh?

My old router allowed me to block specific IP addresses.
Oddly, my new router has less options and doesn't seem
to include that one.

I think the solution is really to just get off of Win10.
There aren't many other options, but privacy on 10 is
like putty on a sinking ship. You can go around and patch
holes, but the water is coming in over the top.

Yesterday I was working on setting up a Surface RT
for someone. Not even Win10. 8.1. I sort of knew how
bad it was, but it hadn't really sunk in. I'd never actually
used such a device. The device is a
spyware kiddie tablet (despite having been expensive
to buy) that runs a handful of Microsoft programs and
wants me to sign up at every turn. (I'm still not sure
whether that can even be avoided.) The settings mention
things like my "advertising ID"! I can't install software.
So the only browser available is IE. It's barely worth having
as an emergency device to check email on a trip. For
anything else it's useless. And the mousepad repeatedly
overreacts to hovers or things that might be similar to
a swipe. What a mess!

But I'm guessing that's the intended future for even
Pro Windows -- service apps, ads and spyware. They'll
figure out a way to let you use real software, if you must.
But the growing lockdown is really the key to this. The
less you can access control over the system, the less you
can stop them. Anyone surprised by Win10 tricks has not
been paying attention for the past 5 years.

The recent Congressional hearings seem to
be focussed on monopoly issues, which is fine, but no one's
paying attention to the fact that the entire field of
computing is being converted into locked down spyware
data collectors hosting rental "consumer" services. (Google
tablets and iPads seem to be pretty much the same thing.
After all, Microsoft don't think these things up on their own.)

In article , Mayayana
wrote:

That's what the PiHole is for :-)

| In Windows 10?

I'm guessing that was a joke. You'd need to set up
a network, add a supported Linux system, then set
up PiHole as the DNS server for the whole network.
Not an attractive option and not feasible for most.

actually, it's *very* easy to do on a raspberry pi. it can also be done
in a vm or docker container in win10 or any other os.

John C. posted this:

"Microsoft Defender flags hosts files with Microsoft server redirects as
malicious"

The native antivirus client of the Windows 10 operating system,
Microsoft Defender, has started to flag the hosts file on the system as
malicious if it contains redirects for certain Microsoft servers.

The hosts file is a simple plain text designed to redirect connections.
Users find it under C:\Windows\System32\drivers\etc\hosts on any system
and it is easy enough to redirect requests. It has been used for ages to
block known malicious sites or advertisement sites.

All you have to do is add redirects in the form of 127.0.0.1
www.microsoft.com to the hosts file to redirect requests to the site
"www.microsoft.com" in this case to the local computer. The effect is
simple: the request is blocked.
__________________________________________________ _______________________

Full article is he

https://www.ghacks.net/2020/08/04/mi...hosts-files-wi
th-microsoft-server-redirects-as-malicious/

"Conspiracy theories"... "Conspiracy theories"... Everywhere "Conspiracy
theories"...

While working (or playing) in Windows 10 go through Start Settings
Update & Security Windows Security Virus & threat protection select
Manage settings under Exclusions, select Add or remove exclusions
select Add an exclusion select from files, folders, file types, or
process

Navigate to the targeted desired exclusion...

To wit: C:\Windows\System32\Drivers\etc\hosts

Bahdda bing; bahdda bume!


While Democrats, Liberals, Anarchists, Socialists, Hollywood Elitists, and
our decadent Fake News Media will likely bemoan about this being
unconstitutional and a betrayal of our oath of office, or violation of the
TOS, or "putting your own interests above the interests of our country",
you can safely ignore the rhetorical din and proceed like a rational,
reasonable human being with a core set of human values which are not
muddled by a Freudian level of 'Trump Derangement Syndrome' which is
alternately directed at Microsoft and/or Windows as a self-inflicted
substitute object from an inculcated, imprinted, and ingrained habitual
paradigm...

Hope this helps.

--

I AM Bucky Breeder, (*(^;

Resolve conflicts the American way :

Rock - Paper - Scissors - Bitch on the Interwebs

.... and I approve this message!

Andy Burns wrote:
Paul wrote:

That's what the PiHole is for :-)

I thought Win10 from day one bypassed DNS lookups for the telemetry
servers and had hard-coded IP addresses in the code?

Sure. This WD thing is just belt and suspenders,
because even before WD developed this new habit,
the HOSTS file would not actually be blocking
vortex or any of its friends.

And while there was the threat of Microsoft using "raw IP",
I don't know if anyone has observed this (a "response" by the
OS under threat of blockade) and documented it.
Maybe they did and I've just forgotten.

I have seen (in TCPView) Windows 10 using IPs that don't
have a reverse lookup, but that could be just as much a
DNS problem on my end as anything else. And that was on
a system where no attempt was made to block anything.

*******

That's why I made the comment about PiHole. Just
like Ripley and "Nuke it from orbit. It's the only way to be sure",
if you want to be absolutely sure of your blockade,
implement it externally.

You can't trust the OS, further than you can throw it.

When you use GPEDIT, and use the two controls to disable
Windows Defender, well, guess what ? It's still doing ****.
It just doesn't use cycles (it's careful to not climb
too high in the Task Manager display).

And if you really don't like this OS, why use it ?

I keep this OS as a pet. It's not a daily driver.

And it sure makes a mess as a pet. The other day, I
took a short nap while an experiment was running. When
I got back, I discovered the machine had rebooted
(it wanted to install an update and it was quite
insistent), and my experiment was ruined. Like any pet,
you have to expect a little poo on the carpet every
once in a while. I had a backup and that's why I didn't
take a 2x4 to my pet. And it wasn't a Macrium backup.
It was something which was inherently a backup and
wasn't intended as a backup, and I used it as a
backup. Then I ran a verify to make sure I didn't
screw up, and the MD5 sums came back the same, so
all was forgiven.

Paul

"John C." wrote:

"Microsoft Defender flags hosts files with Microsoft server redirects as
malicious"

The native antivirus client of the Windows 10 operating system,
Microsoft Defender, has started to flag the hosts file on the system as
malicious if it contains redirects for certain Microsoft servers.

The hosts file is a simple plain text designed to redirect connections.
Users find it under C:\Windows\System32\drivers\etc\hosts on any system
and it is easy enough to redirect requests. It has been used for ages to
block known malicious sites or advertisement sites.

All you have to do is add redirects in the form of 127.0.0.1
www.microsoft.com to the hosts file to redirect requests to the site
"www.microsoft.com" in this case to the local computer. The effect is
simple: the request is blocked.
__________________________________________________ _______________________

Full article is he

https://www.ghacks.net/2020/08/04/mi...-as-malicious/

There are embedded IP addresses in Windows for Microsoft servers that
never have to go through a lookup (in a hosts file or via DNS). Lookups
are only needed when a hostname is given (which humans prefer) to
convert to an IP address (what computers demand). ANY process that uses
an IP address circumvents any lookups.

Rare few users lockdown their hosts file. That means malware can add,
delete, or modify its entries. Instead of redirecting (back to
localhost which is an old trick but still requires lookups), why not use
a 3rd party firewall that lets you block connects to specific hosts,
domains, or IP addresses. Some anti-virus software (e.g., Avast) and
routers have a URL block feature, too. Instead of redirecting, do
blocking.

Mayayana wrote:

John Nomen wrote
Paul wrote:

That's what the PiHole is for :-)

In Windows 10?

I'm guessing that was a joke.

Ah, a Linux joke.

You'd need to set up a network, add a supported Linux
system, then set up PiHole as the DNS server for the
whole network. Not an attractive option and not feasible
for most.

Not for me unless led by the hand

An external filtration solution should take care of it.

Eh?

I think the solution is really to just get off of Win10.
There aren't many other options, but privacy on 10 is
like putty on a sinking ship. You can go around and patch
holes, but the water is coming in over the top.

I do feel like ditching Windows 10. I liked XP, and 7
was ok, but this one frustrates and annoys me at every
turn.

Its latest wheeze is tell me to activate Windows which I
have paid for it, already actvated it and used for some
weeks.

My firewall told me that SLUI wanted to 'phone out. Aha,
I thought, that's something to do with Activation, so I
denied it: I don't want Microsoft continually checking
whether I've paid for it. Sure enough, a couple of days
later comes the watermark: "Activate Windows". I've been
through all the hoops, telephoned, but nothing doing. It
won't let me re-enter my valid product key because some-
one is already using it!

Bucky Breeder wrote:

"Conspiracy theories"... "Conspiracy theories"... Everywhere "Conspiracy
theories"...

I don't think you can deny that Windows 10 is spyware and a forensic
tool. A few years ago, Ira Rubenstein, a Microsoft attorney, wrote:
"Any time that you're developing a new product, you will be working
closely with the NSA." With Windows 10, Microsoft has gone overboard.

While working (or playing) in Windows 10 go through Start Settings
Update & Security Windows Security Virus & threat protection select
Manage settings under Exclusions, select Add or remove exclusions
select Add an exclusion select from files, folders, file types, or
process

Navigate to [...] C:\Windows\System32\Drivers\etc\hosts

Hope this helps.

Done, thank you. But how long before Microsoft 'fixes' that?

John Nomen wrote:
Mayayana wrote:

John Nomen wrote
Paul wrote:

That's what the PiHole is for :-)

In Windows 10?

I'm guessing that was a joke.

Ah, a Linux joke.

You'd need to set up a network, add a supported Linux
system, then set up PiHole as the DNS server for the
whole network. Not an attractive option and not feasible
for most.

Not for me unless led by the hand

An external filtration solution should take care of it.

Eh?

I think the solution is really to just get off of Win10.
There aren't many other options, but privacy on 10 is
like putty on a sinking ship. You can go around and patch
holes, but the water is coming in over the top.

I do feel like ditching Windows 10. I liked XP, and 7
was ok, but this one frustrates and annoys me at every
turn.

Its latest wheeze is tell me to activate Windows which I
have paid for it, already actvated it and used for some
weeks.

My firewall told me that SLUI wanted to 'phone out. Aha,
I thought, that's something to do with Activation, so I
denied it: I don't want Microsoft continually checking
whether I've paid for it. Sure enough, a couple of days
later comes the watermark: "Activate Windows". I've been
through all the hoops, telephoned, but nothing doing. It
won't let me re-enter my valid product key because some-
one is already using it!

https://www.itprotoday.com/mobile-ma...-phone-command

slui X

1 - Show activation status
2 - Activation via the Internet
3 - Prompt for a new key
4 - Launch activation via phone
5 - Prompt for activation and show all methods except Internet
6 - Launch activation wizard
7 - Prompt for activation emulating last day to activate

Support by phone is available for activation issues. A touchtone
phone is required for the 56 digit challenge-response key entry,
then the system should (eventually) revert to a human operator,
assuming you're in the right country for the phone number it used.
It should geolocate, give a number suitable for that country,
an operator in that country picks up and so on. If you used a VPN
to carry out this procedure, you're not going to get help.

https://www.sevenforums.com/tutorial...s-7-phone.html

Option 4 here is similar, but some of the instructions in the Win7 one
may be used if you need that human operator to come on the line later.

https://www.tenforums.com/tutorials/...a.html#option4

I've had to use the 56 digit challenge and 56 digit response method
on the laptop, when reinstalling Retail Windows 7 in place of Acer Windows 7
and using the COA sticker key provided for the purpose. And that succeeded
so no human was needed. In the days of POTS phones, the CallID seen
at the MSFT end was part of assuring the key wasn't stolen and used
in some other country.

I don't expect in your case for it to work, but getting a human
to generate an activation code manually, may work. The operator
on the MSFT end, should be able to see your hardware hash hasn't
changed, for the key you're using, and then there's no reason not
to generate an activation code. (Which could be 56 digits as well
for all I know.) Checking your NIC MAC value, should be
sufficient for them to see it's the same machine.

On a laptop, it would be pretty hard to tip over the hardware hash.
You could change from a 2-core to a 4-core processor, by buying
a replacement on the Internet and installing it. Changing the
memory from 4GB to 8GB, that change should not cost enough
demerits to break anything. The NIC MAC value (in hardware),
counts for a lot. In the past, there was at least one motherboard
that was malleable enough, you could change the declared MAC value,
and then your goose is cooked. If you did that for some reason,
you would tell the human operator "it's a replacement motherboard
after a hardware failure", rather than explaining you were a hacker
in need of a hobby.

You're following this procedure to get to the right person
to fix this. I don't expect the challenge-response to work.
But it should make the phone ring on their end, for the
free help.

Paul